Edit tour
Windows
Analysis Report
wrapper-windows-x86-64-3.5.59-pro.exe
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Compliance
Score: | 34 |
Range: | 0 - 100 |
Signatures
Creates a process in suspended mode (likely to inject code)
Drops PE files
EXE planting / hijacking vulnerabilities found
Found dropped PE file which has not been started or loaded
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Classification
- System is w10x64_ra
- wrapper-windows-x86-64-3.5.59-pro.exe (PID: 7044 cmdline:
"C:\Users\ user\Deskt op\wrapper -windows-x 86-64-3.5. 59-pro.exe " MD5: 4CB008375A7B737C1A6CCF569327DF9E) - notepad.exe (PID: 4048 cmdline:
"C:\Window s\system32 \NOTEPAD.E XE" C:\Use rs\user\De sktop\wrap per-window s-x86-64-3 .5.59-pro\ README_en. txt MD5: E92D3A824A0578A50D2DD81B5060145F)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | EXE: | Jump to behavior | ||
Source: | EXE: | Jump to behavior |
Compliance |
---|
Source: | EXE: | Jump to behavior | ||
Source: | EXE: | Jump to behavior |
Source: | Static PE information: |
Source: | Window detected: |