nqmdwcixbxs.exe
Created at 2019-07-21T23:34:00
Remarks (1/1)
(0x2000010): The operating system was rebooted during the analysis.
VMRay Threat Indicators (18 rules, 60 matches)
Severity | Category | Operation | Count | Classification | |
---|---|---|---|---|---|
5/5
|
OS | Obscures a file's origin | 1 | - | |
|
|||||
5/5
|
Local AV | Malicious content was detected by heuristic scan | 1 | - | |
|
|||||
5/5
|
Reputation | Known malicious file | 1 | Trojan | |
|
|||||
4/5
|
Information Stealing | Exhibits Spyware behavior | 1 | Spyware | |
|
|||||
4/5
|
Reputation | Known malicious URL | 1 | - | |
|
|||||
3/5
|
Device | Monitors keyboard input | 1 | Keylogger | |
|
|||||
3/5
|
Network | Reads network adapter information | 1 | - | |
|
|||||
2/5
|
Anti Analysis | Resolves APIs dynamically to possibly evade static detection | 1 | - | |
|
|||||
2/5
|
Information Stealing | Reads sensitive browser data | 9 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
2/5
|
Information Stealing | Reads sensitive application data | 6 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
2/5
|
Information Stealing | Reads sensitive mail data | 5 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
2/5
|
Information Stealing | Reads sensitive ftp data | 5 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
1/5
|
Process | Creates system object | 1 | - | |
|
|||||
1/5
|
Network | Performs DNS request | 1 | - | |
|
|||||
1/5
|
Information Stealing | Possibly does reconnaissance | 21 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
1/5
|
Network | Connects to remote host | 2 | - | |
|
|||||
|
|||||
1/5
|
Network | Connects to HTTP server | 1 | - | |
|
|||||
1/5
|
Static | Unparsable sections in file | 1 | - | |
|
|||||
Screenshots
Monitored Processes
Sample Information
Analysis Information
Creation Time | 2019-07-22 01:34 (UTC+2) |
Analysis Duration | 00:02:29 |
Number of Monitored Processes | 2 |
Execution Successful | |
Reputation Enabled | |
WHOIS Enabled | |
Local AV Enabled | |
YARA Enabled | |
Number of AV Matches | 1 |
Number of YARA Matches | 0 |
Termination Reason | Timeout |
Tags |