Windows Proactive Safety
MD5: 3313bbc5ffd642dd82495ddd07091996
https://www.virustotal.com/file/3313bbc ... /analysis/
MD5: 3313bbc5ffd642dd82495ddd07091996
https://www.virustotal.com/file/3313bbc ... /analysis/
Hello,
Thanks for taking the time to submit your samples to the Norman
Sandbox Information Center. Customer delight is our top priority at
Norman. With that in mind we have developed Sandbox Solutions for
organizations that are committed to speedy analysis and debugging.
Norman Sandbox Solutions give your organization the opportunity to
analyze files immediately in your own environment.
To find out how to bring the power of Norman Sandbox into your test
environments follow the links below.
Norman Sandbox Solutions
http://www.norman.com/enterprise/all_bu ... analyzers/
Norman Sandbox Analyzer
http://www.norman.com/enterprise/all_pr ... _analyzer/
Norman Sandbox Analyzer Pro
http://www.norman.com/enterprise/all_pr ... lyzer_pro/
Norman SandBox Reporter
http://www.norman.com/enterprise/all_pr ... _reporter/
BDSM_Movie_214.mpeg.exe : Not detected by Sandbox (Signature: NO_VIRUS)
[ DetectionInfo ]
* Filename: C:\analyzer\scan\BDSM_Movie_214.mpeg.exe.
* Sandbox name: NO_MALWARE
* Signature name: NO_VIRUS.
* Compressed: YES.
* TLS hooks: YES.
* Executable type: Application.
* Executable file structure: OK.
* Filetype: PE_I386.
[ General information ]
* File length: 2398208 bytes.
* MD5 hash: 3313bbc5ffd642dd82495ddd07091996.
* SHA1 hash: 733d99ba11a0c7389c99d0f342e83f341c786460.
* Packer detection: ASProtect 1.33/2.1 Registered.
[ Changes to registry ]
* Accesses Registry key "HKCU\Software\Borland\Locales".
* Accesses Registry key "HKCU\Software\Borland\Delphi\Locales".
* Accesses Registry key "HKCU\Software\CodeGear\Locales".
* Accesses Registry key "HKLM\Software\CodeGear\Locales".
* Accesses Registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes".
[ Changes to system settings ]
* Creates WindowsHook monitoring call windows procedures activity.
[ Process/window information ]
* Creates an unnamed event.
* Creates a window with caption and classname TPUtilWindow.
* Creates a window with caption sample and classname TApplication.
* Creates section "SAMPLE.EXE" with full access to everyone.
* Attempts to open CLSID {1e651cc0-b199-11d0-8212- c04fc32c45}.
(C) 2004-2011 Norman ASA. All Rights Reserved.
The material presented is distributed by Norman ASA as an information source only.
This file is not flagged as malicious by the Norman Sandbox Information Center. However, we can not guarantee that the file is harmless. If you still suspect the file to be malicious and if you urgently need to know for sure, please submit it to your local Norman support department for manual analysis.
************************************
Sent from an unmonitored email address.
Please DO NOT reply.
************************************
Attachments
Password: infected
(2 MiB) Downloaded 78 times
(2 MiB) Downloaded 78 times