276dfc59...8114

VTI SCORE: 91/100

Target:

win10_64 | exe

Classification:

Trojan, Dropper

276dfc5994510eb3186bc273360e01487994723246fbbd296e9215d268888114 (SHA256)

276dfc5994510eb3186bc273360e01487994723246fbbd296e9215d268888114.exe

Windows Exe (x86-32)

Created at 2018-03-06 15:52:00

Notifications (1/1)

The overall sleep time of all monitored processes was truncated from "55 seconds" to "10 seconds" to reveal dormant functionality.

Severity	Category	Operation	Classification
4/5	File System	Associated with malicious files	Trojan
File "c:\users\ciihmnxmn6ps\desktop\276dfc5994510eb3186bc273360e01487994723246fbbd296e9215d268888114.exe" is a known malicious file. ... VTI Actions Go to File Details
File "c:\users\ciihmnxmn6ps\appdata\local\icosineczo.bin" is a known malicious file. ... VTI Actions Go to File Details Go to Function Call
3/5	Anti Analysis	Tries to detect the presence of antivirus software	-
Tries to detect antivirus software via WMI query: "select * from antivirusproduct". ... VTI Actions Go to Function Call
1/5	Process	Creates process with hidden window	-
The process ""C:\Users\CIiHmnxMn6Ps\AppData\Local\Icosineczo.bin"" starts with hidden window. ... VTI Actions Go to Function Call
1/5	PE	Drops PE file	Dropper
Drops file "c:\users\ciihmnxmn6ps\appdata\local\icosineczo.bin". ... VTI Actions Go to File Details Go to Function Call
1/5	PE	Executes dropped PE file	-
Executes dropped file "c:\users\ciihmnxmn6ps\appdata\local\icosineczo.bin". ... VTI Actions Go to File Details Go to Function Call

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Notifications (1/1)

Before

After