valkyrie logo
valkyrie logo
  • Download Threat Hunter Assessment Tool
DASHBOARD
  • Unknown File Hunter Scans
STATISTICS
SETTINGS
  • Summary
  • Static Analysis
  • Dynamic Analysis
  • Precise Detectors
  • File Details
Analyzing...
File Name:   5085ab3fc3b3a6b548856d59a0cae64de0d67fc5d8f5432af7acf614c4910105.exe
SHA1:   87d855ed9efb2e3baea25b423e6e1bbfc9ffa39a
MD5:   ca45d3ab9b3bd901eeacffd6376a791f
First Seen Date:  2026-03-31 21:23:07.227104 ( 2026-03-31 21:23:07.227104 )
Number of Clients Seen:   3
Last Analysis Date:  2026-04-04 18:17:12.984536 ( 2026-04-04 18:17:12.984536 )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.

Analysis Summary

Analysis Type Date Verdict
Signature Based Detection 2026-04-04 18:17:12.984536 No Match help
Static Analysis Overall Verdict 2026-04-04 18:17:12.984536 No Threat Found help
Dynamic Analysis Overall Verdict 2026-04-04 18:17:12.984536 No Threat Found help
Precise Detectors Overall Verdict 2026-04-04 18:17:12.984536 No Match help

Static Analysis

Static Analysis Overall Verdict Result
No Threat Found help
Detector Result
Optional Header LoaderFlags field is valued illegal Clean
Non-ascii or empty section names detected Clean
Illegal size of optional Header Clean
Packer detection on signature database Unknown help
Based on the sections entropy check! file is possibly packed Clean
Timestamp value suspicious Clean
Header Checksum is zero! Clean
Enrty point is outside the 1st(.code) section! Binary is possibly packed Clean
Optional Header NumberOfRvaAndSizes field is valued illegal Clean
Anti-vm present Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger Clean
TLS callback functions array detected Clean

Dynamic Analysis

Dynamic Analysis Overall Verdict Result
No Threat Found help
Suspicious Behaviors
Has no visible windows
Opens a file in a system directory
Uses a function clandestinely
Downloads data from internet

5085ab3fc3b3a6b548856d59a0cae64de0d67fc5d8f5432af7acf614c4910105.exe tried to connect to some addresses pinned on the map below (click pins for more details):

Behavioral Information

LoadLibrary

api-ms-win-core-synch-l1-2-0

kernel32

api-ms-win-core-fibers-l1-1-1

api-ms-win-core-fibers-l1-1-2

kernelbase

api-ms-win-core-localization-l1-2-1

Secur32.dll

SHELL32.dll

ADVAPI32.dll

api-ms-win-downlevel-advapi32-l2-1-0.dll

api-ms-win-downlevel-ole32-l1-1-0.dll

WS2_32.dll

winhttp.dll

IPHLPAPI.DLL

api-ms-win-downlevel-shlwapi-l2-1-0.dll

RASAPI32.dll

shlwapi.dll

API-MS-Win-Security-LSALookup-L1-1-0.dll

CRYPTBASE.dll

DNSAPI.dll

ole32.dll

OLEAUT32.dll

dhcpcsvc.DLL

CRYPT32.dll

USERENV.dll

urlmon.dll

Comctl32.dll

imm32.dll

C:\Windows\system32\ws2_32

secur32.dll

ncrypt.dll

C:\Windows\SysWOW64\bcryptprimitives.dll

WINTRUST.dll

CRYPTSP.dll

USER32.dll

cryptnet.dll

C:\Windows\system32\cryptnet.dll

SensApi.dll

SHLWAPI.dll

WINHTTP.dll

kernel32.dll

SspiCli.dll

RPCRT4.dll

ntdll.dll

NSI.dll

CFGMGR32.dll

API-MS-Win-Security-SDDL-L1-1-0.dll

profapi.dll

API-MS-WIN-Service-Management-L1-1-0.dll

API-MS-WIN-Service-winsvc-L1-1-0.dll

setupapi.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

Cabinet.dll

DEVRTL.dll

C:\Windows\syswow64\CRYPT32.dll

LowerChar

http

InternetDownload

cc000c

CreateMutex

RasPbFile

Local\ZonesCacheCounterMutex

Local\ZonesLockedCacheCounterMutex

<NULL>

OpenRegistryKey

\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

\REGISTRY\MACHINE\SOFTWARE\Policies

\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN

\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK

\REGISTRY\MA

\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service

\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windo

\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies

\REGISTRY\MACHINE\SOFTWARE\Wow64

\REGISTRY\MACHINE\SOFTWARE\Wow6432Node

WriteFile

C:\Users\win7\AppData\Local\Temp\CabE33E.tmp

C:\Users\win7\AppData\Local\Temp\TarE33F.tmp

ReadFile

C:\Users\win7\AppData\Local\Temp\CabE33E.tmp

C:\Users\win7\AppData\Local\Temp\TarE33F.tmp

QueryFilePath

C:\5085ab3fc3b3a6b548856d59a0cae64de0d67fc5d8f5432af7acf614c4910105.exe

C:\Windows\SysWOW64\schannel.dll

C:\Windows\system32\cryptnet.dll

C:\Windows\syswow64\CRYPT32.dll

DeleteFile

C:\Users\win7\AppData\Local\Temp\CabE33E.tmp

C:\Users\win7\AppData\Local\Temp\TarE33F.tmp

CreateRegistryKey

\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{69DC4768-446B-4F82-A6B0-63966A243064}\52-54-00-12-35-02

Precise Detectors Analysis Results

Detector Name Date Verdict Reason
Static Precise PUA Detector 1 2026-04-04 18:16:58.636504 No Match help NotDetected
Static Precise PUA Detector 4 2026-04-04 18:16:58.646014 No Match help NotDetected
Static Precise NI Detector 3 2026-04-04 18:16:58.757515 No Match help NotDetected
Static Precise PUA Detector 5 2026-04-04 18:16:58.799717 No Match help NotDetected
Static Precise Trojan Detector 1 2026-04-04 18:16:58.794897 No Match help NotDetected
Static Precise Trojan Detector 3 2026-04-04 18:16:58.803554 No Match help NotDetected
Static Precise PUA Detector 6 2026-04-04 18:16:58.813105 No Match help NotDetected
Static Precise Trojan Detector 12 2026-04-04 18:16:58.827557 No Match help NotDetected
Static Precise Virus Detector 1 2026-04-04 18:16:58.870133 No Match help NotDetected
Static Precise Virus Detector 2 2026-04-04 18:16:58.869872 No Match help NotDetected
Static Precise NI Detector 1 2026-04-04 18:16:58.883613 No Match help NotDetected
Static Precise NI Detector 2 2026-04-04 18:16:58.916341 No Match help NotDetected
Static Precise Trojan Detector 13 2026-04-04 18:16:58.928307 No Match help NotDetected
Static Precise PUA Detector 2 2026-04-04 18:16:58.931647 No Match help NotDetected

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Detector Result

Additional File Information

Vendor Validation

Certificate Validation

PE Headers

Property Value

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy MD5

PE Imports

PE Exports

PE Resources

© Verdict Cloud, Xcitium, Inc. 2026. All rights reserved. v1.49.0-72-ENT
 
 
 
 
Loading...