#284 auxsetup has malware ?

[Anonymous]

Hello,
auxsetup.exe has malware ?
https://www.hybrid-analysis.com/sample/a9daa6ea4b53e396afaa5e4a03084db8aec67a4fc9d0c2133b22696324c80bbc?environmentId=100
Many Thanks
Marco

[Anton Shekhovtsov]

Hi
The part that draws attention is "POSTs files to a webserver": I don't trust this analysis. I think the detector picked network traffic from another process or is otherwise broken.

Here is another report that doesn't show any network activity:
https://www.hybrid-analysis.com/sample/a1cdc3fceba193b674d57f005712218d41965db14ebb7c5bfea16e1caaede35b/5e09e39a28913741016e8e7f

The new file only differs by compile timestamp.

[Anonymous]

The file hash is different, is another file.

[Anton Shekhovtsov]

Yes I recompiled it. It has 2 differences: offset 0xe8 (4 bytes) - PE timestamp; offset 0xb985 - build date in string.
This is not enough to hide any executable code and make reports so much different.