Loading... Additional Content is being loaded
Windows
Analysis Report
MemProfilerInstaller5_7_28.exe
Overview
General Information
| Sample name: | MemProfilerInstaller5_7_28.exe |
| Analysis ID: | 1446966 |
| MD5: | 7e45c0ea667dcf7b44cc304a0f159d32 |
| SHA1: | d38693fb82dd2132fc314708e8fabb3aebe07668 |
| SHA256: | 9c249afa63fee4ecf8feab4512bbefba68949da7083349d26ffa439c06eab3c3 |
| Infos: | |
 |
|
Detection
| Score: | 8 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 20% |
Signatures
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Classification
| Source: |
Code function: |
0_2_00579F8F | |
| Source: |
Code function: |
0_2_0059F340 | |
| Source: |
Code function: |
0_2_00579D74 | |
| Source: |
Code function: |
1_2_00139F8F | |
| Source: |
Code function: |
1_2_0015F340 | |
| Source: |
Code function: |
1_2_00139D74 | |
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Code function: |
0_2_00579A1D | |
| Source: |
Code function: |
0_2_005A3C72 | |
| Source: |
Code function: |
0_2_00563D4E | |
| Source: |
Code function: |
1_2_00139A1D | |
| Source: |
Code function: |
1_2_00163C72 | |
| Source: |
Code function: |
1_2_00123D4E | |
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
Code function: |
0_2_0058C01F | |
| Source: |
Code function: |
0_2_005901A6 | |
| Source: |
Code function: |
0_2_005662CC | |
| Source: |
Code function: |
0_2_0059A28E | |
| Source: |
Code function: |
0_2_00590461 | |
| Source: |
Code function: |
0_2_00592413 | |
| Source: |
Code function: |
0_2_00592642 | |
| Source: |
Code function: |
0_2_0059E73C | |
| Source: |
Code function: |
0_2_0058F8C3 | |
| Source: |
Code function: |
0_2_0058FC35 | |
| Source: |
Code function: |
0_2_00599DE0 | |
| Source: |
Code function: |
0_2_0058FEDF | |
| Source: |
Code function: |
0_2_00583F71 | |
| Source: |
Code function: |
1_2_0014C01F | |
| Source: |
Code function: |
1_2_001501A6 | |
| Source: |
Code function: |
1_2_0015A28E | |
| Source: |
Code function: |
1_2_001262CC | |
| Source: |
Code function: |
1_2_00152413 | |
| Source: |
Code function: |
1_2_00150461 | |
| Source: |
Code function: |
1_2_00152642 | |
| Source: |
Code function: |
1_2_0015E73C | |
| Source: |
Code function: |
1_2_0014F8C3 | |
| Source: |
Code function: |
1_2_0014FC35 | |
| Source: |
Code function: |
1_2_00159DE0 | |
| Source: |
Code function: |
1_2_0014FEDF | |
| Source: |
Code function: |
1_2_00143F71 | |
| Source: |
Code function: |
1_2_05F3538E | |
| Source: |
Code function: |
1_2_6CBDD880 | |
| Source: |
Code function: |
1_2_6CBDDD2E | |
| Source: |
Code function: |
1_2_6CBE2918 | |
| Source: |
Code function: |
1_2_6CBD7117 | |
| Source: |
Code function: |
1_2_6CBD6EE8 | |
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Static PE information: |
||
| Source: |
Classification label: |
||
| Source: |
Code function: |
0_2_00562078 | |
| Source: |
Code function: |
0_2_00564639 | |
| Source: |
Code function: |
1_2_00124639 | |
| Source: |
Code function: |
0_2_005A28BD | |
| Source: |
Code function: |
0_2_005868EE | |
| Source: |
Mutant created: |
||
| Source: |
File created: |
Jump to behavior | ||
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
0_2_00561070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Command line argument: |
1_2_00121070 | |
| Source: |
Static PE information: |
||
| Source: |
Key opened: |
Jump to behavior | ||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Key value queried: |
Jump to behavior | ||
| Source: |
Window detected: |
||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
