Loading... Additional Content is being loaded
Windows
Analysis Report
mIzAhxUQjY.exe
Overview
General Information
| Sample name: | mIzAhxUQjY.exerenamed because original name is a hash value |
| Original sample name: | 501ae6c21ceb803f00f565f4de6a476ee71c7a7cf336edf8a722dc00033e42c8.exe |
| Analysis ID: | 1466962 |
| MD5: | fb520aa6e750c9527a1f06587b71d541 |
| SHA1: | 8e559f1ef60d530817c65669eafa53fd27a83c82 |
| SHA256: | 501ae6c21ceb803f00f565f4de6a476ee71c7a7cf336edf8a722dc00033e42c8 |
| Tags: | exe |
| Infos: | |
 |
|
Detection
| Score: | 54 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Machine Learning detection for sample
Uses Windows timers to delay execution
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Program does not show much activity (idle)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
AV Detection |
  |
|---|
| Source: |
Avira: |
||
| Source: |
ReversingLabs: |
||
| Source: |
Integrated Neural Analysis Model: |
||
| Source: |
Joe Sandbox ML: |
||
| Source: |
Static PE information: |
||
| Source: |
Code function: |
0_2_00E04696 | |
| Source: |
Code function: |
0_2_00E0C9C7 | |
| Source: |
Code function: |
0_2_00E0C93C | |
| Source: |
Code function: |
0_2_00E0F200 | |
| Source: |
Code function: |
0_2_00E0F35D | |
| Source: |
Code function: |
0_2_00E0F65E | |
| Source: |
Code function: |
0_2_00E03A2B | |
| Source: |
Code function: |
0_2_00E03D4E | |
| Source: |
Code function: |
0_2_00E0BF27 | |
| Source: |
Code function: |
0_2_00E125E2 | |
| Source: |
Code function: |
0_2_00E1425A | |
| Source: |
Code function: |
0_2_00E14458 | |
| Source: |
Code function: |
0_2_00E1425A | |
| Source: |
Code function: |
0_2_00E00219 | |
| Source: |
Code function: |
0_2_00E2CDAC | |
System Summary |
|
|---|
| Source: |
Code function: |
0_2_00DA3B4C | |
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
memstr_f134cc75-a | |
| Source: |
String found in binary or memory: |
memstr_4f9c3a53-3 | |
| Source: |
String found in binary or memory: |
memstr_8a9653f3-4 | |
| Source: |
String found in binary or memory: |
memstr_80d038bb-a | |
| Source: |
Code function: |
0_2_00E040B1 | |
| Source: |
Code function: |
0_2_00DF8858 | |
| Source: |
Code function: |
0_2_00E0545F | |
| Source: |
Code function: |
0_2_00E2804A | |
| Source: |
Code function: |
0_2_00DAE060 | |
| Source: |
Code function: |
0_2_00DB4140 | |
| Source: |
Code function: |
0_2_00DC2405 | |
| Source: |
Code function: |
0_2_00DD6522 | |
| Source: |
Code function: |
0_2_00E20665 | |
| Source: |
Code function: |
0_2_00DD267E | |
| Source: |
Code function: |
0_2_00DB6843 | |
| Source: |
Code function: |
0_2_00DAE800 | |
| Source: |
Code function: |
0_2_00DC283A | |
| Source: |
Code function: |
0_2_00DD89DF | |
| Source: |
Code function: |
0_2_00E20AE2 | |
| Source: |
Code function: |
0_2_00DD6A94 | |
| Source: |
Code function: |
0_2_00DB8A0E | |
| Source: |
Code function: |
0_2_00DFEB07 | |
| Source: |
Code function: |
0_2_00E08B13 | |
| Source: |
Code function: |
0_2_00DCCD61 | |
| Source: |
Code function: |
0_2_00DD7006 | |
| Source: |
Code function: |
0_2_00DB3190 | |
| Source: |
Code function: |
0_2_00DB710E | |
| Source: |
Code function: |
0_2_00DA1287 | |
| Source: |
Code function: |
0_2_00DC33C7 | |
| Source: |
Code function: |
0_2_00DCF419 | |
| Source: |
Code function: |
0_2_00DC16C4 | |
| Source: |
Code function: |
0_2_00DB5680 | |
| Source: |
Code function: |
0_2_00DC78D3 | |
| Source: |
Code function: |
0_2_00DB58C0 | |
| Source: |
