Disables Windows Security features
A process attempted to delay the analysis task.
This sample is detected by clamav as: BC.Win.Virus.Ransom-9157.B
One or more AV tool detects this sample as malicious: Trojan:Win32/NabucurObfs
Drops a binary and executes it
Sample writes a large amount of files (Over 100)
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Creates executable files on the filesystem
Expresses interest in specific running processes
Reads data out of its own binary image
Automatic Sequence Detection maliciousness score: 56%
Performs some HTTP requests
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Sample contacts servers at uncommon ports
Performs some DNS requests
Allocates read-write-execute memory (usually to unpack itself)
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup
Contains obfuscated control-flow to defeat static analysis.
This sample contains high entropy sections
A process created a hidden window
Deletes its original binary from disk