VMRay Analyzer Report
Severity Score
Total Score
Artifacts Database Version1.09
Artifacts Severity Rule TypePE32 (gui)
Detected Behavior
ArrowKernelExecute code with kernel privileges
See kernel behavior tab for detailed information
ArrowOSEnable critical process privileges
Enable "SeLoadDriverPrivilege"
ArrowFile SystemModify operating system file
Modify "c:\windows\$ntuninstallq923283$\fdisk.sys"
Modify "c:\windows\$ntuninstallq923283$\usbehub.sys"
Modify "c:\windows\$ntuninstallq923283$\pxinsi64.exe"
ArrowProcessCreate system object
Creates mutex with name "{E9B1E207-B513-4cfc-86BE-6D6004E5CB9C}"
ArrowOSEnable process privileges
ArrowProcessCreate process with hidden window
The process "C:\Windows\$NtUninstallQ923283$\pxinsi64.exe" starts with hidden window
ArrowStaticDrop PE file
Drop file "c:\windows\$ntuninstallq923283$\usbehub.sys"
Drop file "c:\windows\$ntuninstallq923283$\fdisk.sys"
Drop file "c:\windows\$ntuninstallq923283$\pxinsi64.exe"
ArrowStaticExecute dropped PE file
Execute dropped file "c:\windows\$ntuninstallq923283$\pxinsi64.exe"
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 
































Screenshot



Expand-Icon


Exit-Icon






icon_left




icon_left








image