Scribd
Upload
14 views

Global Verdict Report

global-verdict-report (1)

Uploaded by

dataciphertrainings
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

Global Verdict Report

global-verdict-report (1)

Uploaded by

dataciphertrainings
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

1 File Information

File Type PE64

File Signer

SHA-256 e30953278af244cbf40991a1002f82783add42ec13a583c51864c0d8cabd8005

SHA-1 befa5cf53d4c698fefbb707f23d9c17d742bf0c6

MD5 81fc187b779d59e4fd2f646bb03ebf03

File Size 113152bytes

First Seen Timestamp 2021-12-20 16:04:26 UTC

Verdict Benign

Antivirus Coverage VirusTotal Information

2 Static Analysis

2.1. Suspicious File Properties

This sample was not found to contain any high-risk content during a pre-screening
analysis of the sample.

Contains non-standard section names


Standard section names are defined by the compiler. Non-standard section names may indicate a packed or
obfuscated PE file.

Contains sections with size discrepancies


Sections with a large discrepancy between raw and virtual sizes may indicate a packed or obfuscated PE file.

3 Dynamic Analysis

3.1. VM1 (Windows 7 x64 SP1, Adobe Reader 11, Flash 11, Office
2010)

3.1.1. Behavioral Summary

This sample was found to be benign on this virtual machine.

Behavior Severity

1/4
Created or modified a file in the Windows system folder
The Windows system folder contains configuration files and executables that control the underlying functions of the
system. Malware often modifies the contents of this folder to manipulate the system, establish persistence, and avoid
detection.

Created or modified a file


Legitimate software creates or modifies files to preserve data across system restarts. Malware may create or modify files
to deliver malicious payloads or maintain persistence on a system.

Modified Event Tracing for Windows


Malware may attempt to block or redirect events captured by Event Tracing for Windows in order to conceal its activity.

The sample shows limited activities during analysis.


A sample may not be able to generate much behaviors by design or because of its dependency on user input or system
environment, which could means it is trying to evade the dynamic analysis.

Sample is invalid or corrupted


The sample is either corrupted or an invalid file type. It cannot be analyzed.

3.1.2. Network Activity


No network data available.

3.1.3. Host Activity


Process Activity

Process Name - sample.exe

(command: C:\Users\Administrator\sample.exe)

Event Timeline

1 Created Process C:\Users\Administrator\sample.exe

3.2. VM2 (Windows 10 x64, Flash 22, Adobe Reader 11, Office 2019)

3.2.1. Behavioral Summary

This sample was found to be benign on this virtual machine.

Behavior Severity

Created or modified a file


Legitimate software creates or modifies files to preserve data across system restarts. Malware may create or modify files
to deliver malicious payloads or maintain persistence on a system.

The sample shows limited activities during analysis.


A sample may not be able to generate much behaviors by design or because of its dependency on user input or system
environment, which could means it is trying to evade the dynamic analysis.

Sample removed system files.


Sample removed system files.

3.2.2. Network Activity


No network data available.

3.2.3. Host Activity


Process Activity

Process Name - sample.exe

2/4
(command: C:\Users\Administrator\sample.exe)

Event Timeline

1 Created Process C:\Users\Administrator\sample.exe

3/4

You might also like