r14836901-5B4A-.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
Entropy: |
7.734793050921482
|
Filename: |
r14836901-5B4A-.exe
|
Filesize: |
266702
|
MD5: |
d5867544e7fb701fb71e72cf8caf8df8
|
SHA1: |
4d4d42bb8a49013f6804e5c21d35fd8da6d141b2
|
SHA256: |
d8d23e874918f7f77e8ac832e69adef1bda5244e403364a6ad5cb18e8ecbcb5e
|
SHA512: |
44ab53efcbee2fd11307edb5c7d4a24584bdf99232172cd25917f05fac52036dcdd2eafcfaf4342a33dbd1fcd643126232ef3ed10726003d45bc353907b544de
|
SSDEEP: |
6144:eF8PG/65u7vsPKtMLdFKZijQyxnosyxr8J9eYzFpD:/Pq7EwMKZijQyxbewFp
|
Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...z..Y.................d...|.....
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Submitted sample is a known malware sample |
System Summary |
Access Token Manipulation
|
Maps a DLL or memory area into another process |
HIPS / PFW / Operating System Protection Evasion |
|
Mass process execution to delay analysis |
Malware Analysis System Evasion |
|
Obfuscated command line found |
Data Obfuscation |
Command and Scripting Interpreter
|
Sample uses process hollowing technique |
HIPS / PFW / Operating System Protection Evasion |
|
Switches to a custom stack to bypass stack traces |
Malware Analysis System Evasion |
Access Token Manipulation
Security Software Discovery
System Information Discovery
|
Checks if the current process is being debugged |
Anti Debugging |
Virtualization/Sandbox Evasion
|
Contains functionality for execution timing, often used to detect debuggers |
Malware Analysis System Evasion, Anti Debugging |
|
Contains functionality for read data from the clipboard |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress) |
Anti Debugging |
|
Contains functionality to call native functions |
System Summary |
|
Contains functionality to dynamically determine API calls |
Data Obfuscation, Anti Debugging |
|
Contains functionality to read the PEB |
Anti Debugging |
Access Token Manipulation
|
Contains functionality to shutdown / reboot the system |
System Summary |
Access Token Manipulation
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Detected potential crypto function |
System Summary |
Access Token Manipulation
|
Drops PE files |
Persistence and Installation Behavior |
Access Token Manipulation
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Found large amount of non-executed APIs |
Malware Analysis System Evasion |
Access Token Manipulation
|
Found potential string decryption / allocating functions |
System Summary |
Deobfuscate/Decode Files or Information
Obfuscated Files or Information
|
May sleep (evasive loops) to hinder dynamic analysis |
Malware Analysis System Evasion |
|
Sample file is different than original file name gathered from version info |
System Summary |
Access Token Manipulation
|
Shows file infection / information gathering behavior (enumerates multiple directory for files) |
Spreading, Stealing of Sensitive Information |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Uses code obfuscation techniques (call, push, ret) |
Data Obfuscation |
|
Contains functionality to adjust token privileges (e.g. debug / backup) |
System Summary |
Access Token Manipulation
|
Contains functionality to check free disk space |
System Summary |
|
Contains functionality to enumerate / list files inside a directory |
Spreading, Malware Analysis System Evasion |
|
Contains functionality to instantiate COM classes |
System Summary |
Access Token Manipulation
|
Contains functionality to query windows version |
Language, Device and Operating System Detection |
|
Creates files inside the program directory |
System Summary |
|
Creates files inside the user directory |
System Summary |
