1da3bb21...15e3

VTI SCORE: 96/100

Dynamic Analysis Report

Classification: Trojan

1da3bb217a3d771d357edfc401ac3835c29066e5d0a795e12aabd4b888bd15e3 (SHA256)

Godsomware.exe

Windows Exe (x86-32)

Created at 2018-10-06 16:50:00

Notifications (1/1)

The operating system was rebooted during the analysis.

Severity	Category	Operation	Classification
4/5	OS	Disables a crucial system tool	-
Disables the Task Manager. ... VTI Actions Go to function call
Disables the Command Prompt (CMD) and scripts. ... VTI Actions Go to function call
4/5	File System	Known malicious file	Trojan
File "C:\Users\CIiHmnxMn6Ps\Desktop\Godsomware.exe" is a known malicious file. ... VTI Actions Go to file details
2/5	Anti Analysis	Makes direct system call to possibly evade hooking based sandboxes	-
Makes a direct system call to "NtGdiSelectBitmap". ... VTI Actions
Makes a direct system call to "NtGdiGetDCObject". ... VTI Actions
Makes a direct system call to "NtGdiSaveDC". ... VTI Actions
Makes a direct system call to "NtGdiGetRandomRgn". ... VTI Actions
Makes a direct system call to "NtGdiExtSelectClipRgn". ... VTI Actions
Makes a direct system call to "NtGdiGetNearestColor". ... VTI Actions
Makes a direct system call to "NtGdiRestoreDC". ... VTI Actions
Makes a direct system call to "NtGdiBitBlt". ... VTI Actions
Makes a direct system call to "NtUserSelectPalette". ... VTI Actions
Makes a direct system call to "NtGdiDeleteObjectApp". ... VTI Actions
Makes a direct system call to "NtGdiCreateCompatibleDC". ... VTI Actions
Makes a direct system call to "NtGdiGetDCDword". ... VTI Actions
Makes a direct system call to "NtGdiCreateCompatibleBitmap". ... VTI Actions
Makes a direct system call to "NtGdiGetDIBitsInternal". ... VTI Actions
Makes a direct system call to "NtGdiExtGetObjectW". ... VTI Actions
1/5	Persistence	Installs system startup script or application	-
Adds "C:\Users\CIiHmnxMn6Ps\Desktop\Godsomware.exe" to Windows startup via registry. ... VTI Actions Go to function call
1/5	Device	Monitors mouse movements and clicks	-
Frequently reads the state of a mouse button by API. ... VTI Actions Go to function call

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Notifications (1/1)

Before

After