TinyTake_v_5_2_19.exe

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 16, 2021, 6:01 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.vmp0
section	.vmp1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory April 16, 2021, 6:01 p.m.	process_identifier: 2648 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01750000 allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE) process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory April 16, 2021, 6:01 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 61440 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01751000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section	{u'size_of_data': u'0x00636400', u'virtual_address': u'0x00b91000', u'entropy': 7.965513471427617, u'name': u'.vmp1', u'virtual_size': u'0x00636210'}				entropy	7.96551347143				description	A section with a high entropy has been found
entropy	0.989653831194				description	Overall entropy of this PE file is high

The executable is likely packed with VMProtect (2 events)

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

Communicates with host for which no DNS query was performed (2 events)

host	45.138.27.125
host	45.85.90.7

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

Elastic	malicious (high confidence)
Cylance	Unsafe
Cybereason	malicious.6db594
APEX	Malicious
Avast	Win32:MdeClass
Rising	Malware.Heuristic!ET#77% (RDMK:cmRtazrfphQBIiuXBGJXy8DkQRfP)
FireEye	Generic.mg.6f6ef1b4659a3e47
SentinelOne	Static AI - Malicious PE
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZexaF.34678.@VX@aWW3dae
Malwarebytes	Malware.Heuristic.1003
eGambit	PE.Heur.InvalidSig
AVG	Win32:MdeClass

Network activity contains more than one unique useragent (2 events)

process	TinyTake_v_5_2_19.exe				useragent	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36
process	TinyTake_v_5_2_19.exe				useragent	c25iK3H8PkGDL6X614f7

Generates some ICMP traffic

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 events)

dead_host	45.138.27.125:80
dead_host	192.168.56.101:49216