Windows
Analysis Report
usbcg2dkfw1113_2_versionsfx.exe
Overview
General Information
Detection
Score: | 28 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops certificate files (DER)
PE file contains strange resources
Drops PE files
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates driver files
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Contains long sleeps (>= 3 min)
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample may be VM or Sandbox-aware, try analysis on a native machine |
Sample searches for specific file, try point organization specific fake files to the analysis machine |
- System is w10x64
usbcg2dkfw1113_2_versionsfx.exe (PID: 5616 cmdline:
"C:\Users\ user\Deskt op\usbcg2d kfw1113_2_ versionsfx .exe" MD5: 56EEF90C94AE310977C87990AE122903) conhost.exe (PID: 5640 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) FWUpdateTool.exe (PID: 752 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\7zFBAF0 5F0\FWUpda teTool.exe MD5: 883996E63DCBE30B206A0B2C463EC676)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
- • Compliance
- • Spreading
- • Networking
- • E-Banking Fraud
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
Click to jump to signature section
Show All Signature Results
Source: | Static PE information: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |