General Information |
---|
Analysis ID: | 34483 |
Start time: | 10:16:55 |
Start date: | 22/08/2013 |
Overall analysis duration: | 0h 3m 16s |
Report type: | full |
Sample file name: | 45c0598e3db3b7a0a194bf6de78c8454bca2b5895a1bc511665d0e22243397e4 |
Cookbook file name: | default.jbs |
Analysis system description: | XP SP3 (Office 2003 SP2, Java 1.6.0, Acrobat Reader 9.3.4, Internet Explorer 8) |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
HCA enabled: | true |
HCA success: | true, ratio: 100% |
Detection |
---|
Strategy | Detection | Index | Report FP/FN | |
---|---|---|---|---|
Threshold | clean | 0 |
Signature Overview |
---|
Data Obfuscation: |
---|
Binary may include packed or encrypted data | Show sources | ||
PE file contains an invalid checksum | Show sources | ||
PE sections with suspicious entropy found | Show sources |
System Summary: |
---|
Contains functionality to enum processes or threads | Show sources |
Anti Debugging: |
---|
Checks if the current process is being debugged | Show sources | ||
Contains functionality for execution timing, often used to detect debuggers | Show sources | ||
Program does not show much activity (idle) | Show sources |
Virtual Machine Detection: |
---|
Queries a list of all running processes | Show sources | ||
Program does not show much activity (idle) | Show sources | ||
Contains capabilities to detect virtual machines | Show sources |
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
No created / dropped files found |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted IPs |
---|
No contacted IP infos |
---|
Static File Info |
---|
File type: | |
File name: | 45c0598e3db3b7a0a194bf6de78c8454bca2b5895a1bc511665d0e22243397e4 |
File size: | 17920 |
MD5: | cc9fab2465a279b9424da3a09df7c8d5 |
SHA1: | de0fca6f868d48ccf6b5580301d73a44ebe07669 |
SHA256: | 45c0598e3db3b7a0a194bf6de78c8454bca2b5895a1bc511665d0e22243397e4 |
SHA512: | fdc478b37449ad98609fe311a86053ac107d1c76be6f2062386f0bed2696fff38675c80773693aac846e138d29238bd01f79d0d189aed66720fa1aba9fd07b29 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401b0e |
Entrypoint Section: | .text |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x520BC2BC [Wed Aug 14 17:47:40 2013 UTC] |
TLS Callbacks: |
Imports |
---|
DLL | Import |
---|---|
kernel32.dll | CloseHandle |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy |
---|---|---|---|---|
.text | 0x1000 | 0x41f2 | 0x4200 | 7.89478992105 |
.rdata | 0x6000 | 0x54 | 0x200 | 0.597307255749 |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulation Behavior |
---|
System Behavior |
---|
General |
---|
Start time: | 09:49:58 |
Start date: | 24/01/2012 |
Path: | C:\45c0598e3db3b7a0a194bf6de78c8454bca2b5895a1bc511665d0e22243397e4.exe |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0x400000 |
File size: | 17920 bytes |
MD5 hash: | CC9FAB2465A279B9424DA3A09DF7C8D5 |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
APIs |
Strings |
Memory Dump Source |
|
|
APIs |
Strings |
Memory Dump Source |
|
|
APIs |
Strings |
Memory Dump Source |
|
|
Non-executed Functions |
---|
Strings |
Memory Dump Source |
|
|