VMRay Analyzer Report
Severity Score
Total Score
Artifacts Database Version1.09
Artifacts Severity Rule TypePE32 (gui)
Detected Behavior
ArrowFile System
Arrow
Modify operating system file
Modify "c:\windows\$ntuninstallq923283$\fdisk.sys"
Modify "c:\windows\$ntuninstallq923283$\usbehub.sys"
Modify "c:\windows\$ntuninstallq923283$\pxinsi64.exe"
ArrowKernel
Arrow
Execute code with kernel privileges
See kernel behavior tab for detailed information
ArrowOS
Arrow
Enable critical process privileges
Enable "SeLoadDriverPrivilege"
Arrow
Enable process privileges
ArrowProcess
Arrow
Create system object
Creates mutex with name "{E9B1E207-B513-4cfc-86BE-6D6004E5CB9C}"
Arrow
Create process with hidden window
The process "C:\Windows\$NtUninstallQ923283$\pxinsi64.exe" starts with hidden window
ArrowStatic
Arrow
Drop PE file
Drop file "c:\windows\$ntuninstallq923283$\usbehub.sys"
Drop file "c:\windows\$ntuninstallq923283$\fdisk.sys"
Drop file "c:\windows\$ntuninstallq923283$\pxinsi64.exe"
Arrow
Execute dropped PE file
Execute dropped file "c:\windows\$ntuninstallq923283$\pxinsi64.exe"
-Anti Analysis
-Device
-Hide Tracks
-Information Stealing
-Injection
-Masquerade
-Misc
-Network
-Persistence
-VBA Macro
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 
































Screenshot



Expand-Icon


Exit-Icon






icon_left




icon_left








image