.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Detected potential crypto function
Potential time zone aware malware
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files