MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DattoRMM


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39
SHA3-384 hash: 33915fc3f98fb9d06a7107069fd634fb841e466e89882ae95b3fd653641c033613c834b93131b5514b885816e6d4e13c
SHA1 hash: 63d3a549702aceed4b3f69cc465a941ff15fefeb
MD5 hash: 8a16c4b0c08337f7e78ae8e04e72bde4
humanhash: jupiter-jig-arkansas-butter
File name:a.exe
Download: download sample
Signature DattoRMM
Create hunting rule
File size:10'907'128 bytes
First seen:2024-08-24 23:08:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 187b3ae62ff818788b8c779ef7bc3d1c (74 x DattoRMM, 14 x Stealc, 1 x GCleaner)
ssdeep 196608:RaZk+wgTIWmKN7oaKn5qVbrQPFOsti7A95DlWR/IT030HyB5Hsi:1ngTIA/KQOE7ALgIT0f5Mi
TLSH T1A5B63347DD73CCF0CE236A7C74952618E78A90959C2EE4C6F50823396595CBCEE29BC8
TrID 39.5% (.EXE) InstallShield setup (43053/19/16)
28.6% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
9.6% (.EXE) Win64 Executable (generic) (10523/12/4)
6.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
File icon (PE):PE icon
dhash icon f0ccce71b6b6dcf0 (1 x DattoRMM)
Reporter aachum
Tags:DattoRMM exe signed

Code Signing Certificate

Organisation:Datto Inc
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2021-06-23T00:00:00Z
Valid to:2024-06-27T23:59:59Z
Serial number: 06e24d749ce00033fc7bc11247b1ab83
Thumbprint Algorithm:SHA256
Thumbprint: be7c4ed4310e32575b1173bced24d708343dd6764709090532638d111dda7fb9
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
iamaachum
198.0.170.53/a.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
400
Origin country :
ES ES
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a.exe
Verdict:
Malicious activity
Analysis date:
2024-08-24 23:10:04 UTC
Tags:
remote
Link:
https://app.any.run/tasks/5d72522a-24b8-430d-a8ce-a8b47088bf4e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66ca6811e7ff3f5a063be537
Tags:
Generic Other Stealth Trojan
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file in the Program Files subdirectories
Creating a file
Creating a service
Modifying a system file
Launching a service
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Loading a suspicious library
Creating a file in the system32 subdirectories
Moving a file to the system32 subdirectory
Creating a file in the Windows subdirectories
Moving a recently created file
Using the Windows Management Instrumentation requests
Launching a process
Creating a window
DNS request
Connection attempt
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun for a service
Unauthorized injection to a recently created process
Enabling autorun with the shell\open\command registry branches
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
installer lolbin mingw overlay packed shell32
Link:
https://www.filescan.io/uploads/66ca680f6575775f048a0e4a/reports/859a8827-e9a2-4292-a513-5d690e2524d7/overview
Verdict:
Suspicious
Link:
https://www.hybrid-analysis.com/sample/7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DameWare
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/71c257f8-ff82-455f-9199-3976046fbb1d
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1498565
Signature
Creates files in the system32 config directory
Enables network access during safeboot for specific services
