-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsample_report.txt
More file actions
51 lines (38 loc) · 1.99 KB
/
sample_report.txt
File metadata and controls
51 lines (38 loc) · 1.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
MALWARE STATIC ANALYSIS REPORT
------------------------------------------------------------------------------------------------------------------------------------------------------
Dev Team : Ketan Mote & Sourabh Pradhan
Codename : MalHunt
Version : 0.0.1
Contact : +91 545874745 / ouremail@gmail.com
------------------------------------------------------------------------------------------------------------------------------------------------------
# Basic Details about File :
1. NAME of the File : malware1.exe
2. File Size (in bytes) : 9415
3. MD5 HASH :
276f29e31344ee8eb5e805cbb39f10a3
4. SHA256 HASH :
67327d2833de9412a9e51cdb22987943969958bdd2b77b86214117bc4c8239d1
5. SHA512 HASH :
67d445dd84b2af46a7d9e3e252a64ee97fd65a76ec32c3d437a1936e75c5aaa5b7cd8cf9df4cbd16cdbe1613a8206154bf49b9b47d7a6a5e7b64cfce9628006d
----------------------------------------------------------------------------------------------------------------------------------------------------
# Malware Signature Analysis :
1. INTRESTING CALLS :
['STARTUPINFO()', 'GetLogicalDriveStrings()', 'RunAsAdmin()', 'IsPyExist()', 'CommitSuicide()', 'CommitSuicide()', 'CommitSuicide()', 'IsPyExist()', 'RunAsAdmin()', 'CommitSuicide()']
2. SYSTEM CALLS :
['vmsrvc.exe', 'vmusrvc.exe', 'vboxtray.exe', 'vmtoolsd.exe', 'df5serv.exe', 'vboxservice.exe']
3. DLL CALLS :
['win32api', 'win32api', 'kernel32', 'kernel32']
4. REGISTRY CALLS :
[]
5. IRC COMANDS :
['requests.packages.urllib3.disable_warnings()', 'INFO', '.com']
6. CRYPTOGRAPHIC FUNCTIONS :
['0.0.0.0']
7. ENUMERATING AND SPREADING FUCTIONS :
[]
8. TRYING TO ACCESS/XECUTE/ENCRYPT FILE TYPES :
['exe', 'pl', 'exe', 'py', 'exe', 'py', 'py', 'py', 'py', 'py', 'py', 'py', 'exe', '7z', 'txt', 'php', 'pl', 'pl', 'pl', 'exe', 'pl', 'pl']
9. TARGETED LOCATIONS :
['c:/', 'c:/', 'c:/', 'c:/', 'cipher /W:%s']
----------------------------------------------------------------------------------------------------------------------------------------------------
End of the Report.