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Enumerates the file system |
Spreading, Malware Analysis System Evasion |
File and Directory Discovery
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
|
PE file has an executable .text section and no other executable section |
System Summary |
Access Token Manipulation
|
Program exit points |
Malware Analysis System Evasion |
|
Queries a list of all running processes |
Malware Analysis System Evasion |
|
Reads ini files |
System Summary |
|
Reads software policies |
System Summary |
Access Token Manipulation
|
Sample is known by Antivirus |
System Summary |
Access Token Manipulation
|
Sample reads its own file content |
System Summary |
Access Token Manipulation
|
Tries to load missing DLLs |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
Uses an in-process (OLE) Automation server |
System Summary |
Access Token Manipulation
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
|
C:\Users\user\AppData\Local\Temp\nsv4882.tmp\BgImage.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\nsv4882.tmp\BgImage.dll
|
Category: |
dropped
|
Dump: |
BgImage.dll.0.dr
|
ID: |
dr_10
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
5.1850294262777945
|
Encrypted: |
false
|
Ssdeep: |
96:8eD0AKTIfv7QCUsthvNL85s4lk38Eb3CDfvEh8uLzqkznLiEQjJ3KxkP:tZBfjbUA/85q3wEh8uLmaLpmP
|
Size: |
7680
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\nsv4882.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\nsv4882.tmp\System.dll
|
Category: |
dropped
|
Dump: |
System.dll.0.dr
|
ID: |
dr_21
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
5.76781505116372
|
Encrypted: |
false
|
Ssdeep: |
192:MPtkumJX7zBE2kGwfy9S9VkPsFQ1Mx1c:97O2k5q9wA1Mxa
|
Size: |
11264
|
Whitelisted: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\nsv4882.tmp\nsExec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\nsv4882.tmp\nsExec.dll
|
Category: |
dropped
|
Dump: |
nsExec.dll.0.dr
|
ID: |
dr_20
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
4.994818958746835
|
Encrypted: |
false
|
Ssdeep: |
96:f7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNPS3e:zXhHR0aTQN4gRHdMqJVgNPR
|
Size: |
6656
|
Whitelisted: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Fdselsoverskuds.Nsk
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Fdselsoverskuds.Nsk
|
Category: |
dropped
|
Dump: |
Fdselsoverskuds.Nsk.0.dr
|
ID: |
dr_13
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
ASCII text, with very long lines (65536), with no line terminators
|
Entropy: |
2.6760762857427505
|
Encrypted: |
false
|
Ssdeep: |
1536:EiRd+h6TPAzNua6BCbz+zNB+C0qkWaQZnP+:2hA+
|
Size: |
81734
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Foredragsrejsen\forudst.vir
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Foredragsrejsen\forudst.vir
|
Category: |
dropped
|
Dump: |
forudst.vir.0.dr
|
ID: |
dr_17
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.8696033469856905
|
Encrypted: |
false
|
Ssdeep: |
96:84ATcr7Iml1Mvj7b20fpLJwiFEAXVuBrp57:9IwEml+e0hWiFECVuBrp57
|
Size: |
3377
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Foredragsrejsen\illustrated.fin
|
MacBinary, inited, changed, busy, bozo, system, invisible, locked, comment length 2304, more flags 0x6a, total length 1166475264,
Sat Apr 28 09:23:19 2040 INVALID date, modified Mon Feb 6 13:53:20 2040, creator ' ', type '\317', 569830400 bytes "\177^"
, at 0x21f6ec80 8978537 bytes resource
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Foredragsrejsen\illustrated.fin
|
Category: |
dropped
|
Dump: |
illustrated.fin.0.dr
|
ID: |
dr_18
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
MacBinary, inited, changed, busy, bozo, system, invisible, locked, comment length 2304, more flags 0x6a, total length 1166475264,
