Anomalous binary characteristics Show sources
| static_pe_anomaly | Actual checksum does not match that reported in PE header |
A process attempted to delay the analysis task by a long amount of time. Show sources
| api_process_name | AppLaunch.exe tried to sleep 6180 seconds, actually delayed analysis time by 0 seconds |
Attempts to block SafeBoot use by removing registry keys Show sources
| registry_delete | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option |
Creates RWX memory Show sources
| injection_rwx_memory | 0x00000040, NtAllocateVirtualMemory or VirtualProtectEx |
Executed a process and injected code into it, probably while unpacking Show sources
| code_injection | 83555e4d225b6c2f74ea4661cefd9f9e9b22970d.exe(2328) -> AppLaunch.exe(2428) |