Scribd
Upload
3 views2 pages

global-verdict-report

The document provides an analysis of a PE file identified as malware, detailing its file information, suspicious properties, and behavior on two virtual machines. While the static analysis revealed issues like an invalid checksum and size discrepancies, dynamic analysis on both Windows XP and Windows 7 showed benign behavior with file modifications. No network activity was detected during the analysis, but the file was found to create processes in system directories, indicating potential malicious intent.

Uploaded by

kwong kwong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views2 pages

global-verdict-report

The document provides an analysis of a PE file identified as malware, detailing its file information, suspicious properties, and behavior on two virtual machines. While the static analysis revealed issues like an invalid checksum and size discrepancies, dynamic analysis on both Windows XP and Windows 7 showed benign behavior with file modifications. No network activity was detected during the analysis, but the file was found to create processes in system directories, indicating potential malicious intent.

Uploaded by

kwong kwong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

1 File Information

File Type PE

File Signer

SHA-256 1037fc2532f3a7300c84b95d8ba48ecbd8ddaa0faebc61c0a386c80c64a0a554

SHA-1 9e17b9759fb63ed0ed5a506780b65d79891922fc

MD5 f0008cb09e8876159d46f2f957d2d608

File Size 1150976bytes

First Seen Timestamp 2020-12-29 20:34:31 UTC

Verdict Malware

Antivirus Coverage VirusTotal Information

2 Static Analysis

2.1. Suspicious File Properties

This file was statically analyzed and the table below lists the suspicious items that were
found.

Contains an invalid checksum


The PE file checksum is required for drivers, boot-time DLLs, and other DLLs loaded into secure system
processes. Malware often ignores this value or sets it to zero.

Contains sections with size discrepancies


Sections with a large discrepancy between raw and virtual sizes may indicate a packed or obfuscated PE file.

3 Dynamic Analysis

3.1. VM1 (Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007)

3.1.1. Behavioral Summary

This sample was found to be benign on this virtual machine.

Behavior Severity

1/3
Created or modified a file in the Windows system folder
The Windows system folder contains configuration files and executables that control the underlying functions of the
system. Malware often modifies the contents of this folder to manipulate the system, establish persistence, and avoid
detection.

Created or modified a file


Legitimate software creates or modifies files to preserve data across system restarts. Malware may create or modify files
to deliver malicious payloads or maintain persistence on a system.

3.1.2. Network Activity


No network data available.

3.1.3. Host Activity


Process Activity

Process Name - sample.exe

(command: c:\documents and settings\administrator\sample.exe)


Registry Activity

Registry Key Value Action

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceCla
Create
sses

Event Timeline

1 Created Process c:\documents and settings\administrator\sample.exe

3.2. VM2 (Windows 7 x64 SP1, Adobe Reader 11, Flash 11, Office
2010)

3.2.1. Behavioral Summary

This sample was found to be benign on this virtual machine.

Behavior Severity

Created or modified a file


Legitimate software creates or modifies files to preserve data across system restarts. Malware may create or modify files
to deliver malicious payloads or maintain persistence on a system.

3.2.2. Network Activity


No network data available.

3.2.3. Host Activity


Process Activity

Process Name - sample.exe

(command: C:\Users\Administrator\sample.exe)

Event Timeline

1 Created Process C:\Users\Administrator\sample.exe

2/3

You might also like