laafdy.exe
Windows Exe (x86-32)
Created at 2019-04-10T11:54:00
VMRay Threat Indicators (10 rules, 11 matches)
| Severity | Category | Operation | Classification | |
|---|---|---|---|---|
|
5/5
|
YARA | YARA match | Backdoor | |
|
||||
|
2/5
|
Anti Analysis | Tries to detect debugger | - | |
|
||||
|
2/5
|
Anti Analysis | Resolves APIs dynamically to possibly evade static detection | - | |
|
||||
|
1/5
|
Process | Creates system object | - | |
|
||||
|
||||
|
1/5
|
Network | Performs DNS request | - | |
|
||||
|
1/5
|
Persistence | Installs system startup script or application | - | |
|
||||
|
1/5
|
Static | Unparsable sections in file | - | |
|
||||
|
1/5
|
Network | Connects to remote host | - | |
|
||||
|
1/5
|
Network | Tries to connect using an uncommon port | - | |
|
||||
|
1/5
|
PE | Drops PE file | Dropper | |
|
||||
Screenshots
Monitored Processes
Sample Information
| ID | #1044 |
| MD5 |
b6ebd9021bce7665ac01a1614ef6b7e6
|
| SHA1 |
81109eef625dec849e60d61f8e17dc8b7d893246
|
| SHA256 |
9542c4da58ef85804bd1240ed67bef02f5d5bca0b0084a074a3575894d929ff2
|
| SSDeep |
24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaZ:Lw80cTsjkWag+79b4KxM
|
| ImpHash |
afcdf79be1557326c854b6e20cb900a7
|
| Filename | laafdy.exe |
| File Size | 1.20 MB |
| Sample Type | Windows Exe (x86-32) |
Analysis Information
| Creation Time | 2019-04-10 13:54 (UTC+2) |
| Analysis Duration | 00:04:41 |
| Number of Monitored Processes | 2 |
| Execution Successful |
|
| Reputation Enabled |
|
| WHOIS Enabled |
|
| Local AV Enabled |
|
| YARA Enabled |
|
| Number of YARA Matches | 18 |
| Termination Reason | Timeout |
| Tags |
