Windows Analysis Report
askeyhiddemon.exe

Overview

General Information

Sample name: askeyhiddemon.exe
Analysis ID: 1448032
MD5: 154790c56c8e14b6fe45170c6054f08f
SHA1: 940a45292c60697a1291edb6ebe94ab9e2b3f310
SHA256: 783f31a32d69b09046d998955d58ba7b9d22114316bb9d5623c05069245dc2d4

Detection

Score: 21
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

AI detected suspicious sample
Program does not show much activity (idle)
Uses 32bit PE files

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 68.2% probability
Uses 32bit PE files
Source: askeyhiddemon.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Uses 32bit PE files
Source: askeyhiddemon.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: sus21.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\askeyhiddemon.exe Mutant created: \Sessions\1\BaseNamedObjects\ASKeyHidDemon
Source: askeyhiddemon.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\askeyhiddemon.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\askeyhiddemon.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\askeyhiddemon.exe Section loaded: axtx_otg_pid1513_gm.dll Jump to behavior
Source: C:\Users\user\Desktop\askeyhiddemon.exe Section loaded: uxtheme.dll Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1448032 Sample: askeyhiddemon.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 21 7 AI detected suspicious sample 2->7 5 askeyhiddemon.exe 2->5         started        process3
No contacted IP infos