|
update_390_391.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
|
|
|
| Filetype: |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
7.9661758417480995
|
| Filename: |
update_390_391.exe
|
| Filesize: |
28808560
|
| MD5: |
c2c9b0b8b275defd42be10314f13b480
|
| SHA1: |
1a268efea3cc2f56ddb154487e501550f0540696
|
| SHA256: |
04ce55570cf7a827499636a577617bcdc80bfb1239f8b71caa7559a90f30b528
|
| SHA512: |
828d426fffa04eedc6137e88fce528a0a88d37c6d5ae412bf3ff644362a4b3df14090af55cb63baaac03d35d5b5b06a09cd946841693d0f5be2ab859b8f0ca82
|
| SSDEEP: |
786432:z9sg4J3dqRxyp0S0CajM0mSFJOS9h2fuhD:P4JNq78VAnB0ah2GF
|
| Preview: |
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Uses 32bit PE files |
Compliance, System Summary |
|
| Creates files inside the user directory |
System Summary |
|
| PE file has an executable .text section and no other executable section |
System Summary |
|
| Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
| Reads software policies |
System Summary |
System Information Discovery
|
| Sample reads its own file content |
System Summary |
|
| Tries to load missing DLLs |
System Summary |
|
| PE file has a big raw section |
System Summary |
|
| PE file has a big code size |
System Summary |
|
| Submission file is bigger than most known malware samples |
System Summary |
|
| Executable creates window controls seldom found in malware |
System Summary |
|
|
|
C:\Users\user\Desktop\ _avk_0.0.0.txt
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\Desktop\ _avk_0.0.0.txt
|
| Category: |
dropped
|
| Dump: |
_avk_0.0.0.txt0.0.dr
|
| ID: |
dr_1
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\update_390_391.exe
|
| Type: |
ISO-8859 text, with CRLF line terminators
|
| Entropy: |
3.6014829069277465
|
| Encrypted: |
false
|
| Size: |
332
|
| Whitelisted: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Creates files inside the user directory |
System Summary |
|
|
