VMRay Analyzer Report

VTI Information

VTI Score 50 / 100
VTI Database Version	2.6
VTI Rule Match Count	10
VTI Rule Type	Default (PE, ...)

Detected Threats

	Anti Analysis	Try to detect kernel debugger
	Check via API "NtQuerySystemInformation".
	Process	Create system object
	Create nameless mutex.
	Anti Analysis	Dynamic API usage
	Resolve above average number of APIs.
	Process	Create process with hidden window
	The process "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe" starts with hidden window.
	Process	Create a page with write and execute permissions
	Allocate a page in a foreign process with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code.
	File System	Modify operating system directory
	Create file "\??\C:\Windows\SysWOW64\ntdll.dll" in the OS directory.
	Modify file "\??\C:\Windows\SysWOW64\ntdll.dll" in the OS directory.
	Anti Analysis	Try to detect debugger
	Check via API "NtQueryInformationProcess".
	Injection	Write into memory of a process running from a created or modified executable
	"c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe" modifies memory of "c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe"
	Injection	Modify control flow of a process running from a created or modified executable
	"c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe" alters context of "c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe"

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy".