Windows
Analysis Report
SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly
Creates a process in suspended mode (likely to inject code)
PE file contains sections with non-standard names
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Classification
- System is w10x64
SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe (PID: 4392 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. PUA.Tool.N grok.1.316 77.21594.e xe" MD5: 56D222D5FEBEF9FB176DF8C79D28C8AE) conhost.exe (PID: 6708 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe (PID: 2184 cmdline:
C:\Users\u ser\Deskto p\Securite Info.com.P UA.Tool.Ng rok.1.3167 7.21594.ex e MD5: 56D222D5FEBEF9FB176DF8C79D28C8AE) cmd.exe (PID: 1756 cmdline:
cmd.exe /K MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary string: |