Potential malicious VBS script found (has network functionality)
Contains functionality to dynamically determine API calls
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)