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1498565 Sample: a.exe Startdate: 25/08/2024 Architecture: WINDOWS Score: 64 39 concordcc.centrastage.net 2->39 49 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 2->49 51 Yara detected Generic Downloader 2->51 8 a.exe 12 87 2->8         started        12 CagService.exe 10 83 2->12         started        15 svchost.exe 1 1 2->15         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 31 C:\Users\user\AppData\Local\...\nsisXML.dll, PE32 8->31 dropped 33 C:\Users\user\AppData\Local\...\nsSCM.dll, PE32 8->33 dropped 35 C:\Program Files (x86)\...\uninst.exe, PE32 8->35 dropped 37 44 other files (3 malicious) 8->37 dropped 53 Enables network access during safeboot for specific services 8->53 19 Gui.exe 14 8->19         started        41 concordcc.centrastage.net 3.212.135.46, 443, 49738 AMAZON-AESUS United States 12->41 43 3.225.100.60, 443, 49739, 49740 AMAZON-AESUS United States 12->43 45 52.7.200.96, 443, 49751 AMAZON-AESUS United States 12->45 55 Creates files in the system32 config directory 12->55 57 Reads the Security eventlog 12->57 59 Reads the System eventlog 12->59 21 regsvr32.exe 12->21         started        23 sc.exe 12->23         started        25 conhost.exe 12->25         started        47 127.0.0.1 unknown unknown 15->47 file6 signatures7 process8 process9 27 regsvr32.exe 21->27         started        29 conhost.exe 23->29         started       
Score:
25%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pe2o57d4tml4cocdhmj3r34z657iqfjrsnjfwqlcdesa2r7m3u4q._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery evasion execution persistence privilege_escalation
Link:
https://tria.ge/reports/240824-244jrsvdkf/
Behaviour
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Launches sc.exe
Drops file in System32 directory
Enumerates processes with tasklist
Adds Run key to start application
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/581f5824-cfb2-4c59-a938-9afeb4401ddc
Unpacked files
SH256 hash:
f71621c47c610e0886846cf53d955fd0e7448951f99ecc22facd47493ef97a87
MD5 hash:
e548a93d16964e52868c47cef1c98f2e
SHA1 hash:
4b96b0aa48f6ac050a764c7d65f4129a9bb8cf21
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
f39639ed9a90750253695b7e88f1351e57d6d3b6ba7477577552c87952390531
MD5 hash:
c0c0415bdd02b25df936b5cbc0ef7962
SHA1 hash:
e518f03e82680015cdcafc684e203acd79935b3f
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
f041747b5b6b20b6620ca13a7b276c9e9070e54cda8c29f6add54cba9a42a2f5
MD5 hash:
0f581e56ed5ba500ce5d98d105b04a37
SHA1 hash:
b6e2cade601bc6fd15e7f07ed41a4dfa4ee0a589
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
ea7fd75e2bb069699d4da09f3601d70ca8e401f58949178cdbf2c5928720daa1
MD5 hash:
8f6875148b45c300b95514cb40703c2e
SHA1 hash:
0015b8e21d84e0f6f174cf71b63651bad94582df
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
e9932fb947df5125648828248f51beb1f0b213b41f0a15bf77d56bc4b9217375
MD5 hash:
9defb2682db3afbc640ac3fdf4045154
SHA1 hash:
3996fe866d6bd39878ea6b498e439589020c1ed8
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
e7ad4b2c3492574e404f2c2dc8d3ad6739f6a2ed820da73019b0d07307d8dd6a
MD5 hash:
4e267ef9cc300b1c6a0b1c5861f35425
SHA1 hash:
55de5bc8edde0f75108b6c5976b44b837d2bd7db
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
e333548749078be5b6207453755e40220361ace77bae0b81b60e2666b5fa8986
MD5 hash:
aa78ec5b23873e94e11f619b7566cc95
SHA1 hash:
3e4b0d084212dc096ae1b2b4194a11c4e9fa255c
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
dfeab83e6a9555a6c18070c611d868e117fa2fef6f815da26e622feb2e610254
MD5 hash:
8e4e0ea396b5452bed54e6888cb07ca1
SHA1 hash:
1a7afcdd7f118b3ef8f1d9761fa71faeee16fd2c
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