Code function: |
0_2_00DC1BB8 | |
| Source: |
Code function: |
0_2_00DCDBB5 | |
| Source: |
Code function: |
0_2_00DD9D05 | |
| Source: |
Code function: |
0_2_00DAFE40 | |
| Source: |
Code function: |
0_2_00DC1FD0 | |
| Source: |
Code function: |
0_2_00DCBFE6 | |
| Source: |
Static PE information: |
||
| Source: |
Classification label: |
||
| Source: |
Code function: |
0_2_00E0A2D5 | |
| Source: |
Code function: |
0_2_00DF8713 | |
| Source: |
Code function: |
0_2_00DF8CC3 | |
| Source: |
Code function: |
0_2_00E0B59E | |
| Source: |
Code function: |
0_2_00E1F121 | |
| Source: |
Code function: |
0_2_00E186D0 | |
| Source: |
Code function: |
0_2_00DA4FE9 | |
| Source: |
Static PE information: |
||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
Key opened: |
Jump to behavior | ||
| Source: |
ReversingLabs: |
||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Key value queried: |
Jump to behavior | ||
| Source: |
Automated click: |
||
| Source: |
Automated click: |
||
| Source: |
Window detected: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
| Source: |
Code function: |
0_2_00E1C304 | |
| Source: |
Code function: |
0_2_00E0871B | |
| Source: |
Code function: |
0_2_00DCE951 | |
| Source: |
Code function: |
0_2_00DCEA6A | |
| Source: |
Code function: |
0_2_00DC8B98 | |
| Source: |
Code function: |
0_2_00DCEC45 | |
| Source: |
Code function: |
0_2_00DCED2E | |
| Source: |
Code function: |
0_2_00DA4A35 | |
| Source: |
Code function: |
0_2_00E255FD | |
| Source: |
Code function: |
0_2_00DC33C7 | |
| Source: |
Process information set: |
Jump to behavior | ||
Malware Analysis System Evasion |
|
|---|
| Source: |
User Timer Set: |
Jump to behavior | ||
| Source: |
User Timer Set: |
Jump to behavior | ||
| Source: |
User Timer Set: |
Jump to behavior | ||
| Source: |
API coverage: |
||
| Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
||
| Source: |
Code function: |
0_2_00E04696 | |
| Source: |
Code function: |
0_2_00E0C9C7 | |
| Source: |
Code function: |
0_2_00E0C93C | |
| Source: |
Code function: |
0_2_00E0F200 | |
| Source: |
Code function: |
0_2_00E0F35D | |
| Source: |
Code function: |
0_2_00E0F65E | |
| Source: |
Code function: |
0_2_00E03A2B | |
| Source: |
Code function: |
0_2_00E03D4E | |
| Source: |
Code function: |
0_2_00E0BF27 | |
| Source: |
Code function: |
0_2_00DA4AFE | |
| Source: |
Code function: |
0_2_00E141FD | |
| Source: |
Code function: |
0_2_00DA3B4C | |
| Source: |
Code function: |
0_2_00DD5CCC | |
| Source: |
Code function: |
0_2_00E1C304 | |
| Source: |
Code function: |
0_2_00DF81F7 | |
| Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
||
| Source: |
Code function: |
0_2_00DCA395 | |
| Source: |
Code function: |
0_2_00DCA364 | |
| Source: |
Code function: |
0_2_00DF8C93 | |
| Source: |
Code function: |
0_2_00DA3B4C | |
| Source: |
Code function: |
0_2_00DA4A35 | |
| Source: |
Code function: |
0_2_00E04EF5 | |
| Source: |
Code function: |
0_2_00DF81F7 | |
| Source: |
Code function: |
0_2_00E04C03 | |
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Code function: |
0_2_00DC886B | |
| Source: |
Code function: |
0_2_00DD50D7 | |
| Source: |
Code function: |
0_2_00DE2230 | |
| Source: |
Code function: |
0_2_00DD418A | |
| Source: |
Code function: |
0_2_00DA4AFE | |
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Code function: |
0_2_00E16596 | |
| Source: |
Code function: |
0_2_00E16A5A | |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
⊘No contacted IP infos