VMRay Analyzer Report
Try VMRay Analyzer
|
VTI Score
50 / 100
|
|
| VTI Database Version | 2.6 |
| VTI Rule Match Count | 10 |
| VTI Rule Type | Default (PE, ...) |
|
Anti Analysis |
|
|
|
Try to detect kernel debugger
|
|
|
Check via API "NtQuerySystemInformation".
|
||
|
|
Dynamic API usage
|
|
|
Resolve above average number of APIs.
|
||
|
|
Try to detect debugger
|
|
|
Check via API "NtQueryInformationProcess".
|
||
|
|
File System |
|
|
|
Modify operating system directory
|
|
|
Create file "\??\C:\Windows\SysWOW64\ntdll.dll" in the OS directory.
|
||
|
Modify file "\??\C:\Windows\SysWOW64\ntdll.dll" in the OS directory.
|
||
|
|
Injection |
|
|
|
Write into memory of a process running from a created or modified executable
|
|
|
"c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe" modifies memory of "c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe"
|
||
|
|
Modify control flow of a process running from a created or modified executable
|
|
|
"c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe" alters context of "c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe"
|
||
|
|
Process |
|
|
|
Create system object
|
|
|
Create nameless mutex.
|
||
|
|
Create process with hidden window
|
|
|
The process "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe" starts with hidden window.
|
||
|
|
Create a page with write and execute permissions
|
|
|
Allocate a page in a foreign process with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code.
|
||
| - | Browser | |
| - | Device | |
| - | OS | |
| - | Hide Tracks | |
| - | Information Stealing | |
| - | Kernel | |
| - | Masquerade | |
| - | Network | |
| - | PE | |
| - | Persistence | |
| - | User | |
| - | VBA Macro | |
| - | YARA | |
