Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Drops PE files with benign system names
Extracts suspicious resources from PE file (packer detected)
Machine Learning detection for sample
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to upload files via FTP
Detected potential crypto function
Drops PE files
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)