Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Djvu Ransomware
Antivirus detection for URL or domain
Machine Learning detection for sample
Injects a PE file into a foreign processes
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
PE file contains strange resources
Contains functionality to read the PEB
Contains functionality to launch a program with higher privileges
Found evaded block containing many API calls
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)