Windows Analysis Report
DrvMonitor.exe

Overview

General Information

Sample name: DrvMonitor.exe
Analysis ID: 1501615
MD5: 9ba76eb1c36e56f838e0d9e601a96dbc
SHA1: fbef3d4c790c6399c44e9334961fe4c2b2e85a94
SHA256: 01739ee4fd9805930ea2cfa586ed1bb6d91655771263a7e672fa0ef9ca8b5648

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Sample or dropped binary is a compiled AutoHotkey binary
Uses Windows timers to delay execution
Contains capabilities to detect virtual machines
Program does not show much activity (idle)
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: DrvMonitor.exe ReversingLabs: Detection: 95%
Source: DrvMonitor.exe Virustotal: Detection: 83% Perma Link
Uses 32bit PE files
Source: DrvMonitor.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

System Summary
barindex
Sample or dropped binary is a compiled AutoHotkey binary
Source: C:\Users\user\Desktop\DrvMonitor.exe Window found: window name: AutoHotkey
Uses 32bit PE files
Source: DrvMonitor.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: DrvMonitor.exe Static PE information: Section: UPX1 ZLIB complexity 0.9946760770234987
Source: classification engine Classification label: mal56.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\DrvMonitor.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: DrvMonitor.exe ReversingLabs: Detection: 95%
Source: DrvMonitor.exe Virustotal: Detection: 83%
Source: C:\Users\user\Desktop\DrvMonitor.exe File read: C:\Users\user\Desktop\DrvMonitor.exe
Source: C:\Users\user\Desktop\DrvMonitor.exe Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\DrvMonitor.exe Section loaded: version.dll
Source: C:\Users\user\Desktop\DrvMonitor.exe Section loaded: winmm.dll
Source: C:\Users\user\Desktop\DrvMonitor.exe Section loaded: wsock32.dll
Source: C:\Users\user\Desktop\DrvMonitor.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\DrvMonitor.exe Section loaded: textshaping.dll
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1

Malware Analysis System Evasion
barindex
Uses Windows timers to delay execution
Source: C:\Users\user\Desktop\DrvMonitor.exe User Timer Set: Timeout: 100ms
Source: C:\Users\user\Desktop\DrvMonitor.exe User Timer Set: Timeout: 10ms
Source: C:\Users\user\Desktop\DrvMonitor.exe User Timer Set: Timeout: 10ms
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\DrvMonitor.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: DeviceType
Source: C:\Users\user\Desktop\DrvMonitor.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: Identifier
Source: C:\Users\user\Desktop\DrvMonitor.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: InquiryData
Source: C:\Users\user\Desktop\DrvMonitor.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: DeviceIdentifierPage
Source: C:\Users\user\Desktop\DrvMonitor.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: SerialNumber
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\DrvMonitor.exe Process information queried: ProcessInformation
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
⊘No contacted IP infos