Windows Analysis Report
AMFWReset.exe_

Overview

General Information

Sample name: AMFWReset.exe_
Analysis ID: 1562584
MD5: bcbf521304a3f6513072c640a99d9f01
SHA1: 1b542b20e95350735cdd8985dc3eca52eede751e
SHA256: 65e932a660d5b123fb20131605beb94a1b77ed7d922c6c9fddcef8640e1e45ca

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Program does not show much activity (idle)
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: AMFWReset.exe_ Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: AMFWReset.exe_ Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Uses 32bit PE files
Source: AMFWReset.exe_ Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: clean1.winEXE_@1/0@0/0
Source: AMFWReset.exe_ Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\AMFWReset.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: amfwusers.dll
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: mfcext.dll
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: fwdbcore.dll
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: mfc140.dll
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: msvcp140.dll
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: vcruntime140.dll
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: vcruntime140.dll
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\AMFWReset.exe Section loaded: vcruntime140.dll
Source: AMFWReset.exe_ Static file information: File size 20915712 > 1048576
Source: AMFWReset.exe_ Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x13e6800
Source: AMFWReset.exe_ Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: AMFWReset.exe_ Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: AMFWReset.exe_ Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: AMFWReset.exe_ Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: AMFWReset.exe_ Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: AMFWReset.exe_ Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: AMFWReset.exe_ Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: AMFWReset.exe_ Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: AMFWReset.exe_ Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: AMFWReset.exe_ Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: AMFWReset.exe_ Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: AMFWReset.exe_ Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: AMFWReset.exe_ Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
⊘No contacted IP infos