Analysis Report

VTI Information

VTI Score 75 / 100
VTI Database Version	2.2
VTI Rule Match Count	23
VTI Rule Type	Default (PE, ...)

Detected Threats

	OS	Modify system configuration
	Disable the display of hidden files and folders.
	OS	Modify system security configuration
	Disable UAC notification.
	Anti Analysis	Try to detect virtual machine
	Possibly trying to detect VM via rdtsc.
	Process	Allocate a page with write and execute permissions
	Allocate a page with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code.
	Process	Create system object
	Create mutex with name "AsEwIwsA".
	Create mutex with name "TYAckMgs".
	Process	Create process with hidden window
	The process "C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe" starts with hidden window.
	The process "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe" starts with hidden window.
	The process "C:\Users\WI2YHM~1\AppData\Local\Temp\dWAAskwo.bat" starts with hidden window.
	The process "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1" starts with hidden window.
	The process "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2" starts with hidden window.
	The process "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f" starts with hidden window.
	Persistence	Install system startup script or application
	Add "C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe" to windows startup via registry.
	Add "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe" to windows startup via registry.
	Add "C:\Windows\system32\userinit.exe,C:\ProgramData\VmYMsIgM\YOUMMIEo.exe," to windows startup via registry.
	Add "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe," to windows startup via registry.
	Persistence	Install system service
	Install service "cEMAEwpb" by CreateServiceW.
	PE	Drop PE file
	Drop file "c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe".
	Drop file "c:\programdata\vmymsigm\yoummieo.exe".
	Drop file "c:\programdata\baieaacu\xuaecwog.exe".
	PE	Execute dropped PE file
	Execute dropped file "c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe".
	Execute dropped file "c:\programdata\vmymsigm\yoummieo.exe".
	Execute dropped file "c:\programdata\baieaacu\xuaecwog.exe".