Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
AV Detection: |
---|
Multi AV Scanner detection for submitted file |
Source: |
Virustotal: |
Perma Link |
Compliance: |
---|
Uses 32bit PE files |
Source: |
Static PE information: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to retrieve information about pressed keystrokes |
Source: |
Code function: |
1_2_012D2344 |
Potential key logger detected (key state polling based) |
Source: |
Code function: |
1_2_0135CDAC |
System Summary: |
---|
Binary is likely a compiled AutoIt script file |
Initial sample is a PE file and has a suspicious name |
Source: |
Static PE information: |
Detected potential crypto function |
Source: |
Code function: |
1_2_01306522 | |
Source: |
Code function: |
1_2_012E710E | |
Source: |
Code function: |
1_2_012DE800 | |
Source: |
Code function: |
1_2_01307006 | |
Source: |
Code function: |
1_2_012DE060 | |
Source: |
Code function: |
1_2_012E6843 | |
Source: |
Code function: |
1_2_0135804A | |
Source: |
Code function: |
1_2_012FDBB5 | |
Source: |
Code function: |
1_2_012FBFE6 | |
Source: |
Code function: |
1_2_012E8A0E | |
Source: |
Code function: |
1_2_012DFE40 | |
Source: |
Code function: |
1_2_012D1287 | |
Source: |
Code function: |
1_2_012F16C4 |
PE file contains strange resources |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Uses 32bit PE files |
Source: |
Static PE information: |
Source: |
Classification label: |
Source: |
Code function: |
1_2_0133A2D5 |
Source: |
Code function: |
1_2_01333E91 |
Source: |
Static PE information: |
Source: |
Key opened: |
Jump to behavior |
Source: |
Virustotal: |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Source: |
Static PE information: |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Data Obfuscation: |
---|
Uses code obfuscation techniques (call, push, ret) |
Source: |
Code function: |
1_2_012F8B98 |
Hooking and other Techniques for Hiding and Protection: |
---|
Icon mismatch, binary includes an icon from a different legit application in order to fool users |
Source: |
Icon embedded in binary file: |
Contains functionality to check if a window is minimized (may be used to check if an application is visible) |
Source: |
Code function: |
1_2_012D4A35 |
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior |
Malware Analysis System Evasion: |
---|
Uses Windows timers to delay execution |
Source: |
User Timer Set: |
Jump to behavior | ||
Source: |
User Timer Set: |
Jump to behavior |
Found a high number of Window / User specific system calls (may be a loop to detect user behavior) |
Source: |
Window / User API: |
Jump to behavior |
Found large amount of non-executed APIs |
Source: |
API coverage: |
May sleep (evasive loops) to hinder dynamic analysis |
Source: |
Thread sleep count: |
Jump to behavior |
Program does not show much activity (idle) |
Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
Sample execution stops while process was sleeping (likely an evasion) |
Source: |
Last function: |
||
Source: |
Last function: |
Sleep loop found (likely to delay execution) |
Source: |
Thread sleep count: |
Jump to behavior |
Anti Debugging: |
---|
Found API chain indicative of debugger detection |
Source: |
Debugger detection routine: |
Contains functionality to check if a debugger is running (IsDebuggerPresent) |
Source: |
Code function: |
1_2_01305CCC |
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError) |
Source: |
Code function: |
1_2_01305CCC |
Program does not show much activity (idle) |
Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: |
Code function: |
1_2_012FA395 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Contains functionality to simulate keystroke presses |
Source: |
Code function: |
1_2_012D4A35 |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Source: |
Code function: |
1_2_013050D7 |
No contacted IP infos |
---|