crc32.exe_zlyp1x8u
This report is generated from a file or URL submitted to this webservice on April 18th 2017 01:57:50 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v6.30 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Reads terminal service related keys (often RDP related)
Additional Context
Related Sandbox Artifacts
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 2
-
External Systems
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 3/61 Antivirus vendors marked sample as malicious (4% detection rate)
- source
- External System
- relevance
- 8/10
-
Sample was identified as malicious by at least one Antivirus engine
-
General
-
The analysis spawned a process that was identified as malicious
- details
- 3/84 Antivirus vendors marked spawned process "<Input Sample>" (PID: 2088) as malicious (classified as "Suspicious_GEN.F47V0222" with 3% detection rate)
- source
- Monitored Target
- relevance
- 10/10
-
The analysis spawned a process that was identified as malicious
-
Suspicious Indicators 2
-
Remote Access Related
-
Reads terminal service related keys (often RDP related)
- details
- "<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
- source
- Registry Access
- relevance
- 10/10
-
Reads terminal service related keys (often RDP related)
-
Unusual Characteristics
-
Timestamp in PE header is very old or in the future
- details
- "5ABC.tmp.rar.exe.bin" claims program is from Thu Jan 1 00:00:00 1970
- source
- Static Parser
- relevance
- 10/10
-
Timestamp in PE header is very old or in the future
-
Informative 1
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/40 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
File Details
crc32.exe_zlyp1x8u
- Filename
- crc32.exe_zlyp1x8u
- Size
- 3KiB (3072 bytes)
- Type
- peexe executable
- Description
- PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
- Architecture
- WINDOWS
- SHA256
- d9c72a8ceccb6d73dad98ef44495738286286e85102e033fe7f09069bc02fba2
- MD5
- 682ac7bb084c88e73d628cdf57dff336
- SHA1
- 652fb5d2fd9467f1ebf5bb3ba7a5daee87b62e0f
- ssdeep
- 48:6AIf4mpNzwUl7HXInvTAaPMXLZFFuGY8bSgDg+q4:QrpX+TMNF4mpDg+q4
- imphash
- c62e7d95805a40859204937c35ee3c22
- authentihash
- 3d4098cb3521f51fc5c40a00b10dd351097f9d25ddb2bab8c5f95a2b402ad5da
- PDB Pathway
File Sections
Details | ||||||
---|---|---|---|---|---|---|
File Imports
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 1 process in total (System Resource Monitor).
- 5ABC.tmp.rar.exe (PID: 2088) 3/84
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
No significant files were extracted.
Anonymous commented 1 year ago updated