Sat Apr 28 09:23:19 2040 INVALID date, modified Mon Feb 6 13:53:20 2040, creator ' ', type '\317', 569830400 bytes "\177^"
, at 0x21f6ec80 8978537 bytes resource
|
Entropy: |
4.757131692517797
|
Encrypted: |
false
|
Ssdeep: |
48:p3h+RvAETFecuuyT8YxDCs2a3YAEYnP2r:p3koqyIY5Cs2QVnG
|
Size: |
1665
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Foredragsrejsen\jenspecialist.nib
|
TeX font metric data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Foredragsrejsen\jenspecialist.nib
|
Category: |
dropped
|
Dump: |
jenspecialist.nib.0.dr
|
ID: |
dr_19
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
TeX font metric data
|
Entropy: |
4.8571367193867285
|
Encrypted: |
false
|
Ssdeep: |
24:C0/uUZE+jl9cmNg38DKlrw/xtCOATg6UlhS3OlDtaW/CSHl:C0WUqwcmysDJxt0UlhxlDJaul
|
Size: |
1282
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Gratefullies\smashment.ska
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Gratefullies\smashment.ska
|
Category: |
dropped
|
Dump: |
smashment.ska.0.dr
|
ID: |
dr_5
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.7794058140262115
|
Encrypted: |
false
|
Ssdeep: |
48:QRn1yarpCqmNiCRBAMbr7wfLC53SYZCK8v7a6S+/s6l57mao/dlpdTofeul:CsarpGNiEb/w2RrZC17au/s6jmpdT9ul
|
Size: |
3006
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Gratefullies\throb.bar
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Gratefullies\throb.bar
|
Category: |
dropped
|
Dump: |
throb.bar.0.dr
|
ID: |
dr_6
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.897829674945043
|
Encrypted: |
false
|
Ssdeep: |
48:P4jh8bwMH2tM8YUm4YJ9Xt2uy8xGgue2plANPcMxEX0lw89JXNe7ZBVU7f+Y4h0/:POaH2tJQ4G99HBQRlYZEMw8Xwjy7Ilqn
|
Size: |
2902
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Ichthyodian.eta
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Ichthyodian.eta
|
Category: |
dropped
|
Dump: |
Ichthyodian.eta.0.dr
|
ID: |
dr_12
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.878763181800367
|
Encrypted: |
false
|
Ssdeep: |
96:HEMObQEeMVOC91Emhv2bmb3kDM2yAiDvFR:HEhbQEeoOC9Kmhp4CvFR
|
Size: |
3496
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Seventieth\trichosis.kni
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Seventieth\trichosis.kni
|
Category: |
dropped
|
Dump: |
trichosis.kni.0.dr
|
ID: |
dr_7
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.915094447929483
|
Encrypted: |
false
|
Ssdeep: |
96:eQMqkwznsG1PQZsbrMPMRtxhCF1jzEjwLKCTCyCeSrsqEAFo2OjSh:pPkwlEsvMkRIgwfTPTosqz7
|
Size: |
4176
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Seventieth\ujordiskes.ric
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Seventieth\ujordiskes.ric
|
Category: |
dropped
|
Dump: |
ujordiskes.ric.0.dr
|
ID: |
dr_8
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.973967543606661
|
Encrypted: |
false
|
Ssdeep: |
24:784BZ/SjXqpcKeu+NUZ65nl6x1gQJpX6ELT+3hDlO1VMyL5QRAHlqYFBlwbV/W+N:BBZKr75ubZeQxWQTXrTbPyAF52bODJhE
|
Size: |
2252
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Skreddenes.deo
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Skreddenes.deo
|
Category: |
dropped
|
Dump: |
Skreddenes.deo.0.dr
|
ID: |
dr_14
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.972093384782673
|
Encrypted: |
false
|
Ssdeep: |
48:YjgvH6+SBp0XGWCyLHP3+0LR32aSjhYUrqoF1GAy1ff+2Sa2rS5uEy:Ye6+dXGu+09XAhYUGAGAwf+lOC
|
Size: |
2407
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Varige.Cra
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\Varige.Cra
|
Category: |
dropped
|
Dump: |
Varige.Cra.0.dr
|
ID: |
dr_11
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
7.703737324888665
|
Encrypted: |
false
|
Ssdeep: |
