Download hesoolver v2.5.8 en.exe

Hesoolver v www.oxygen.com.ro

This report is generated from a file or URL submitted to this webservice on May 10th (UTC)
Report generated by Falcon Sandbox v © Hybrid Analysis

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

  • Suspicious Indicators 8

  • Anti-Detection/Stealthyness
    • Queries process information
      details
      "<Input Sample>" queried SystemProcessInformation at FDA
      "<Input Sample>" queried SystemProcessInformation at FDA
      source
      API Call
      relevance
      4/10
  • Anti-Reverse Engineering
  • Installation/Persistance
    • Contains ability to write to a remote process
      details
      WriteProcessMemory@KERNELDLL from PID
      WriteProcessMemory@KERNELDLL from PID
      WriteProcessMemory@KERNELDLL from PID
      WriteProcessMemory@KERNELDLL from PID
      WriteProcessMemory@KERNELDLL from PID
      WriteProcessMemory@KERNELDLL from PID
      WriteProcessMemory@KERNELDLL from PID
      WriteProcessMemory@KERNELDLL from PID
      WriteProcessMemory@KERNELDLL from PID
      WriteProcessMemory@KERNELDLL from PID
      source
      Hybrid Analysis Technology
      relevance
      8/10
  • Spyware/Information Retrieval
  • System Security
  • Unusual Characteristics
    • Imports suspicious APIs
      details
      RegCloseKey
      RegCreateKeyExA
      CreateThread
      CreateToolhelp32Snapshot
      GetCommandLineA
      GetFileAttributesA
      GetModuleHandleA
      GetStartupInfoA
      GetThreadContext
      OpenProcess
      Process32First
      Process32Next
      ReadProcessMemory
      Sleep
      TerminateProcess
      VirtualAllocEx
      WriteProcessMemory
      FindWindowExA
      GetWindowThreadProcessId
      source
      Static Parser
      relevance
      1/10
    • Reads information about supported languages
      details
      "<Input Sample>" (Path: "\REGISTRY\MACHINE\SYSTEM\CONTROLSET\CONTROL\NLS\LOCALE", Key: "")
      source
      Registry Access
      relevance
      3/10
  • Hiding 1 Suspicious Indicators
    • All indicators are available only in the private webservice or standalone version
  • Informative 3

  • General
    • Loads modules at runtime
      details
      "<Input Sample>" loaded module "%WINDIR%\SYSTEM32\OLEDLL" at base
      "<Input Sample>" loaded module "www.oxygen.com.ro" at base 74E
      "<Input Sample>" loaded module "KERNELDLL" at base 75E
      "<Input Sample>" loaded module "C:\WINDOWS\SYSWOW64\www.oxygen.com.ro" at base 76E
      "<Input Sample>" loaded module "OLEAUTDLL" at base 76CA
      source
      API Call
      relevance
      1/10
    • Looks up procedures from modules (excluding www.oxygen.com.ro, kerneldll, userdll, gdidll, oledll, comctldll, www.oxygen.com.ro, oleautdll, www.oxygen.com.ro, www.oxygen.com.ro)
      details
      "SystemFunction@www.oxygen.com.ro"
      source
      API Call
      relevance
      1/10
    • Sample was identified as clean by Antivirus engines
      details
      0/56 Antivirus vendors marked sample as malicious (0% detection rate)
      source
      External System
      relevance
      10/10

File Details

File Imports

Screenshots

Loading content, please wait

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 1 process in total.

Источник: [www.oxygen.com.ro]
.

tanki online hack de voar

Download hesoolver v2.5.8 en.exe