Analysis Report New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe

Overview

General Information

Sample Name: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe
Analysis ID: 432028
MD5: e766a80e73cd62b0aadf800f0e8bfe2c
SHA1: 25de6008b7f77121d432811376b4703e727e902f
SHA256: 664bf09b6f40a8f36643766189b1ec1cbf9578ff7d207b9f23803ac7676a119e
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 96
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Potential malicious icon found
Yara detected GuLoader
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Malware Configuration Extractor: GuLoader {"Payload URL": "https://tebogodigital.co.za/frim/build_mmHXva107.bin, https://tebogodigital.co.za/frib/build_mmHXva107.bin"}
Multi AV Scanner detection for submitted file
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Virustotal: Detection: 71% Perma Link
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Metadefender: Detection: 28% Perma Link
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe ReversingLabs: Detection: 72%

Compliance:

barindex
Uses 32bit PE files
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://tebogodigital.co.za/frim/build_mmHXva107.bin, https://tebogodigital.co.za/frib/build_mmHXva107.bin

System Summary:

barindex
Potential malicious icon found
Source: initial sample Icon embedded in PE file: bad icon match: 20047c7c70f0e004
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD88D0 NtProtectVirtualMemory, 0_2_02BD88D0
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7037 NtAllocateVirtualMemory, 0_2_02BD7037
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7280 NtAllocateVirtualMemory, 0_2_02BD7280
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD722F NtAllocateVirtualMemory, 0_2_02BD722F
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7094 NtAllocateVirtualMemory, 0_2_02BD7094
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD70C8 NtAllocateVirtualMemory, 0_2_02BD70C8
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7001 NtAllocateVirtualMemory, 0_2_02BD7001
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD71BE NtAllocateVirtualMemory, 0_2_02BD71BE
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD890F NtProtectVirtualMemory, 0_2_02BD890F
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD717E NtAllocateVirtualMemory, 0_2_02BD717E
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7159 NtAllocateVirtualMemory, 0_2_02BD7159
Detected potential crypto function
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_00401664 0_2_00401664
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_00403EC9 0_2_00403EC9
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7EA4 0_2_02BD7EA4
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7EF9 0_2_02BD7EF9
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD32E8 0_2_02BD32E8
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD3270 0_2_02BD3270
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD2A5F 0_2_02BD2A5F
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7E48 0_2_02BD7E48
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD33AC 0_2_02BD33AC
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7FEC 0_2_02BD7FEC
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7FE5 0_2_02BD7FE5
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7BC3 0_2_02BD7BC3
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7F38 0_2_02BD7F38
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7B33 0_2_02BD7B33
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7B77 0_2_02BD7B77
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7F6F 0_2_02BD7F6F
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD3364 0_2_02BD3364
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD8088 0_2_02BD8088
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7CE8 0_2_02BD7CE8
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD5825 0_2_02BD5825
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD341E 0_2_02BD341E
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7C04 0_2_02BD7C04
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7C48 0_2_02BD7C48
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD8042 0_2_02BD8042
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7DBA 0_2_02BD7DBA
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD31B4 0_2_02BD31B4
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD319D 0_2_02BD319D
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD8198 0_2_02BD8198
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD31FD 0_2_02BD31FD
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7DFD 0_2_02BD7DFD
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD2134 0_2_02BD2134
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7D36 0_2_02BD7D36
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD810C 0_2_02BD810C
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD8154 0_2_02BD8154
PE file contains strange resources
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe, 00000000.00000000.204331251.0000000000419000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameMuslingernes.exe vs New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe, 00000000.00000002.730698816.00000000021D0000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameuser32j% vs New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Binary or memory string: OriginalFilenameMuslingernes.exe vs New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe
Uses 32bit PE files
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal96.rans.troj.evad.winEXE@1/0@0/0
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Virustotal: Detection: 71%
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Metadefender: Detection: 28%
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe ReversingLabs: Detection: 72%

