Analysis Report vbc.exe.vir

Overview

General Information

Sample Name: vbc.exe.vir (renamed file extension from vir to exe)
Analysis ID: 430813
MD5: 788016c9072423914b96f0d15a61812d
SHA1: 040f85b4ef512bb74990becfa1a5029f92eb65c7
SHA256: df34f3d4030a5ea484108271f749ca5fbc3af0f415051e98b342a505c88971e4
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 88
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Potential malicious icon found
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
Found large amount of non-executed APIs
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: vbc.exe.exe Malware Configuration Extractor: GuLoader {"Payload URL": "https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/"}
Multi AV Scanner detection for submitted file
Source: vbc.exe.exe Virustotal: Detection: 13% Perma Link

Compliance:

barindex
Uses 32bit PE files
Source: vbc.exe.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Creates a DirectInput object (often for capturing keystrokes)
Source: vbc.exe.exe, 00000000.00000002.1278845441.000000000079A000.00000004.00000020.sdmp Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

barindex
Potential malicious icon found
Source: initial sample Icon embedded in PE file: bad icon match: 20047c7c70f0e004
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\vbc.exe.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B699A NtAllocateVirtualMemory, 0_2_022B699A
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B6A34 NtAllocateVirtualMemory, 0_2_022B6A34
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B6A99 NtAllocateVirtualMemory, 0_2_022B6A99
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B6AD4 NtAllocateVirtualMemory, 0_2_022B6AD4
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B6B59 NtAllocateVirtualMemory, 0_2_022B6B59
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B6BCC NtAllocateVirtualMemory, 0_2_022B6BCC
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B6C02 NtAllocateVirtualMemory, 0_2_022B6C02
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B69AE NtAllocateVirtualMemory, 0_2_022B69AE
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B69E4 NtAllocateVirtualMemory, 0_2_022B69E4
Detected potential crypto function
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_00405607 0_2_00405607
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_004032F5 0_2_004032F5
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B699A 0_2_022B699A
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5627 0_2_022B5627
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B6A34 0_2_022B6A34
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3209 0_2_022B3209
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB608 0_2_022BB608
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA614 0_2_022BA614
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5A68 0_2_022B5A68
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3A62 0_2_022B3A62
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5278 0_2_022B5278
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3249 0_2_022B3249
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB650 0_2_022BB650
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA6A0 0_2_022BA6A0
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5688 0_2_022B5688
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB69C 0_2_022BB69C
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B92EF 0_2_022B92EF
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3AF8 0_2_022B3AF8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4EF2 0_2_022B4EF2
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA6F0 0_2_022BA6F0
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA2D8 0_2_022BA2D8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B2F27 0_2_022B2F27
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5B08 0_2_022B5B08
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5302 0_2_022B5302
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3300 0_2_022B3300
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4F1C 0_2_022B4F1C
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5712 0_2_022B5712
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B9768 0_2_022B9768
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA76C 0_2_022BA76C
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5B58 0_2_022B5B58
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B33AC 0_2_022B33AC
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B57A5 0_2_022B57A5
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B43B8 0_2_022B43B8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4F98 0_2_022B4F98
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5394 0_2_022B5394
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5BE7 0_2_022B5BE7
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB3F8 0_2_022BB3F8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA7C7 0_2_022BA7C7
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B582E 0_2_022B582E
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4404 0_2_022B4404
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5004 0_2_022B5004
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5418 0_2_022B5418
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB410 0_2_022BB410
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA814 0_2_022BA814
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5069 0_2_022B5069
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5466 0_2_022B5466
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB45D 0_2_022BB45D
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B245C 0_2_022B245C
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B2452 0_2_022B2452
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4454 0_2_022B4454
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B58B8 0_2_022B58B8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B44B2 0_2_022B44B2
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5C99 0_2_022B5C99
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB493 0_2_022BB493
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA890 0_2_022BA890
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3895 0_2_022B3895
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB4E0 0_2_022BB4E0
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B50F8 0_2_022B50F8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B38FC 0_2_022B38FC
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B54FC 0_2_022B54FC
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA4F1 0_2_022BA4F1
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B24C7 0_2_022B24C7
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B593E 0_2_022B593E
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4910 0_2_022B4910
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5578 0_2_022B5578
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4544 0_2_022B4544
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B69AE 0_2_022B69AE
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B39A0 0_2_022B39A0
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3189 0_2_022B3189
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4988 0_2_022B4988
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB588 0_2_022BB588
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B5181 0_2_022B5181
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA580 0_2_022BA580
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B9984 0_2_022B9984
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B39E8 0_2_022B39E8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B69E4 0_2_022B69E4
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B51FA 0_2_022B51FA
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA5C8 0_2_022BA5C8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B59CF 0_2_022B59CF
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BB5CC 0_2_022BB5CC
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B45D1 0_2_022B45D1
PE file contains strange resources
Source: vbc.exe.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: vbc.exe.exe, 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameSuperintellectually.exe vs vbc.exe.exe
Source: vbc.exe.exe Binary or memory string: OriginalFilenameSuperintellectually.exe vs vbc.exe.exe
Uses 32bit PE files
Source: vbc.exe.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal88.rans.troj.evad.winEXE@1/0@0/0
Source: vbc.exe.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\vbc.exe.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\vbc.exe.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: vbc.exe.exe Virustotal: Detection: 13%

