Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
AV Detection: |
---|
Found malware configuration |
Source: |
Malware Configuration Extractor: |
Multi AV Scanner detection for dropped file |
Source: |
ReversingLabs: |
Multi AV Scanner detection for submitted file |
Source: |
Virustotal: |
Perma Link |
Antivirus or Machine Learning detection for unpacked file |
Source: |
Avira: |
Compliance: |
---|
Uses 32bit PE files |
Source: |
Static PE information: |
Uses new MSVCR Dlls |
Source: |
File opened: |
Jump to behavior |
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Source: |
Static PE information: |
Binary contains paths to debug symbols |
Source: |
Binary string: |
Software Vulnerabilities: |
---|
Found inlined nop instructions (likely shell or obfuscated code) |
Source: |
Code function: |
0_2_04C8E2F0 |
Networking: |
---|
Detected TCP or UDP traffic on non-standard ports |
Source: |
TCP traffic: |
Internet Provider seen in connection with other malware |
Source: |
ASN Name: |
Uses SMTP (mail sending) |
Source: |
TCP traffic: |
Source: |
DNS traffic detected: |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Installs a global keyboard hook |
Source: |
Windows user hook set: |
Jump to behavior |
Creates a window with clipboard capturing capabilities |
Source: |
Window created: |
Jump to behavior |
System Summary: |
---|
.NET source code contains very large strings |
Source: |
Long String: |
||
Source: |
Long String: |
Initial sample is a PE file and has a suspicious name |
Source: |
Static PE information: |
Contains functionality to call native functions |
Source: |
Code function: |
0_2_051E111E | |
Source: |
Code function: |
5_2_00CCB0BA | |
Source: |
Code function: |
5_2_00CCB089 |
Detected potential crypto function |
Source: |
Code function: |
0_2_002C52E6 | |
Source: |
Code function: |
0_2_04C846D8 | |
Source: |
Code function: |
0_2_04C848E0 | |
Source: |
Code function: |
0_2_04C846C8 | |
Source: |
Code function: |
0_2_04C855E8 | |
Source: |
Code function: |
0_2_04C85390 | |
Source: |
Code function: |
0_2_04C853A0 | |
Source: |
Code function: |
5_2_004852E6 | |
Source: |
Code function: |
5_2_029B9690 | |
Source: |
Code function: |
5_2_029B7A94 | |
Source: |
Code function: |
5_2_029BD0F0 | |
Source: |
Code function: |
5_2_029B9248 | |
Source: |
Code function: |
5_2_029BBF90 | |
Source: |
Code function: |
5_2_0570DD78 | |
Source: |
Code function: |
5_2_0570F3F8 | |
Source: |
Code function: |
5_2_0570BDE0 | |
Source: |
Code function: |
5_2_057007D6 | |
Source: |
Code function: |
5_2_05707B98 | |
Source: |
Code function: |
5_2_0570D220 |
PE file contains strange resources |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Sample file is different than original file name gathered from version info |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Tries to load missing DLLs |
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior |
Uses 32bit PE files |
Source: |
Static PE information: |
Source: |
Base64 encoded string: |