Play interactive tourEdit tour
Analysis Report Comuinicado-Covid19-Min-Saude-VRC-03-02-21-210.vbs
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for dropped file
Benign windows process drops PE files
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Detected VMProtect packer
Potential evasive VBS script found (sleep loop)
Potential malicious VBS script found (has network functionality)
Windows Shell Script Host drops VBS files
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Creates a start menu entry (Start Menu\Programs\Startup)
Drops PE files
Entry point lies outside standard sections
Found WSH timer for Javascript or VBS script (likely evasive script)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Stores files to the Windows start menu directory
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for dropped file | Show sources |
Source: | Avira: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking: |
---|
Potential malicious VBS script found (has network functionality) | Show sources |
Source: | Initial file: | ||
Source: | Initial file: | ||
Source: | Initial file: | ||
Source: | Initial file: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Detected VMProtect packer | Show sources |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Initial sample: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Key value queried: |
Data Obfuscation: |
---|
VBScript performs obfuscated calls to suspicious functions | Show sources |
Source: | Anti Malware Scan Interface: |