Sample name: | LG3adrtYi2.exerenamed because original name is a hash value |
Original sample name: | de36bc2bfc3c67820ebd75c912fadc3d.exe |
Analysis ID: | 1448262 |
MD5: | de36bc2bfc3c67820ebd75c912fadc3d |
SHA1: | 38bd51e1052ae5bede5293827e87d6f494b204c8 |
SHA256: | 2a5083d6e55f5cb56764fc4ed7ad082a0ef75a908ed03132178cc80f802c3d16 |
Tags: | 32exetrojan |
Infos: | |
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Phorpiex | Proofpoint describes Phorpiex/Trik as a SDBot fork (thus IRC-based) that has been used to distribute GandCrab, Pushdo, Pony, and coinminers. The name Trik is derived from PDB strings. | No Attribution |
|
AV Detection |
|
---|
Source: |
Avira: |
Source: |
Avira: |
||
Source: |
Avira: |
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link |
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link |
Source: |
Integrated Neural Analysis Model: |
Source: |
Joe Sandbox ML: |
Phishing |
|
---|
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
Source: |
Static PE information: |
Source: |
File opened: |
Jump to behavior |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Code function: |
0_2_00F028F0 |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Source: |
Binary or memory string: |
memstr_0978e8bc-c |
Spam, unwanted Advertisements and Ransom Demands |
|
---|
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
Source: |
Dropped File: |
||
Source: |
Dropped File: |
Source: |
Static PE information: |
Source: |
Classification label: |
Source: |
Mutant created: |
Source: |
Static PE information: |
Source: |
Key opened: |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Source: |
ReversingLabs: |
||
Source: |
Virustotal: |
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior |
Source: |
LNK file: |
||
Source: |
LNK file: |
Source: |
File opened: |
Jump to behavior |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Source: |
Static PE information: |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Source: |
Code function: |
0_2_00F03234 |
Source: |
File created: |
Jump to dropped file | ||
Source: |
File created: |
Jump to dropped file |
Source: |
File created: |
Jump to dropped file | ||
Source: |
File created: |
Jump to dropped file |
Source: |
Process information set: |
Jump to behavior |
Malware Analysis System Evasion |
|
---|
Source: |
Evasive API call chain: |
||
Source: |
Evasive API call chain: |
Source: |
Thread delayed: |
Jump to behavior | ||
Source: |
Thread delayed: |
Jump to behavior |
Source: |
Window / User API: |
Jump to behavior | ||
Source: |
Window / User API: |
Jump to behavior |
Source: |
Dropped PE file which has not been started: |
Jump to dropped file | ||
Source: |
Dropped PE file which has not been started: |
Jump to dropped file |
Source: |
Thread sleep count: |
Jump to behavior | ||
Source: |
Thread sleep time: |
Jump to behavior | ||
Source: |
Thread sleep count: |
Jump to behavior | ||
Source: |
Thread sleep time: |
Jump to behavior |
Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: |
Code function: |
0_2_00F028F0 |
Source: |
Thread delayed: |
Jump to behavior | ||
Source: |
Thread delayed: |
Jump to behavior |
Source: |
API call chain: |
Anti Debugging |
|
---|
Source: |
Process Stats: |
Source: |
Code function: |
0_2_00F03358 |
Source: |
Code function: |
0_2_00F01D30 |
Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: |
Code function: |
0_2_00F03358 |
Source: |
Code function: |
0_2_00F03288 |
Remote Access Functionality |
|
---|
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |