Windows
Analysis Report
Signed P.O.pdf.exe
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Initial sample is a PE file and has a suspicious name
Joe Sandbox ML detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
File is packed with WinRar
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64