Windows Analysis Report oYIQVnvsyG.exe

Overview

General Information

Sample Name: oYIQVnvsyG.exe
Analysis ID: 483803
MD5: 43c573966b2b1d5d87ecd57eb2a81c33
SHA1: a08966162e39fa04e39d93b1d121f1bef6b3ec86
SHA256: d062fa8446a39adb2182c2a506e96801792855bbb0da2a9f278134630a5e5de2
Infos:

Most interesting Screenshot:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Uses 32bit PE files
Sample file is different than original file name gathered from version info
PE file contains strange resources
May sleep (evasive loops) to hinder dynamic analysis
Contains long sleeps (>= 3 min)

Classification

Compliance:

barindex
Uses 32bit PE files
Source: oYIQVnvsyG.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dll Jump to behavior
Source: oYIQVnvsyG.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: oYIQVnvsyG.exe, 00000000.00000002.239893622.00000000014B2000.00000004.00000020.sdmp String found in binary or memory: http://go.microsz.R

System Summary:

barindex
Uses 32bit PE files
Source: oYIQVnvsyG.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Sample file is different than original file name gathered from version info
Source: oYIQVnvsyG.exe, 00000000.00000000.229505995.0000000000F6A000.00000002.00020000.sdmp Binary or memory string: OriginalFilenamePWCRLauncher.exe4 vs oYIQVnvsyG.exe
Source: oYIQVnvsyG.exe, 00000000.00000002.239887172.00000000014A9000.00000004.00000020.sdmp Binary or memory string: OriginalFilenamemscorwks.dllT vs oYIQVnvsyG.exe
Source: oYIQVnvsyG.exe Binary or memory string: OriginalFilenamePWCRLauncher.exe4 vs oYIQVnvsyG.exe
PE file contains strange resources
Source: oYIQVnvsyG.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: oYIQVnvsyG.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe File read: C:\Users\user\Desktop\oYIQVnvsyG.exe Jump to behavior
Source: oYIQVnvsyG.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\077cf2bd55145d691314f0889d7a1997\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Section loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Section loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp Jump to behavior
Source: classification engine Classification label: clean2.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\oYIQVnvsyG.exe.log Jump to behavior
Source: oYIQVnvsyG.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dll Jump to behavior
Source: oYIQVnvsyG.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe TID: 6396 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\oYIQVnvsyG.exe Memory allocated: page read and write | page guard Jump to behavior