|
activation.reg.exe
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
| Filetype: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
7.85636255256613
|
| Filename: |
activation.reg.exe
|
| Filesize: |
6035976
|
| MD5: |
e49b92466821b19645b618b6a09a6880
|
| SHA1: |
b2bbafa02be38b07a4eb61049638ff86f0f8638b
|
| SHA256: |
90a0e059cd3f4ed0c9fac00a88ea262988b4cd6635aeb23bb7f5aab64d6aca0a
|
| SHA512: |
745af8a642385353e806eb675792f2591f0c414378709a797fcafde66894bad8fa11ffcdbb503853849646ad8b1f5bec4c2db87c42af9541da783b00498b5431
|
| SSDEEP: |
98304:mnjvqvbckqQludU/wVW3njOaInQR0yuVoQ9FQQNscWnjNOf28e24bUVO1EuMNs0:6vqvonQodSosqjQRQVnPQ+WnEfcsO1ET
|
| Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Dk4S%.gS%.gS%.gGN.f]%.gGN.f.%.g.P.f\%.g.P.fF%.g.P.f.%.gGN.fD%.gGN.fQ%.gGN.f^%.gS%.g.%.g.P.fQ%.g.P.fR%.g.P.gR%.gS%.gR%.g.P.fR%.
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Multi AV Scanner detection for submitted file |
AV Detection |
|
| Uses 32bit PE files |
Compliance, System Summary |
|
| Sample is known by Antivirus |
System Summary |
|
| PE file has an executable .text section and no other executable section |
System Summary |
|
| PE file contains a valid data directory to section mapping |
System Summary |
|
| PE file contains a debug data directory |
System Summary |
|
| Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
| PE file contains a mix of data directories often seen in goodware |
System Summary |
|
| PE file has a big raw section |
System Summary |
|
| Submission file is bigger than most known malware samples |
System Summary |
|
|
|
C:\Windows\SysWOW64\SyncAppvPublishingServer.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
| File: |
C:\Windows\SysWOW64\SyncAppvPublishingServer.vbs
|
| Category: |
dropped
|
| Dump: |
SyncAppvPublishingServer.vbs.4.dr
|
| ID: |
dr_0
|
| Target ID: |
4
|
| Process: |
C:\Windows\SysWOW64\rundll32.exe
|
| Type: |
ASCII text, with CRLF line terminators
|
| Entropy: |
4.593124153231039
|
| Encrypted: |
false
|
| Size: |
1504
|
| Whitelisted: |
false
|
| Reputation: |
low
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Creates files inside the system directory |
System Summary |
|
|
