|
Analyzing...
|
File Name: HEUR-Backdoor.Win32.Agent.gen-1867b4e2bff0da299be111bc931ce43ba5f3a1f65f399c71391b9326ab878ec2
SHA1: 08034ba0242dd08bedb4b51d035ad5719d13a287
MD5: 37f02ddf1ef0f4b25b24636bb7145391
First Seen Date: 2023-07-24 18:26:07.701353 ( )
Number of Clients Seen: 5
Last Analysis Date: 2023-07-25 16:42:56.523723 ( )
Human Expert Analysis Date: 2023-07-25 16:42:54.658951 ( )Human Expert Analysis Result: Malware
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2023-07-25 16:42:56.523723 | Malware | |
| Static Analysis Overall Verdict | 2023-07-25 16:42:56.523723 | No Threat Found | help |
| Dynamic Analysis Overall Verdict | 2023-07-25 16:42:56.523723 | Highly Suspicious | |
| Precise Detectors Overall Verdict | 2023-07-25 16:42:56.523723 | No Match | help |
| Human Expert Analysis Overall Verdict | 2023-07-25 16:42:54.658951 | Malware | |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| Highly Suspicious |
| Suspicious Behaviors | |
|---|---|
| Injects code to another process | |
| Modifies context of another process | |
| Creates a child process | |
| Writes to address space of another process | |
| Uses a function clandestinely | |
| Reads memory of another process | |
| Opens a file in a system directory | |
| Has no visible windows | |
Behavioral Information
ADVAPI32.dll
SHLWAPI.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
mscoree.dll
ntdll
advapi32.dll
shell32.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
kernel32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
ole32.dll
AdvApi32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5a401fd2a7689ff13fb54182953f9c40\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6949c4470a81970ec3de0a575d93babc\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
ntdll.dll
file
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.2696.296203
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.2696.296203
C:\Users\win7\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2696.296234
Global\CLR_CASOFF_MUTEX
<NULL>
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\HEUR-Backdoor.Win32.Agent.gen-1867b4e2bff0da299be111bc931ce43ba5f3a1f65f399c71391b9326ab878ec2
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index1c2
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFra
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NE
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
WriteProcessMemory
CreateProcess
CreateProcessA
GetThreadContext
SetThreadContext
Precise Detectors Analysis Results
| Detector Name | Date | Verdict | Reason | |
|---|---|---|---|---|
| Static Precise PUA Detector 1 | 2023-07-24 18:26:02.371777 | No Match | help | NotDetected |
| Static Precise PUA Detector 4 | 2023-07-24 18:26:02.384119 | No Match | help | NotDetected |
| Static Precise NI Detector 3 | 2023-07-24 18:26:02.515746 | No Match | help | NotDetected |
| Static Precise PUA Detector 5 | 2023-07-24 18:26:02.500200 | No Match | help | NotDetected |
| Static Precise Trojan Detector 1 | 2023-07-24 18:26:02.522667 | No Match | help | NotDetected |
| Static Precise Trojan Detector 3 | 2023-07-24 18:26:02.515324 | No Match | help | NotDetected |
| Static Precise PUA Detector 6 | 2023-07-24 18:26:02.570205 | No Match | help | NotDetected |
| Static Precise Trojan Detector 12 | 2023-07-24 18:26:02.613456 | No Match | help | NotDetected |
| Static Precise Virus Detector 1 | 2023-07-24 18:26:02.645252 | No Match | help | NotDetected |
| Static Precise Virus Detector 2 | 2023-07-24 18:26:02.662892 | No Match | help | NotDetected |
| Static Precise Trojan Detector 13 | 2023-07-24 18:26:02.708539 | No Match | help | NotDetected |
| Static Precise PUA Detector 2 | 2023-07-24 18:26:02.713667 | No Match | help | NotDetected |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date: 2023-07-25 05:39:48.648927 ( )
Analysis End Date: 2023-07-25 16:42:54.658951 ( )
File Upload Date: 2023-07-24 18:25:59.070081 ( )
Update Date: 2023-07-25 16:42:56.245570 ( )
Human Expert Analyst Feedback: Kryptik
Verdict: Malware
Malware Family: Trojware
Malware Type: Trojan Generic
Additional File Information
| Property | Value |
|---|
| File Path on Client | Seen Count |
|---|---|
| 08034ba0242dd08bedb4b51d035ad5719d13a287 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|