dfa9351dcbbbde572684f569b900ade24380fc0ad63d592c4100d754b2bfdf7e
MD5 hash:
e28c8111ea4cab3890fb559e977f5847
SHA1 hash:
cc19e6ceee81d2dcea7358cd0d9c53f442088dad
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
MD5 hash:
a5f8399a743ab7f9c88c645c35b1ebb5
SHA1 hash:
168f3c158913b0367bf79fa413357fbe97018191
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
b635ba89e9cc8455f252b7e24e5d2838f50aaf75121ca7d070bb7d6cf41a6235
MD5 hash:
06b971620bda7960f7d8e43ce69e3bbe
SHA1 hash:
08e1f37cd9c1d320fac3a32105f16abbbb73092c
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
b46f763461aea32fcea7ad964533a0706e6ea377c211f8dbd1841241a4edc7e3
MD5 hash:
c9217b4fc057c99ef0b1c603de094a30
SHA1 hash:
8b6326767783e351c6bed00ea2aa46ce441048c0
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294
MD5 hash:
83cd62eab980e3d64c131799608c8371
SHA1 hash:
5b57a6842a154997e31fab573c5754b358f5dd1c
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
9d6f57b2cda902df276730d76c481d4537402643d1aed03dab81a5d17286c913
MD5 hash:
ad23b4cdfda55b7abe505087b246b1a3
SHA1 hash:
442fb06d6c8173429f8f4133478086ccaf4dc271
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
92f1d0d6ccfb0d030789f3c5c636fcdd08f6d0541a5a54f185e8ecd85592e3f9
MD5 hash:
6aa2393ff1fde1a61d0cf51730428f74
SHA1 hash:
3c847a95a6547aa49919789d7a0cb6ed76122849
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
9292eb06bf4cd100c94abd2949a96351a0f3710008674993c7491da578e1ede1
MD5 hash:
99a817a04b25690b98edf3370ed2eb83
SHA1 hash:
1a878f0e4fb4f7ea1d75674eb724fc6feaccdff0
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
8e0c73e94cdd28b0373bb6e1fbebe29f258f8fbf0d4771ac9dd08dbcda3ef6d9
MD5 hash:
ae2f45308384f5f2aaec76f079dca1af
SHA1 hash:
30e20b3f79f9164644b7ba2bc171cd60bcfb0690
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
8b0f62bb2f3af65e458ca56535a580c31fc9ce555ec8dae825031c843b440f1e
MD5 hash:
93847672e8ab6a31d56a93b28daa130c
SHA1 hash:
3654b18fa3b2cbb90bf65ffd78b4449c04e7fd69
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
8af4ccc77c49f775ec8876f41381a922d215ad5141d8509a5ab8bcf03472c65a
MD5 hash:
93692fe982ff635bc9286979b9d390f2
SHA1 hash:
704bca5b51f045510a6dbee8bbeb7cfed1916e4b
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
6b531d00b2481cc14080f6903667f7dd529fa090c2855a777da34ede3173cfd5
MD5 hash:
8e03044775b38cb3c3a1349a44c87b00
SHA1 hash:
9bcf71e6bfa1e34958f04d4fb22bb85140696329
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
63b211fc957d0af9afac3fd7ddaa6fa26910c1609609d093cbba86771b4e6168
MD5 hash:
5f00964f1ceb0028ffa1d6cb2bb802da
SHA1 hash:
51e1f9dc42cb6154897df79c583940d3cfcc4fe5
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94
MD5 hash:
d01819bfe03222dfa9e35a36555b6b6c
SHA1 hash:
25f8069590b14724f28e6a04b8a42e4ef4a8562d
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
5a7ca101fd8efe0006f2f69d786989adc968d82cea35d83e976fb12d9baace32
MD5 hash:
e42998e3bb92e6696a82ef796efac507
SHA1 hash:
8202e573a8abedaaa138b3cef6135ce09c0e87e6
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
5413095e2e536356a2f8facfcf0818f711bc512aad8a0034f646cbd4e9f979df
MD5 hash:
9bd9998fada60eb7e157148a5d681633
SHA1 hash:
0715f534b854ac2e3660dd073610e2c6426ef274
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
524529cb73b924d7cb7c3b6a63537ffbb57c91c1aeee76905ab088b8768bd3a9
MD5 hash:
475d122dfc7f38cdc8ada4e78c29476f
SHA1 hash:
4e82b43a568d72d23f69afeaea5123cf0b663e10
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
MD5 hash:
c8164876b6f66616d68387443621510c
SHA1 hash:
7a9df9c25d49690b6a3c451607d311a866b131f4
