Raj Oberai 0 Posted March 8, 2018 Author Share Posted March 8, 2018 16 hours ago, itman said: Hybrid-Analysis didn't find anything overly malicious. However, it noted a couple of things: 1. Software signing cert. not valid. VT also noted this. 2. Possible RPC suspicious activities. 3. Flagged this API call; NtQueryValueKey@NTDLL.DLL ValueName - CWDIllegalInDLLSearch Also of note is VT showed Window's hooking i.e. SetWindowsHook. Did not see this specifically noted in Hybrid-Analysis report. Since this appears to be income tax software - India based? - I still would be cautious. Remember the Ukraine WannaCry incident? -EDIT- Also of note: Unusual Characteristics CRC value set in PE header does not match actual value details "ITAutoUtility.exe.bin" claimed CRC 780579 while the actual is CRC 950076 source Static Parser relevance 10/10 Yes it is India based Income Tax software. I am not too tech savvy and this is absolute must for me to run this a few times daily, what cautions can i take taking into consideration that I have to run this no matter what? Heard about WannaCry but don't know too much about it. Guess I am left with no other option than to add it to exclusions and proceed Thanks for your time and help. Link to comment Share on other sites More sharing options...
Recommended Posts