Automated Malware Analysis IOC Report for

File Path

Type

Category

Malicious

MagicUtilities-Setup-3.1.4.5-Win10.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.964732842884367
Filename:	MagicUtilities-Setup-3.1.4.5-Win10.exe
Filesize:	69423208
MD5:	b0a4144c3aeef5d61201706e2f786ff0
SHA1:	224e8360830c2b02e4daef69a2c0d55a98ff0ec4
SHA256:	4150d4963e9283e26e1bbe67f56c733feec94ae4cc42b2e5fc35b40efa92ea8f
SHA512:	aaa65d924e5ca74ec003e059c4bb4a5c6dc568271b95e993712f372c861ee0afa50a29bfcdb8d4233bfff08e68d127ad91f06d35737e1f218a6739265b45208d
SSDEEP:	1572864:fL25J4bR71bbsBcvuGXSSAcH2I2UOoJceLUYU1+SIJ:fkWd5HocGonjJVUYUs
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

Signature Hits	Behavior Group	Mitre Attack
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary	Masquerading
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Reads software policies	System Summary	System Information Discovery
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp
Category:	dropped
Dump:	MagicUtilities-Setup-3.1.4.5-Win10.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.300389626502679
Encrypted:	false
Size:	3403648
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Reads the Windows registered organization settings	System Summary	System Owner/User Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Executable creates window controls seldom found in malware	System Summary
Uses Rich Edit Controls	System Summary
Reads the Windows registered owner settings	System Summary	System Owner/User Discovery

C:\Users\user\AppData\Local\Temp\is-P3ELG.tmp\_isetup\_setup64.tmp

PE32+ executable (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\is-P3ELG.tmp\_isetup\_setup64.tmp
Category:	dropped
Dump:	_setup64.tmp.2.dr
ID:	dr_1
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	4.720366600008286
Encrypted:	false
Size:	6144
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

IOC Report
MagicUtilities-Setup-3.1.4.5-Win10.exe