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
34e50995c879e58fe2f131eed5063291488057368552bca91b8c5e71743c3162
MD5 hash:
80f493343f3e346d173b03a04c3dfe50
SHA1 hash:
76510efb4e05b7f397d8bfe062ac401be440861f
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
24bd076d31dc9d363eb2adb8b27a7d45d9f975aeec565132d27901537e31f239
MD5 hash:
d552de7d39179b914db7cc2dbdd005c2
SHA1 hash:
044329c6c335224ba05a4e398a5fcb204f13ac36
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
1aea56fad229ead28e18e2ef953e7e949101865dd063bb69df62194880cef037
MD5 hash:
c52c091441560c25f69fc82ef963d3cf
SHA1 hash:
5a93e265bb9172a2a7a78e1624df6836a30d3c33
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
1725784197b326cdbdc2083686c62874419840d09968e0266b2a12528da1bd4a
MD5 hash:
55dbfe9c02ccd648bb14902210d739eb
SHA1 hash:
bd44ca316cde10f7b5084c6ec5b4956710bce7c6
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
0e92d3683673d7899d33c71d2b5e022d83198aab9413dcafc43f6ce597cdf252
MD5 hash:
fcbce484db6b9051b50381be4c70d4ad
SHA1 hash:
f752be7a7a0d9e7986855db6806b01c70350c058
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
052807ff816f672a5bb1ea961df1ddfaa793d6767dc76fe633b9ef54ed2ce581
MD5 hash:
37d50e209d7329a20a9253d5e69fbafa
SHA1 hash:
50722c48c05c5155fed688a4c346d63f6d2fabde
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
7274fe736fe36cdc8343b04fea6ff598ce384ead99ea94e4b47d4d329037331d
MD5 hash:
941a7b4dc105c3487d2b2961dc6ccb01
SHA1 hash:
ac71c5b759cabd78213748329909eaee60810d12
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
MD5 hash:
56a321bd011112ec5d8a32b2f6fd3231
SHA1 hash:
df20e3a35a1636de64df5290ae5e4e7572447f78
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
3b15c6e4ca42036d7424f93ea0806a2d35220d65faaf2bd2479a54258f631b55
MD5 hash:
428c3a07fba184367a5085e46e4a790b
SHA1 hash:
f2de6cd4ec99ab784d18914a21de9d919a450089
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
e2e51dafe63f52fa3411196a9b52c92f990d689300b18968645d46e9413ce1f4
MD5 hash:
b63a115a9210ad26dd2b44cb7de6e416
SHA1 hash:
52c090bb8b91ca13f392df7b34d787309ee48b20
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
d91f57c3511c587c1254c77453f7209cea28df1e4d7153b496a23fd7612c11c5
MD5 hash:
350922ab46f2e09f3aff2e1acb2febc4
SHA1 hash:
0ee6edb63c7138c3723d1a56cee5f45a937ea723
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
SH256 hash:
7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39
MD5 hash:
8a16c4b0c08337f7e78ae8e04e72bde4
SHA1 hash:
63d3a549702aceed4b3f69cc465a941ff15fefeb
Link:
https://www.unpac.me/results/e9b8c1f8-3174-4d40-b56b-8642980cef6e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://tria.ge/240824-2yblsswdmj
  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteA
SHELL32.dll::SHFileOperationA
SHELL32.dll::SHGetFileInfoA
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryExA
KERNEL32.dll::GetDiskFreeSpaceA
KERNEL32.dll::GetCommandLineA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileA
KERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateFileA
KERNEL32.dll::DeleteFileA
KERNEL32.dll::MoveFileA
ADVAPI32.dll::SetFileSecurityA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExA
ADVAPI32.dll::RegDeleteKeyA
ADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegQueryValueExA
ADVAPI32.dll::RegSetValueExA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuA
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExA
USER32.dll::OpenClipboard
USER32.dll::PeekMessageA
USER32.dll::CreateWindowExA

Comments