3072:Nt0fXob5Og1FT60ZbqXKV8BP+p2bQpIiFFWAifQiPMlalSBSiI71p6p221:NqfXg5dWiQKV8Bg2bQpfFNixxlISiIS3
|
Size: |
169452
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\benedikts.raa
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\benedikts.raa
|
Category: |
dropped
|
Dump: |
benedikts.raa.0.dr
|
ID: |
dr_15
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.832428735752841
|
Encrypted: |
false
|
Ssdeep: |
48:l/sUGWVaxdni8i1c3Ok4NA98fi9S/DJLTii8W1k:l/b7mv9qi9MdB6
|
Size: |
2041
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\entermete.cis
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\entermete.cis
|
Category: |
dropped
|
Dump: |
entermete.cis.0.dr
|
ID: |
dr_16
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.913428843029477
|
Encrypted: |
false
|
Ssdeep: |
48:4d1Zc+yzpGAV5Ezuh2P9j5elAwJZOlp+/S1absCiu1wB5Ir4s3lB0:qc+yzzU1IAMAX4gCiugM71B0
|
Size: |
3257
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\katalyseret.for
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\katalyseret.for
|
Category: |
dropped
|
Dump: |
katalyseret.for.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.945195293831195
|
Encrypted: |
false
|
Ssdeep: |
96:JSDizfN205VYwf+7o7dxw0dRkwJHPdWlsGB3Mx6pCA/J5NX4tf:JSuB205VYwWE7r7dRDVOG6pCONX4tf
|
Size: |
4285
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\kiangs.psy
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\kiangs.psy
|
Category: |
dropped
|
Dump: |
kiangs.psy.0.dr
|
ID: |
dr_1
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.7446490460386475
|
Encrypted: |
false
|
Ssdeep: |
24:+9TqQS9xeqORZNCYJXkUAvaCf+W9b6DUnmDa0yTneGCCNQ:+FswRZNzKaO+4uDjDgneLsQ
|
Size: |
1633
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\margaric.sil
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\margaric.sil
|
Category: |
dropped
|
Dump: |
margaric.sil.0.dr
|
ID: |
dr_2
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.851430282092303
|
Encrypted: |
false
|
Ssdeep: |
48:dR/RDlZ4qtO2K9lplKIVQUwTxzJ9crQ3dQxH/fTCxByq7xYKlnk+Bl7/9HQqN:dvn42k9lTKmQBTxzLttQ1exBYKlzFV
|
Size: |
3016
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\skedehindes.bag
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\skedehindes.bag
|
Category: |
dropped
|
Dump: |
skedehindes.bag.0.dr
|
ID: |
dr_3
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
data
|
Entropy: |
4.991933083732883
|
Encrypted: |
false
|
Ssdeep: |
48:ph27RjuJ6gAunjnhFDS2TeN0FmA8XS/2K0gvA21YO5IHlC04JiPtszDQUlsXscFi:Yj963SJ0FmAv+GD8C00iVG0UlEvRvw
|
Size: |
3224
|
Whitelisted: |
false
|
|
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\skifer.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\heraldisk\frimanden\forbytningernes\skifer.txt
|
Category: |
dropped
|
Dump: |
skifer.txt.0.dr
|
ID: |
dr_4
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
ASCII text, with CRLF line terminators
|
Entropy: |
4.1683020969544
|
Encrypted: |
false
|
Ssdeep: |
6:6gslvJ8C2v0AiFws1SSMuOnyDWspEH1LwPBiHeLC2tHnW28jqOtXj1G7D9HboKO:/+8Cc0kQpMuOyKv1cZL7nOVQpHi
|
Size: |
416
|
Whitelisted: |
false
|
|
C:\Users\user\Music\legationens.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun
Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
|
|
|
File: |
C:\Users\user\Music\legationens.lnk
|
Category: |
dropped
|
Dump: |
legationens.lnk.0.dr
|
ID: |
dr_9
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\r14836901-5B4A-.exe
|
Type: |
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun
Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
Entropy: |
3.1726979892660525
|
Encrypted: |
false
|
Ssdeep: |
12:8wl0HsXUCV/tz0/CSLwrHj4/3BVYG02D23ddcyGW4MJsW+AdpAFQ1h4BVlDT5cZm:8ArWLgD4/BV02De+My+p/kBPD1RjJT
|
Size: |
1362
|
Whitelisted: |
false
|
|