VMRay Analyzer Report
VTI Information
VTI Score
75 / 100
VTI Database Version2.2
VTI Rule Match Count30
VTI Rule TypeDefault (PE, ...)
Detected Threats
ArrowAnti Analysis
Arrow
Try to detect virtual machine
Possibly trying to detect VMware via registry "HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools".
Possibly trying to detect VirtualBox via registry "HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions".
Possibly trying to detect VirtualBox via registry "HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__".
Readout system information, commonly used to detect VMs via registry. (Value "SystemBiosVersion" in key "HKEY_LOCAL_MACHINE\HARDWARE\Description\System").
Arrow
Try to detect application sandbox
Possibly trying to detect "wine" by GetProcAddress().
ArrowInjection
Arrow
Write into memory of an other process
"c:\users\wi2yhmti onvscy7pe\appdata\roaming\sun\java\devices.exe" modifies memory of "c:\windows\syswow64\svchost.exe"
Arrow
Modify control flow of an other process
"c:\users\wi2yhmti onvscy7pe\appdata\roaming\sun\java\devices.exe" creates thread in "c:\windows\syswow64\svchost.exe"
ArrowOS
Arrow
Enable process privileges
Enable privilege "SeSecurityPrivilege".
ArrowPersistence
Arrow
Install system startup script or application
Add ""C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\Sun\Java\Devices.exe"" to windows startup via registry.
ArrowProcess
Arrow
Create system object
Create mutex with name "8A000000B7496798F6145935AA3E2760".
Create mutex with name "MicrosoftVirtualPC7UserServiceMakeSureWe'reTheOnlyOneMutex".
Create mutex with name "Sandboxie_SingleInstanceMutex_Control".
Create mutex with name "Frz_State".
Create mutex with name "4B000000D586D2D8AB6E07EC44CC9183".
Create mutex with name "9C0000002CCF1F00ECD770C403E9DE7B".
Create mutex with name "54000000F61A7DE2C294AD9653CFD4FD".
Create mutex with name "D20000002A14C6E52964F51932B9F49F".
Create mutex with name "AD0000002B4477546D3A308A977C30F1".
Create mutex with name "A1000000DA6AF38235D35BF570C2C4E9".
Create mutex with name "D9000000F219E1C779E2E7AC08DFD815".
Create mutex with name "7D0000008AA73D983C6DEAFF4C3848A7".
Create mutex with name "3B000000F5DFE9C2D11C32931F7D5BB4".
Create mutex with name "C0000000844EE6C40648470D345E7B65".
Create mutex with name "4A000000AF17366BF4960AE62A76878C".
Create mutex with name "D5000000C70E48D5408251026F4BDA97".
Arrow
Create process with hidden window
The process ""C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\Sun\Java\Devices.exe"" starts with hidden window.
The process "C:\Windows\SysWOW64\svchost.exe -k netsvcs" starts with hidden window.
The process ""C:\Windows\system32\cmd.exe" \c "C:\Users\WI2YHM~1\AppData\Local\Temp\upd823d0e12.bat"" starts with hidden window.
Arrow
Allocate a page with write and execute permissions
Allocate a page in a foreign process with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code.
Allocate a page with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code.
-Browser
-Device
-File System
-Hide Tracks
-Information Stealing
-Kernel
-Masquerade
-Network
-PE
-VBA Macro
-YARA
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 
































Screenshot



Expand-Icon


Exit-Icon






icon_left




icon_left








image