Windows Analysis Report
home21.exe

Overview

General Information

Sample name:	home21.exe
Analysis ID:	1467809
MD5:	fdc0384ea73d7d57c04d471c6cbbad94
SHA1:	730851524ec7a5d6bc9fd91048e2242c5a638d0c
SHA256:	a62d5d4b2d07be105c461e40da79040336b7ccb625baa9274a6c816d9755fd6e
Tags:	exe
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious sample

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Uses dynamic DNS services

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Entry point lies outside standard sections

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Signatures

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 95.1% probability

Machine Learning detection for sample

Source: home21.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: home21.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Networking

Uses dynamic DNS services

Source: unknown

DNS query: name: winhomemodulo.ddns.net

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: winhomemodulo.ddns.net
Source: global traffic	DNS traffic detected: DNS query: google.com.br

Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://digitalbush.com/projects/masked-input-plugin/#license)
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontawesome.io
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontawesome.io/license/
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/http
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/http/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/mime/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/#
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/SV
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2941079350.000000000A1E2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/U
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://winhomemodulo.ddns.net/w2/openU
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types
Source: home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types-IWSDLPublish
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/rootpart.xml
Source: home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: home21.exe, 00000000.00000003.2941079350.000000000D64E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/editor/midasdemo/securityprefs.html

System Summary

PE file contains section with special chars

Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:

PE file contains more sections than normal

Source: home21.exe

Static PE information: Number of sections : 19 > 10

Sample file is different than original file name gathered from version info

Source: home21.exe, 00000000.00000000.2019638393.0000000006E5E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe
Source: home21.exe, 00000000.00000003.2941079350.000000000DA80000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe
Source: home21.exe, 00000000.00000003.2941079350.000000000DA80000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDlp Loper< vs home21.exe
Source: home21.exe	Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe

Uses 32bit PE files

Source: home21.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: home21.exe	Static PE information: Section: ZLIB complexity 0.98944091796875
Source: home21.exe	Static PE information: Section: ZLIB complexity 0.9931242028061225
Source: home21.exe	Static PE information: Section: ZLIB complexity 0.9928385416666666
Source: home21.exe	Static PE information: Section: ZLIB complexity 1.0045572916666667
Source: home21.exe	Static PE information: Section: ZLIB complexity 0.9993225164654226
Source: home21.exe	Static PE information: Section: .reloc ZLIB complexity 1.5

Source: classification engine

Classification label: mal76.troj.evad.winEXE@1/0@4/0

Source: C:\Users\user\Desktop\home21.exe

Mutant created: \Sessions\1\BaseNamedObjects\brkurschmogesk-fdsfsdfsd

Source: Yara match

File source: 00000000.00000003.2934182935.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\home21.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\home21.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\home21.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\home21.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: magnification.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: colorui.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: compstui.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: inetres.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: olepro32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\home21.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: home21.exe

Static file information: File size 22286864 > 1048576

Source: home21.exe	Static PE information: Raw size of is bigger than: 0x100000 < 0x4db400
Source: home21.exe	Static PE information: Raw size of is bigger than: 0x100000 < 0x506200
Source: home21.exe	Static PE information: Raw size of is bigger than: 0x100000 < 0x75ae00
Source: home21.exe	Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x372000

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

PE file contains sections with non-standard names

Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name: .themida
Source: home21.exe	Static PE information: section name: .boot

Source: home21.exe

Static PE information: section name: entropy: 7.9097474746193965

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\home21.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\home21.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\home21.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\home21.exe TID: 6800

Thread sleep time: -116000s >= -30000s

Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\home21.exe

Last function: Thread delayed

Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @Idassignednumbers@IdPORT_vmnet
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @Idassignednumbers@IdPORT_vmnet$@Idassignednumbers@IdPORT_genrad_mux

Source: C:\Users\user\Desktop\home21.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\home21.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\home21.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process queried: DebugObjectHandle	Jump to behavior

Source: C:\Users\user\Desktop\home21.exe

Jump to behavior

Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndSVW
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @Winapi@Windows@DOF_PROGMAN
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndU
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ReBarWindow32Shell_TrayWndMSTaskSwWClassMSTaskListWClassU
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Contacted Domains

Name	IP	Active
winhomemodulo.ddns.net	64.226.97.61	true
google.com.br	142.250.185.67	true

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 95.1% probability

Machine Learning detection for sample

Source: home21.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: home21.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Networking

Uses dynamic DNS services

Source: unknown

DNS query: name: winhomemodulo.ddns.net

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: winhomemodulo.ddns.net
Source: global traffic	DNS traffic detected: DNS query: google.com.br

Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://digitalbush.com/projects/masked-input-plugin/#license)
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontawesome.io
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontawesome.io/license/
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/http
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/http/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/mime/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/#
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/SV
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2941079350.000000000A1E2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/U
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://winhomemodulo.ddns.net/w2/openU
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types
Source: home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types-IWSDLPublish
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/rootpart.xml
Source: home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: home21.exe, 00000000.00000003.2941079350.000000000D64E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/editor/midasdemo/securityprefs.html

System Summary

PE file contains section with special chars

Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:

PE file contains more sections than normal

Source: home21.exe

Static PE information: Number of sections : 19 > 10

Sample file is different than original file name gathered from version info

Source: home21.exe, 00000000.00000000.2019638393.0000000006E5E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe
Source: home21.exe, 00000000.00000003.2941079350.000000000DA80000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe
Source: home21.exe, 00000000.00000003.2941079350.000000000DA80000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDlp Loper< vs home21.exe
Source: home21.exe	Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe

Uses 32bit PE files

Source: home21.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: home21.exe	Static PE information: Section: ZLIB complexity 0.98944091796875
Source: home21.exe	Static PE information: Section: ZLIB complexity 0.9931242028061225
Source: home21.exe	Static PE information: Section: ZLIB complexity 0.9928385416666666
Source: home21.exe	Static PE information: Section: ZLIB complexity 1.0045572916666667
Source: home21.exe	Static PE information: Section: ZLIB complexity 0.9993225164654226
Source: home21.exe	Static PE information: Section: .reloc ZLIB complexity 1.5

Source: classification engine

Classification label: mal76.troj.evad.winEXE@1/0@4/0

Source: C:\Users\user\Desktop\home21.exe

Mutant created: \Sessions\1\BaseNamedObjects\brkurschmogesk-fdsfsdfsd

Source: Yara match

File source: 00000000.00000003.2934182935.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\home21.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\home21.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\home21.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\home21.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: magnification.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: colorui.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: compstui.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: inetres.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: olepro32.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\home21.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: home21.exe

Static file information: File size 22286864 > 1048576

Source: home21.exe	Static PE information: Raw size of is bigger than: 0x100000 < 0x4db400
Source: home21.exe	Static PE information: Raw size of is bigger than: 0x100000 < 0x506200
Source: home21.exe	Static PE information: Raw size of is bigger than: 0x100000 < 0x75ae00
Source: home21.exe	Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x372000

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

PE file contains sections with non-standard names

Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name:
Source: home21.exe	Static PE information: section name: .themida
Source: home21.exe	Static PE information: section name: .boot

Source: home21.exe

Static PE information: section name: entropy: 7.9097474746193965

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\home21.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\home21.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\home21.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\home21.exe TID: 6800

Thread sleep time: -116000s >= -30000s

Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\home21.exe

Last function: Thread delayed

Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @Idassignednumbers@IdPORT_vmnet
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @Idassignednumbers@IdPORT_vmnet$@Idassignednumbers@IdPORT_genrad_mux

Source: C:\Users\user\Desktop\home21.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\home21.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\home21.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\home21.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\home21.exe	Process queried: DebugObjectHandle	Jump to behavior

Source: C:\Users\user\Desktop\home21.exe

Jump to behavior

Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndSVW
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @Winapi@Windows@DOF_PROGMAN
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndU
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ReBarWindow32Shell_TrayWndMSTaskSwWClassMSTaskListWClassU
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV

ID:	1467809
Product:	CloudBasic
Start time:	19:52:11
Start date:	04.07.2024
Sample:	home21.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	fdc0384ea73d7d57c04d471c6cbbad94
SHA1:	730851524ec7a5d6bc9fd91048e2242c5a638d0c
SHA256:	a62d5d4b2d07be105c461e40da79040336b7ccb625baa9274a6c816d9755fd6e
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
home21.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report home21.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report
home21.exe