Multi AV Scanner detection for submitted file |
AV Detection |
|
.NET source code contains potential unpacker |
Data Obfuscation |
|
.NET source code contains very large strings |
System Summary |
|
Reads the Security eventlog |
Spam, unwanted Advertisements and Ransom Demands |
|
Reads the System eventlog |
Spam, unwanted Advertisements and Ransom Demands |
|
Allocates memory with a write watch (potentially for evading sandboxes) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Enables debug privileges |
Anti Debugging |
|
Found a high number of Window / User specific system calls (may be a loop to detect user behavior) |
Malware Analysis System Evasion |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
Uses 32bit PE files |
Compliance, System Summary |
|
.NET source code contains long base64-encoded strings |
System Summary |
Obfuscated Files or Information
|
Creates guard pages, often used to prevent reverse engineering and debugging |
Anti Debugging |
|
Creates mutexes |
System Summary |
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Parts of this applications are using the .NET runtime (Probably coded in C#) |
System Summary |
|
Queries a list of all running processes |
Malware Analysis System Evasion |
|
Queries the cryptographic machine GUID |
Language, Device and Operating System Detection |
|
Reads software policies |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
Uses an in-process (OLE) Automation server |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file contains a COM descriptor data directory |
System Summary |
|
Uses Microsoft Silverlight |
System Summary |
|