Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
PE file contains strange resources
Potential browser exploit detected (process start blacklist hit)
Uses code obfuscation techniques (call, push, ret)