MagicUtilities-Setup-3.1.4.5-Win10.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
7.964732842884367
|
Filename: |
MagicUtilities-Setup-3.1.4.5-Win10.exe
|
Filesize: |
69423208
|
MD5: |
b0a4144c3aeef5d61201706e2f786ff0
|
SHA1: |
224e8360830c2b02e4daef69a2c0d55a98ff0ec4
|
SHA256: |
4150d4963e9283e26e1bbe67f56c733feec94ae4cc42b2e5fc35b40efa92ea8f
|
SHA512: |
aaa65d924e5ca74ec003e059c4bb4a5c6dc568271b95e993712f372c861ee0afa50a29bfcdb8d4233bfff08e68d127ad91f06d35737e1f218a6739265b45208d
|
SSDEEP: |
1572864:fL25J4bR71bbsBcvuGXSSAcH2I2UOoJceLUYU1+SIJ:fkWd5HocGonjJVUYUs
|
Preview: |
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
PE file contains sections with non-standard names |
Data Obfuscation |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
Reads software policies |
System Summary |
System Information Discovery
|
Sample reads its own file content |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE / OLE file has a valid certificate |
Compliance, System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp
|
Category: |
dropped
|
Dump: |
MagicUtilities-Setup-3.1.4.5-Win10.tmp.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\MagicUtilities-Setup-3.1.4.5-Win10.exe
|
Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.300389626502679
|
Encrypted: |
false
|
Size: |
3403648
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Creates files inside the user directory |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
Reads the Windows registered organization settings |
System Summary |
System Owner/User Discovery
|
Spawns processes |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
Uses an in-process (OLE) Automation server |
System Summary |
|
Executable creates window controls seldom found in malware |
System Summary |
|
Uses Rich Edit Controls |
System Summary |
|
Reads the Windows registered owner settings |
System Summary |
System Owner/User Discovery
|
|
C:\Users\user\AppData\Local\Temp\is-P3ELG.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\is-P3ELG.tmp\_isetup\_setup64.tmp
|
Category: |
dropped
|
Dump: |
_setup64.tmp.2.dr
|
ID: |
dr_1
|
Target ID: |
2
|
Process: |
C:\Users\user\AppData\Local\Temp\is-66B67.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp
|
Type: |
PE32+ executable (console) x86-64, for MS Windows
|
Entropy: |
4.720366600008286
|
Encrypted: |
false
|
Size: |
6144
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|