c80a7ab07611836f0da1e9084d765a84049f1beb95174c1cef16bb2524924e13 (SHA-256)

Malicious with 82% Confidence 

SecondWrite’s DeepView Sandbox analyzed this file last week and declared it to be 82%  malicious using our proprietary techniques. At the time of detection, this malware did not appear on leading malware black-lists. A link to the full report is below but here are some key highlights: 

Type of Malware:  Infostealer – Installs a hook procedure to monitor for mouse events- Sniffs keystrokes- Creates an Alternative Data Stream (ADS)- Creates a suspicious Powershell process- More than 50% of the external calls do not go through the import address table

Evasiveness Indicators:– Checks amount of memory in the system, this can be used to detect virtual machines that have a low amount of memory available- Queries for the computername- Attempts to repeatedly call a single API many times in order to delay analysis time- Checks amount of memory in the system, this can be used to detect virtual machines that have a low amount of memory available

Other Compelling Indicators:– Creates a hidden or system file- Attempts to create or modify system certificates- Attempts to identify installed AV products by installation directory- Creates executable files on the filesystem- Reads data out of its own binary image

See full detailed report:

Malware Of The Week is sourced by DeepView Sandbox using SecondWrite’s patented techniques of Forced Code Execution, Program Level Indicators, and Automatic Sequence Detection

Please email us at info@secondwrite.com to questions about our product

SecondWrite’s malware detection sandbox and threat intelligence products are bringing novel technologies and capabilities to their respective segments for the first time. SecondWrite’s DeepView sandbox product categorizes customer-submitted files as malicious or benign with industry-leading accuracy, and outputs a report detailing the file’s suspicious activity. Unlike competing sandboxes, DeepView forcibly executes hidden malicious paths in the input file, thereby discovering about 50% more Indicators of Compromise (IOCs) than without this technology, and leading to greater detection accuracy.