Sample Name: | jp2launcher.exe |
Analysis ID: | 352860 |
MD5: | 092f1dfbfc3c59dd11248a919c480ba8 |
SHA1: | 7166ee1eff110644f6050ed37dd3df865823e57b |
SHA256: | 8eb019c26a17e48470c1bf9a0f712019a931189b7ca72d62daaecdfcf1a14f8f |
Score: | 6 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Compliance: |
|
---|
Uses 32bit PE files |
Source: |
Static PE information: |
PE / OLE file has a valid certificate |
Source: |
Static PE information: |
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Source: |
Static PE information: |
Binary contains paths to debug symbols |
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Code function: |
0_2_00836802 | |
Source: |
Code function: |
0_2_00831EAC |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
System Summary: |
|
---|
Detected potential crypto function |
Source: |
Code function: |
0_2_00833209 | |
Source: |
Code function: |
0_2_00835305 |
Found potential string decryption / allocating functions |
Source: |
Code function: |
Tries to load missing DLLs |
Source: |
Section loaded: |
Jump to behavior |
Uses 32bit PE files |
Source: |
Static PE information: |
Source: |
Classification label: |
Source: |
Code function: |
0_2_00836C67 |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 | |
Source: |
Command line argument: |
0_2_008314A4 |
Source: |
Static PE information: |
Source: |
Key opened: |
Jump to behavior |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Source: |
Static PE information: |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Source: |
Static PE information: |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Data Obfuscation: |
|
---|
Contains functionality to dynamically determine API calls |
Source: |
Code function: |
0_2_00836FFF |
Uses code obfuscation techniques (call, push, ret) |
Source: |
Code function: |
0_2_0083C269 | |
Source: |
Code function: |
0_2_0083BB47 |
Malware Analysis System Evasion: |
|
---|
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) |
Source: |
Code function: |
0_2_00835BD3 |
Found evasive API chain checking for process token information |
Source: |
Check user administrative privileges: |
Found large amount of non-executed APIs |
Source: |
API coverage: |
Program does not show much activity (idle) |
Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: |
Code function: |
0_2_00836802 | |
Source: |
Code function: |
0_2_00831EAC |
Source: |
Code function: |
0_2_0083CE91 |
Anti Debugging: |
|
---|
Contains functionality to check if a debugger is running (IsDebuggerPresent) |
Source: |
Code function: |
0_2_0083C436 |
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) |
Source: |
Code function: |
0_2_00835BD3 |
Contains functionality to dynamically determine API calls |
Source: |
Code function: |
0_2_00836FFF |
Program does not show much activity (idle) |
Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: |
Code function: |
0_2_0083C5CC | |
Source: |
Code function: |
0_2_0083B8AD | |
Source: |
Code function: |
0_2_0083C436 |
Language, Device and Operating System Detection: |
|
---|
Contains functionality to query CPU information (cpuid) |
Source: |
Code function: |
0_2_0083C28F |
Source: |
Code function: |
0_2_0083C621 |
Source: |
Code function: |
0_2_0083785A |
No Screenshots
No contacted IP infos |
---|