activation.reg.exe
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
7.85636255256613
|
Filename: |
activation.reg.exe
|
Filesize: |
6035976
|
MD5: |
e49b92466821b19645b618b6a09a6880
|
SHA1: |
b2bbafa02be38b07a4eb61049638ff86f0f8638b
|
SHA256: |
90a0e059cd3f4ed0c9fac00a88ea262988b4cd6635aeb23bb7f5aab64d6aca0a
|
SHA512: |
745af8a642385353e806eb675792f2591f0c414378709a797fcafde66894bad8fa11ffcdbb503853849646ad8b1f5bec4c2db87c42af9541da783b00498b5431
|
SSDEEP: |
98304:mnjvqvbckqQludU/wVW3njOaInQR0yuVoQ9FQQNscWnjNOf28e24bUVO1EuMNs0:6vqvonQodSosqjQRQVnPQ+WnEfcsO1ET
|
Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Dk4S%.gS%.gS%.gGN.f]%.gGN.f.%.g.P.f\%.g.P.fF%.g.P.f.%.gGN.fD%.gGN.fQ%.gGN.f^%.gS%.g.%.g.P.fQ%.g.P.fR%.g.P.gR%.gS%.gR%.g.P.fR%.
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Sample is known by Antivirus |
System Summary |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
PE file contains a valid data directory to section mapping |
System Summary |
|
PE file contains a debug data directory |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file contains a mix of data directories often seen in goodware |
System Summary |
|
PE file has a big raw section |
System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Windows\SysWOW64\SyncAppvPublishingServer.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Windows\SysWOW64\SyncAppvPublishingServer.vbs
|
Category: |
dropped
|
Dump: |
SyncAppvPublishingServer.vbs.4.dr
|
ID: |
dr_0
|
Target ID: |
4
|
Process: |
C:\Windows\SysWOW64\rundll32.exe
|
Type: |
ASCII text, with CRLF line terminators
|
Entropy: |
4.593124153231039
|
Encrypted: |
false
|
Size: |
1504
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Creates files inside the system directory |
System Summary |
|
|