A process attempted to delay the analysis task.
Checks adapter addresses which can be used to detect virtual network interfaces
This sample is detected by clamav as: Win.Worm.Socks-9
One or more AV tool detects this sample as malicious: Worm:Win32/Autorun.gen!BS
Strings possibly contain hardcoded IP Addresses.
Creates executable files on the filesystem
Automatic Sequence Detection maliciousness score: 76%
Performs some HTTP requests
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some DNS requests
The executable has PE anomalies (could be a false positive)
The binary likely contains encrypted or compressed data.
Creates an Alternate Data Stream (ADS)
Installs itself for autorun at Windows startup
This sample contains high entropy sections
Anomalous binary characteristics
Contains sections of zero entropy
Presents an Authenticode digital signature