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: vbc.exe.exe, type: SAMPLE
Source: Yara match File source: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.194728526.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 0.0.vbc.exe.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.vbc.exe.exe.400000.0.unpack, type: UNPACKEDPE
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_00403112 push dword ptr [ebp-44h]; ret 0_2_0041ECC4
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4A3C push AFBDCFF2h; iretd 0_2_022B4A2E
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B7F05 push edx; ret 0_2_022B7F12
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B2B1B push ebp; retf 0_2_022B2B0A
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA965 push eax; ret 0_2_022BA956
Source: C:\Users\user\Desktop\vbc.exe.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\vbc.exe.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\vbc.exe.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\vbc.exe.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\vbc.exe.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BBB2B 0_2_022BBB2B
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BBB26 0_2_022BBB26
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3895 0_2_022B3895
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\vbc.exe.exe RDTSC instruction interceptor: First address: 00000000022B9BBF second address: 00000000022B9BBF instructions: 0x00000000 rdtsc 0x00000002 mov eax, 4A1014F8h 0x00000007 xor eax, 91CBACF6h 0x0000000c xor eax, 7F9DE2BDh 0x00000011 xor eax, A4465AB2h 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F8D1C47F904h 0x0000001e lfence 0x00000021 mov edx, C49425E1h 0x00000026 xor edx, 40636495h 0x0000002c sub edx, D2D01692h 0x00000032 xor edx, CDD92AF6h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d jmp 00007F8D1C47F8F6h 0x0000003f test al, bl 0x00000041 cmp al, E3h 0x00000043 jmp 00007F8D1C47F8F6h 0x00000045 cmp ch, 0000006Dh 0x00000048 cmp bh, ah 0x0000004a ret 0x0000004b sub edx, esi 0x0000004d ret 0x0000004e add edi, edx 0x00000050 dec dword ptr [ebp+000000F8h] 0x00000056 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000005d jne 00007F8D1C47F874h 0x0000005f jmp 00007F8D1C47F8F6h 0x00000061 test ah, ch 0x00000063 call 00007F8D1C47F8E6h 0x00000068 call 00007F8D1C47F925h 0x0000006d lfence 0x00000070 mov edx, C49425E1h 0x00000075 xor edx, 40636495h 0x0000007b sub edx, D2D01692h 0x00000081 xor edx, CDD92AF6h 0x00000087 mov edx, dword ptr [edx] 0x00000089 lfence 0x0000008c jmp 00007F8D1C47F8F6h 0x0000008e test al, bl 0x00000090 cmp al, E3h 0x00000092 jmp 00007F8D1C47F8F6h 0x00000094 cmp ch, 0000006Dh 0x00000097 cmp bh, ah 0x00000099 ret 0x0000009a mov esi, edx 0x0000009c pushad 0x0000009d rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3209 rdtsc 0_2_022B3209
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\vbc.exe.exe API coverage: 7.0 %
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\vbc.exe.exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3209 rdtsc 0_2_022B3209
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA614 mov eax, dword ptr fs:[00000030h] 0_2_022BA614
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B43B8 mov eax, dword ptr fs:[00000030h] 0_2_022B43B8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3FB8 mov eax, dword ptr fs:[00000030h] 0_2_022B3FB8
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B642D mov eax, dword ptr fs:[00000030h] 0_2_022B642D
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4404 mov eax, dword ptr fs:[00000030h] 0_2_022B4404
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B9840 mov eax, dword ptr fs:[00000030h] 0_2_022B9840
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B4454 mov eax, dword ptr fs:[00000030h] 0_2_022B4454
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B3895 mov eax, dword ptr fs:[00000030h] 0_2_022B3895
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA4F1 mov eax, dword ptr fs:[00000030h] 0_2_022BA4F1
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022B8D1F mov eax, dword ptr fs:[00000030h] 0_2_022B8D1F
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA580 mov eax, dword ptr fs:[00000030h] 0_2_022BA580
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BA5C8 mov eax, dword ptr fs:[00000030h] 0_2_022BA5C8
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: vbc.exe.exe, 00000000.00000002.1279108448.0000000000D20000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: vbc.exe.exe, 00000000.00000002.1279108448.0000000000D20000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: vbc.exe.exe, 00000000.00000002.1279108448.0000000000D20000.00000002.00000001.sdmp Binary or memory string: Progman
Source: vbc.exe.exe, 00000000.00000002.1279108448.0000000000D20000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\vbc.exe.exe Code function: 0_2_022BBB2B cpuid 0_2_022BBB2B
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 430813 Sample: vbc.exe.vir Startdate: 08/06/2021 Architecture: WINDOWS Score: 88 8 Potential malicious icon found 2->8 10 Found malware configuration 2->10 12 Multi AV Scanner detection for submitted file 2->12 14 2 other signatures 2->14 5 vbc.exe.exe 2->5         started        process3 signatures4 16 Contains functionality to detect hardware virtualization (CPUID execution measurement) 5->16 18 Found potential dummy code loops (likely to delay analysis) 5->18 20 Tries to detect virtualization through RDTSC time measurements 5->20
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/ true
  • Avira URL Cloud: safe
 unknown