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: 00000000.00000002.734424591.0000000002BD0000.00000040.00000001.sdmp, type: MEMORY
Yara detected GuLoader
Source: Yara match File source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe, type: SAMPLE
Source: Yara match File source: 00000000.00000002.730196240.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.204310575.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 0.0.New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe.400000.0.unpack, type: UNPACKEDPE
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_004068DF push ecx; ret 0_2_004068E1
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_00402D66 push dword ptr [ebp-44h]; ret 0_2_00413024
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_00408972 push esi; iretd 0_2_00408976
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD837B push eax; ret 0_2_02BD83B2
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD3F7A push ss; retf 0_2_02BD3F84
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD3F53 push ss; retf 0_2_02BD3F5D
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe RDTSC instruction interceptor: First address: 0000000002BD849A second address: 0000000002BD849A instructions:
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe RDTSC instruction interceptor: First address: 0000000002BD849A second address: 0000000002BD849A instructions:
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe RDTSC instruction interceptor: First address: 0000000002BD1B35 second address: 0000000002BD1B35 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 0008B41Ah 0x00000007 sub eax, FFF0F724h 0x0000000c add eax, FFF6636Fh 0x00000011 sub eax, 000E2064h 0x00000016 cpuid 0x00000018 jmp 00007FF648847D52h 0x0000001a test eax, edx 0x0000001c popad 0x0000001d call 00007FF648847D1Bh 0x00000022 lfence 0x00000025 mov edx, 7FFD13E2h 0x0000002a sub edx, 000005CFh 0x00000030 sub edx, FFFF6315h 0x00000036 sub edx, FFFFAAEAh 0x0000003c mov edx, dword ptr [edx] 0x0000003e lfence 0x00000041 ret 0x00000042 sub edx, esi 0x00000044 ret 0x00000045 pop ecx 0x00000046 add edi, edx 0x00000048 dec ecx 0x00000049 jmp 00007FF648847D46h 0x0000004b test cl, FFFFFF80h 0x0000004e cmp ecx, 00000000h 0x00000051 jne 00007FF648847CCAh 0x00000053 push ecx 0x00000054 call 00007FF648847D64h 0x00000059 call 00007FF648847D80h 0x0000005e lfence 0x00000061 mov edx, 7FFD13E2h 0x00000066 sub edx, 000005CFh 0x0000006c sub edx, FFFF6315h 0x00000072 sub edx, FFFFAAEAh 0x00000078 mov edx, dword ptr [edx] 0x0000007a lfence 0x0000007d ret 0x0000007e mov esi, edx 0x00000080 pushad 0x00000081 rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD32E8 rdtsc 0_2_02BD32E8
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe API coverage: 6.5 %
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD32E8 rdtsc 0_2_02BD32E8
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD6AAF mov eax, dword ptr fs:[00000030h] 0_2_02BD6AAF
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD3EF4 mov eax, dword ptr fs:[00000030h] 0_2_02BD3EF4
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD2A65 mov eax, dword ptr fs:[00000030h] 0_2_02BD2A65
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD2A5F mov eax, dword ptr fs:[00000030h] 0_2_02BD2A5F
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7BC3 mov eax, dword ptr fs:[00000030h] 0_2_02BD7BC3
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7B33 mov eax, dword ptr fs:[00000030h] 0_2_02BD7B33
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD2B00 mov eax, dword ptr fs:[00000030h] 0_2_02BD2B00
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7B77 mov eax, dword ptr fs:[00000030h] 0_2_02BD7B77
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7C04 mov eax, dword ptr fs:[00000030h] 0_2_02BD7C04
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD7C48 mov eax, dword ptr fs:[00000030h] 0_2_02BD7C48
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD2134 mov eax, dword ptr fs:[00000030h] 0_2_02BD2134
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD611B mov eax, dword ptr fs:[00000030h] 0_2_02BD611B
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe, 00000000.00000002.730562695.0000000000DC0000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe, 00000000.00000002.730562695.0000000000DC0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe, 00000000.00000002.730562695.0000000000DC0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe, 00000000.00000002.730562695.0000000000DC0000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe Code function: 0_2_02BD58FF cpuid 0_2_02BD58FF
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 432028 Sample: New_Contract_ontractNo-S-21... Startdate: 09/06/2021 Architecture: WINDOWS Score: 96 8 Potential malicious icon found 2->8 10 Found malware configuration 2->10 12 Multi AV Scanner detection for submitted file 2->12 14 3 other signatures 2->14 5 New_Contract_ontractNo-S-2104-0036_Business_Sales_confirmation.exe 2->5         started        process3 signatures4 16 Detected RDTSC dummy instruction sequence (likely for instruction hammering) 5->16 18 Found potential dummy code loops (likely to delay analysis) 5->18 20 Tries to detect virtualization through RDTSC time measurements 5->20
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://tebogodigital.co.za/frim/build_mmHXva107.bin, https://tebogodigital.co.za/frib/build_mmHXva107.bin false
    		high