VTI Score
85 / 100
|
|
VTI Database Version | 2.6 |
VTI Rule Match Count | 9 |
VTI Rule Type | Default (PE, ...) |
![]() |
Device |
|
![]() |
Monitor mouse movements and clicks
|
|
Frequently read the state of a mouse button by API.
|
||
![]() |
File System |
|
![]() |
Delete user files
|
|
Delete multiple user files. This is an indicator for ransomware or wiper malware.
|
||
![]() |
Create many files
|
|
Create above average number of files.
|
||
![]() |
Masquerade |
|
![]() |
Change folder appearance
|
|
Folder "c:\users\5jghkoaofdp\documents" has a changed appearance.
|
||
Folder "c:\users\5jghkoaofdp\documents\my shapes" has a changed appearance.
|
||
Folder "c:\users\5jghkoaofdp\music" has a changed appearance.
|
||
![]() |
PE |
|
![]() |
Drop PE file
|
|
Drop file "c:\users\5jghkoaofdp\desktop\#decryptor.exe".
|
||
![]() |
Execute dropped PE file
|
|
Execute dropped file "c:\users\5jghkoaofdp\desktop\#decryptor.exe".
|
||
![]() |
Persistence |
|
![]() |
Install system startup script or application
|
|
Add "C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe" to windows startup via registry.
|
||
- | Anti Analysis | |
- | Browser | |
- | OS | |
- | Hide Tracks | |
- | Information Stealing | |
- | Injection | |
- | Kernel | |
- | Network | |
- | Process | |
- | User | |
- | VBA Macro | |
- | YARA |