|
CV_ Filipa Barbosa.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
| Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Entropy: |
7.1499351724273685
|
| Filename: |
CV_ Filipa Barbosa.exe
|
| Filesize: |
1213952
|
| MD5: |
09be6e97e16e41bf402daed8815e211f
|
| SHA1: |
292862ebb991525b36b1d53f552203f643223017
|
| SHA256: |
eba45c69ff3acfbe273712b2a7e9b4d6c1c0b07e7b6dcaf31f4b28fcebeb9612
|
| SHA512: |
e3ded9f0bd5e45f6a9c119618808e15f5edf914e7b4eacd6bb95e26bec38b7c24e49119feebb54534002324909db4ce772ff8e5aaa0b35a604372ff56d120d2b
|
| SSDEEP: |
24576:htb20pkaCqT5TBWgNQ7aUoOJhxIp9nNX8Vb/EHAk6A:yVg5tQ7aUoOdIpNNsVm5
|
| Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Multi AV Scanner detection for submitted file |
AV Detection |
|
| Maps a DLL or memory area into another process |
HIPS / PFW / Operating System Protection Evasion |
|
| Switches to a custom stack to bypass stack traces |
Malware Analysis System Evasion |
Security Software Discovery
|
| Writes to foreign memory regions |
HIPS / PFW / Operating System Protection Evasion |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Uses 32bit PE files |
Compliance, System Summary |
|
| Creates temporary files |
System Summary |
|
| Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
| PE file has an executable .text section and no other executable section |
System Summary |
|
| Reads software policies |
System Summary |
System Information Discovery
|
| Sample is known by Antivirus |
System Summary |
|
| Tries to load missing DLLs |
System Summary |
|
| PE file contains a valid data directory to section mapping |
System Summary |
|
| PE file contains a debug data directory |
System Summary |
|
| PE file contains a mix of data directories often seen in goodware |
System Summary |
|
| Submission file is bigger than most known malware samples |
System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\deblateration
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\deblateration
|
| Category: |
dropped
|
| Dump: |
deblateration.0.dr
|
| ID: |
dr_0
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\CV_ Filipa Barbosa.exe
|
| Type: |
data
|
| Entropy: |
7.99399153453418
|
| Encrypted: |
true
|
| Size: |
287744
|
| Whitelisted: |
false
|
|
