artistical
Member
Ok i download a puzzle engine,and always scan,when i make exe file this show me in hybrid analysis i am not scared but want to know where to remove this or what,
Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'Puzzle Game.exe'
Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.
www.hybrid-analysis.com
- External Systems
- Found an IP/URL artifact that was identified as malicious by at least one reputation engine
details1/83 reputation engines marked "http://nsis.sf.net" as malicious (1% detection rate)sourceExternal Systemrelevance10/10
- Found an IP/URL artifact that was identified as malicious by at least one reputation engine
- General
- Found a potential E-Mail address in binary/memory
detailsPattern match: "[email protected]"sourceStringrelevance3/10ATT&CK IDT1114 (Show technique in the MITRE ATT&CK™ matrix)
- Found a potential E-Mail address in binary/memory
- Unusual Characteristics
- Imports suspicious APIs
detailsRegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
GetFileAttributesA
CopyFileA
GetModuleFileNameA
LoadLibraryA
LoadLibraryExA
GetFileSize
CreateDirectoryA
DeleteFileA
GetCommandLineA
GetProcAddress
GetTempPathA
CreateThread
GetModuleHandleA
FindFirstFileA
WriteFile
GetTempFileNameA
FindNextFileA
CreateProcessA
Sleep
CreateFileA
GetTickCount
ShellExecuteA
FindWindowExAsourceStatic Parserrelevance1/10 - PE file contains unusual section name
details"c6fcc50a4cee6318d4e6bb2c93b9b05f72e1dbd2fd52c9464ae82a313e19d402.bin" has a section named ".ndata"sourceStatic Parserrelevance10/10
- Imports suspicious APIs