Edit tour
Windows
Analysis Report
http://hans.uniformeslaamistad.com/prog/66ce237125ba7_vjrew2ge.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
.NET source code contains very large array initializations
AV process strings found (often used to terminate AV products)
Detected non-DNS traffic on DNS port
Downloads executable code via HTTP
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Stores files to the Windows start menu directory
Classification
- System is w10x64
- chrome.exe (PID: 2352 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2848 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2060 --fi eld-trial- handle=199 2,i,148913 7112828714 4272,68921 5955111273 1443,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 940 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= chrome.moj om.UtilRea dIcon --la ng=en-US - -service-s andbox-typ e=icon_rea der --mojo -platform- channel-ha ndle=5684 --field-tr ial-handle =1992,i,14 8913711282 87144272,6 8921595511 12731443,2 62144 --di sable-feat ures=Optim izationGui deModelDow nloading,O ptimizatio nHints,Opt imizationH intsFetchi ng,Optimiz ationTarge tPredictio n /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6468 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://hans.u niformesla amistad.co m/prog/66c e237125ba7 _vjrew2ge. exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: | ||
Source: | Avira: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |