Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: ""
- * MalScore: 10.0
- * File Name: "Exes_aad8c740d091d4647974d59c57d58809.exe"
- * File Size: 2874880
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "696a568eb9e1264674b4dcaa90d73ecbb5e316550373de9f14996cee9f346421"
- * MD5: "aad8c740d091d4647974d59c57d58809"
- * SHA1: "9832bbc3ae9283591d965c20cffc936b5d59512a"
- * SHA512: "fa4f34ab9a9936ef5b2159f978c35ca1ca1a3724aa9663915c576e6c22621c5226730f2332b22967e5d83bf7bc527f5e435853e706bf29ee0cdb126b0799729a"
- * CRC32: "6495385D"
- * SSDEEP: "49152:+h+ZkldoPK9HKvBVuQDQMil5qp2XHqDD/Gb7SqZN8c:X2cPK9CnDKdX0D/GyEp"
- * Process Execution:
- "HsErDyh.exe",
- "HsErDyh.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "Behavioural detection: Executable code extraction",
- "Details":
- "Description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
- "Details":
- "Description": "NtSetInformationThread: attempt to hide thread from debugger",
- "Details":
- "Description": "Expresses interest in specific running processes",
- "Details":
- "process": "System"
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details":
- "section": "name: .rsrc, entropy: 7.45, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00051200, virtual_size: 0x00051188"
- "section": "name: vlnnixzx, entropy: 7.31, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x001a4800, virtual_size: 0x001a5000"
- "section": "name: rxjpwgdg, entropy: 7.24, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000200, virtual_size: 0x00001000"
- "Description": "Behavioural detection: Injection (Process Hollowing)",
- "Details":
- "Injection": "HsErDyh.exe(940) -> HsErDyh.exe(3004)"
- "Description": "Executed a process and injected code into it, probably while unpacking",
- "Details":
- "Injection": "HsErDyh.exe(940) -> HsErDyh.exe(3004)"
- "Description": "Behavioural detection: Injection (inter-process)",
- "Details":
- "Description": "Checks for the presence of known windows from debuggers and forensic tools",
- "Details":
- "Window": "OLLYDBG"
- "Window": "GBDYLLO"
- "Window": "pediy06"
- "Window": "FilemonClass"
- "Window": "File Monitor - Sysinternals: www.sysinternals.com"
- "Window": "PROCMON_WINDOW_CLASS"
- "Window": "Process Monitor - Sysinternals: www.sysinternals.com"
- "Window": "RegmonClass"
- "Window": "Registry Monitor - Sysinternals: www.sysinternals.com"
- "Window": "18467-41"
- "Description": "The following process appear to have been packed with Themida: HsErDyh.exe",
- "Details":
- "Description": "Checks for the presence of known devices from debuggers and forensic tools",
- "Details":
- "Description": "Detects the presence of Wine emulator via registry key",
- "Details":
- "Description": "File has been identified by 31 Antiviruses on VirusTotal as malicious",
- "Details":
- "FireEye": "Generic.mg.aad8c740d091d464"
- "McAfee": "Artemis!AAD8C740D091"
- "Malwarebytes": "Trojan.MalPack.AutoIt"
- "Alibaba": "Packed:Win32/Themida.4b0c23e1"
- "Cybereason": "malicious.3ae928"
- "Symantec": "ML.Attribute.HighConfidence"
- "ESET-NOD32": "MSIL/Agent.BXB"
- "APEX": "Malicious"
- "Avast": "Win32:Trojan-gen"
- "Kaspersky": "Trojan-PSW.Win32.Vidar.aut"
- "Paloalto": "generic.ml"
- "Tencent": "Win32.Trojan-qqpass.Qqrob.Lqey"
- "F-Secure": "Trojan.TR/PSW.Vidar.jleie"
- "DrWeb": "Trojan.Inject3.23881"
- "Invincea": "heuristic"
- "McAfee-GW-Edition": "Trojan-AitInject.aq"
- "Sophos": "Mal/Generic-S"
- "Avira": "TR/PSW.Vidar.jleie"
- "Microsoft": "Trojan:Win32/Wacatac.B!ml"
- "Endgame": "malicious (high confidence)"
- "AegisLab": "Trojan.Win32.Vidar.i!c"
- "ZoneAlarm": "Trojan-PSW.Win32.Vidar.aut"
- "AhnLab-V3": "Malware/Win32.Generic.C3447569"
- "Acronis": "suspicious"
- "TrendMicro-HouseCall": "Trojan.MSIL.ANTIVMC.USXVPHR19"
- "Rising": "Trojan.Obfus/Autoit!1.BB81 (CLASSIC)"
- "Ikarus": "Trojan-Spy.Azorult"
- "Fortinet": "AutoIt/Injector.EFY!tr"
- "AVG": "Win32:Trojan-gen"
- "CrowdStrike": "win/malicious_confidence_90% (W)"
- "Qihoo-360": "Win32/Trojan.PSW.0c5"
- "Description": "Checks the version of Bios, possibly for anti-virtualization",
- "Details":
- "Description": "Detects VirtualBox through the presence of a registry key",
- "Details":
- "Description": "Anomalous binary characteristics",
- "Details":
- "anomaly": "Unprintable characters found in section name"
- * Started Service:
- * Mutexes:
- "DBWinMutex"
- * Modified Files:
- "\\??\\SICE",
- "\\??\\SIWVID",
- "\\??\\NTICE"
- * Deleted Files:
- * Modified Registry Keys:
- * Deleted Registry Keys:
- * DNS Communications:
- * Domains:
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement