4f44cc16...74c2 | VTI
Try VMRay Analyzer
VTI SCORE: 98/100
Dynamic Analysis Report
Classification: Trojan, Dropper

4f44cc16a1854f91e48261ccfebc5bbe8997215e50513bc3080c6127031774c2 (SHA256)

AQSZPL.exe

Windows Exe (x86-32)

Created at 2018-09-03 11:32:00

Notifications (1/1)

The overall sleep time of all monitored processes was truncated from "21 minutes" to "3 minutes, 30 seconds" to reveal dormant functionality.

Severity Category Operation Classification
4/5
File System Known malicious file Trojan
  • File "C:\Users\CIiHmnxMn6Ps\Desktop\AQSZPL.exe" is a known malicious file.
4/5
Injection Writes into the memory of another running process -
  • "c:\users\ciihmnxmn6ps\desktop\aqszpl.exe" modifies memory of "c:\windows\syswow64\svchost.exe"
4/5
Injection Modifies control flow of another process -
  • "c:\users\ciihmnxmn6ps\desktop\aqszpl.exe" alters context of "c:\windows\syswow64\svchost.exe"
2/5
Anti Analysis Delays execution -
2/5
Network Associated with known malicious/suspicious URLs -
  • URL "ewued.tk" is known as malicious URL.
1/5
Process Creates process with hidden window -
  • The process "C:\Windows\System32\svchost.exe" starts with hidden window.
1/5
Process Creates a page with write and execute permissions -
  • Allocates a page in a foreign process with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code.
1/5
Information Stealing Reads system data -
1/5
Process Creates system object -
1/5
Network Performs DNS request -
  • Resolves host name "—‹‹ÅÐКˆŠš›Ñ‹”БŠ‹’š˜Ð™šÑ—".
1/5
Network Connects to remote host -
1/5
Network Connects to HTTP server -
1/5
PE Drops PE file Dropper
  • Drops file "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BAEF25\5E987D.exe".
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image