update_390_391.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
Entropy: |
7.9661758417480995
|
Filename: |
update_390_391.exe
|
Filesize: |
28808560
|
MD5: |
c2c9b0b8b275defd42be10314f13b480
|
SHA1: |
1a268efea3cc2f56ddb154487e501550f0540696
|
SHA256: |
04ce55570cf7a827499636a577617bcdc80bfb1239f8b71caa7559a90f30b528
|
SHA512: |
828d426fffa04eedc6137e88fce528a0a88d37c6d5ae412bf3ff644362a4b3df14090af55cb63baaac03d35d5b5b06a09cd946841693d0f5be2ab859b8f0ca82
|
SSDEEP: |
786432:z9sg4J3dqRxyp0S0CajM0mSFJOS9h2fuhD:P4JNq78VAnB0ah2GF
|
Preview: |
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Creates files inside the user directory |
System Summary |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
Reads software policies |
System Summary |
System Information Discovery
|
Sample reads its own file content |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
PE file has a big raw section |
System Summary |
|
PE file has a big code size |
System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
Executable creates window controls seldom found in malware |
System Summary |
|
|
C:\Users\user\Desktop\ _avk_0.0.0.txt
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\ _avk_0.0.0.txt
|
Category: |
dropped
|
Dump: |
_avk_0.0.0.txt0.0.dr
|
ID: |
dr_1
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\update_390_391.exe
|
Type: |
ISO-8859 text, with CRLF line terminators
|
Entropy: |
3.6014829069277465
|
Encrypted: |
false
|
Size: |
332
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Creates files inside the user directory |
System Summary |
|
|