IQY File Downloads FlawedAmmyy RAT | VTI
Try VMRay Analyzer
VTI SCORE: 100/100
Target: Windows 7 (SP1, 64-bit), MS Office 2016 (64-bit) | ms_office
Classification: Trojan, Dropper, Exploit, Downloader

ca0da220f7691059b3174b2de14bd41ddb96bf3f02a2824b2b8c103215c7403c (SHA256)

Sales invoice Z12_01 copy.iqy.iqy

Excel Document

Created at 2018-06-06 09:51:00

Notifications (2/2)

The overall sleep time of all monitored processes was truncated from "3 minutes, 21 seconds" to "2 seconds" to reveal dormant functionality.

Severity Category Operation Classification
5/5
Anti Analysis Tries to detect the presence of antivirus software -
  • Tries to detect antivirus software via WMI query: "select * from antivirusproduct".
4/5
Process Creates process -
  • Creates process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe".
4/5
Network Associated with known malicious/suspicious URLs -
4/5
Network Downloads data Downloader
3/5
Network Performs DNS request -
3/5
Network Connects to remote host -
3/5
PE Executes dropped PE file -
  • Executes dropped file "c:\users\qj4sukboe\appdata\local\temp\cmd_.exe".
2/5
File System Associated with suspicious files Trojan, Exploit
2/5
Network Connects to HTTP server -
2/5
PE Drops PE file Dropper
1/5
Process Creates system object -
1/5
Process Overwrites code -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image