Static PE information: |
||
| Source: |
Static file information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Binary string: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Code function: |
0_2_0058E819 | |
| Source: |
Code function: |
1_2_0014E819 | |
| Source: |
Code function: |
1_2_6CBD4489 | |
| Source: |
Code function: |
1_2_02AF50B1 | |
| Source: |
Code function: |
1_2_02AF50B1 | |
| Source: |
Code function: |
1_2_02AF5069 | |
| Source: |
Code function: |
1_2_02AF2661 | |
| Source: |
Code function: |
1_2_02AF2591 | |
| Source: |
Code function: |
1_2_02AF2591 | |
| Source: |
Code function: |
1_2_02AF5559 | |
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
File created: |
Jump to dropped file | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Memory allocated: |
Jump to behavior | ||
| Source: |
Memory allocated: |
Jump to behavior | ||
| Source: |
Memory allocated: |
Jump to behavior | ||
| Source: |
Dropped PE file which has not been started: |
Jump to dropped file | ||
| Source: |
Dropped PE file which has not been started: |
Jump to dropped file | ||
| Source: |
Dropped PE file which has not been started: |
Jump to dropped file | ||
| Source: |
Dropped PE file which has not been started: |
Jump to dropped file | ||
| Source: |
Dropped PE file which has not been started: |
Jump to dropped file | ||
| Source: |
Evasive API call chain: |
||
| Source: |
Check user administrative privileges: |
||
| Source: |
Check user administrative privileges: |
||
| Source: |
API coverage: |
||
| Source: |
Code function: |
0_2_0059F79E | |
| Source: |
Code function: |
0_2_0059F79E | |
| Source: |
Code function: |
1_2_0015F79E | |
| Source: |
Code function: |
1_2_0015F79E | |
| Source: |
Code function: |
0_2_00579A1D | |
| Source: |
Code function: |
0_2_005A3C72 | |
| Source: |
Code function: |
0_2_00563D4E | |
| Source: |
Code function: |
1_2_00139A1D | |
| Source: |
Code function: |
1_2_00163C72 | |
| Source: |
Code function: |
1_2_00123D4E | |
| Source: |
Code function: |
0_2_005A8EF4 | |
| Source: |
API call chain: |
||
| Source: |
API call chain: |
||
| Source: |
Code function: |
0_2_005934A2 | |
| Source: |
Code function: |
0_2_00594104 | |
| Source: |
Code function: |
1_2_00154104 | |
| Source: |
Code function: |
1_2_6CBD8FD6 | |
| Source: |
Code function: |
0_2_005639DF | |
| Source: |
Code function: |
0_2_0058E0A8 | |
| Source: |
Code function: |
0_2_005934A2 | |
| Source: |
Code function: |
0_2_0058E574 | |
| Source: |
Code function: |
0_2_0058E707 | |
| Source: |
Code function: |
1_2_0014E0A8 | |
| Source: |
Code function: |
1_2_001534A2 | |
| Source: |
Code function: |
1_2_0014E574 | |
| Source: |
Code function: |
1_2_0014E707 | |
| Source: |
Code function: |
1_2_6CBD448C | |
| Source: |
Code function: |
1_2_6CBD42B6 | |
| Source: |
Code function: |
1_2_6CBD7F77 | |
| Source: |
Memory allocated: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Code function: |
0_2_005A0FA6 | |
| Source: |
Code function: |
0_2_005A32B9 | |
| Source: |
Code function: |
0_2_0058E937 | |
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Queries volume information: |
Jump to behavior | ||
| Source: |
Code function: |
0_2_00574E6A | |
| Source: |
Code function: |
0_2_0056605F | |
| Source: |
Code function: |
0_2_00566203 | |
| Source: |
Code function: |
0_2_005A8039 | |
| Source: |
Code function: |
0_2_005651D2 | |
| Source: |
Key value queried: |
Jump to behavior | ||
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
⊘No contacted IP infos