Report #10464 cancel

  • Creation Date: June 1, 2020, 3:17 p.m.
  • Last Update: June 1, 2020, 3:18 p.m.
  • File: LP881997.exe
  • Results:
Binary
DLL
False cancel
Size
72.00KB
trid
82.7% Win32 Executable Microsoft Visual Basic 6
6.6% Win32 Dynamic Link Library
4.5% Win32 Executable
2.0% OS/2 Executable
2.0% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
3b860deebcd2b51dde907595a4e3b035
sha1
47262ac6870e831d06774bd72a7bbbf2df3a84fe
crc32
0x31e7bc00
sha224
444bc8ba5b6569f37efc7c79c5a629da5086f99e805808262f88a3e0
sha256
451707dd87cd4471d7ee3cbfb25dbb2716909c0573bd4eb57401f4f47a8747f1
sha384
34c4029e727bd6a7983ca0b1e312144ed2f22eaea88f2d49f40600e8635f6bf6a095caca8a3f9cc47334e2ca06fd6e6f
sha512
a0a1a78a821b262930832278b86edddcc0c8d36a2f6ca98010cc5f06914ed71a4b1f47f81aa1d1d9b18b5d39b443f748b8bffe1b41a3d9f20fe5e61c1ba84c5c
ssdeep
1536:e1gnVEma4jH+SCXNxAWxRMe418H+SCXNxHa4GnV:BnVEmaS2xvxSe4W2xHaNnV
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
Microsoft_Visual_Basic_v50_additional, domain, HasRichSignature, contentis_base64, IsPE32, Microsoft_Visual_Basic_v50, Microsoft_Visual_Basic_v50_v60, Microsoft_Visual_Basic_v50v60_additional, Microsoft_Visual_Basic_v50v60, SEH__vba, IsWindowsGUI

Suspicious
True check_circle

Strings
List
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Sknkendrivesal.exe
@UjsAfw%Gk|
@UjsAfw%Gk|
EVENT_SINK_QueryInterface
VBA6.DLL
:Qht3au8 Ha
:Qht3au8 Ha
EVENT_SINK_AddRef
~EXlrEerXBfu9Div
~EXlrEerXBfu9Div
EVENT_SINK_Release
MSVBVM60.DLL
MSVBVM60.DLL
>htT@
>htT@
szs}stuutt
szs}stuutt
ProcCallEngine
cWvE9vT163
0Tnb"Un
0Tnb"Un
~;'leDf
~;'leDf
Salvocellefo2
}=asUEiy
}=asUEiy
Comments
PnD#Qht
PnD#Qht
*UUyBgs,Fl|
*UUyBgs,Fl|
Sammenstuv3
Stveklude1
Stveklude1
Snekdesor3
Marconigr5
CompanyName
FORKTRINGERNE
CAVATINASBILLH
CAVATINASBILLH
CAVATINASBILLH
CAVATINASBILLH
FORKTRINGERNE
OPTJENMACHI
OPTJENMACHI
@UjsAhy
=ithAbh
(ithEiu
(ithEiu
=ithAbh
@UjsAhy
ProductName
VERUTAFRA
!Tm9+Gcv
!Tm9+Gcv
Cgs@<erl
Cgs@<erl
}=cvdBhu
}=cvdBhu
}%TnD]Lh
}%TnD]Lh
Peroxidatepoac
>duP8H
>duP8H
DhvfDhtTCapn
DhvfDhtTCapn
s`rrrrrssvt
s`rrrrrssvt
FileVersion
InternalName
OriginalFilename
FileDescription
VarFileInfo
StringFileInfo
lremestreneum
algeriteant
Sknkendrivesal
lremestreneum
Sknkendrivesal
Translation
ubiSOFT
ubiSOFT
Brassi8
Brassi8
midgetyforudb
`.data
ttysssrssuut
ttysssrssuut
4apnCgy
4apnCgy
Dokning
Dokning
rsI-oP
rsI-oP
rsI-oP
rsI-oP
Acolous
EXlUBhw
EXlUBhw

Foremost
Matches
0.exe, 72 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: VBA6.DLL, MSVBVM60.DLL
hasFiles: True check_circle
Suspicious: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 36864
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 101942
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4284
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: msvbvm60.dll
hasLibs: True check_circle
Suspicious: vba6.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2010-06-24 17:52:26
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual Basic v5.0, Microsoft Visual Basic v5.0 - v6.0

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 5
.text: 6

pushpopmath
.rsrc: 3
.text: 3

garbagebytes
.rsrc: 3
.text: 4

hookdetection
.rsrc: 1
.text: 1

software breakpoint
.rsrc: 3
.text: 3

programcontrolflowchange
.rsrc: 3
.text: 4

cpuinstructionsresultscomparison
.text: 2

AVclass
dynamer
1
VirusTotal
md5
3b860deebcd2b51dde907595a4e3b035
sha1
47262ac6870e831d06774bd72a7bbbf2df3a84fe
SCANS (DETECTION RATE = 76.71%)
AVG
result: Win32:Malware-gen
update: 20200325
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=86)
update: 20200325
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200325
version: 6.4
detected: True check_circle

Bkav
update: 20200324
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 00562e3f1 )
update: 20200325
version: 11.100.33621
detected: True check_circle

ALYac
result: Trojan.GenericKD.33552178
update: 20200325
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20200325
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Injector.yeqia
update: 20200325
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Injector.AAM.gen!Eldorado
update: 20200325
version: 6.2.2.2
detected: True check_circle

DrWeb
result: Trojan.MulDrop3.12449
update: 20200325
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.33552178
update: 20200325
version: A:25.25249B:26.18134
detected: True check_circle

Panda
result: Trj/Genetic.gen
update: 20200324
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.MulDrop
update: 20200325
version: 4.3.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200325
version: 82484
detected: True check_circle

Zoner
update: 20200325
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200324
version: 0.102.2.0
detected: False cancel

Comodo
update: 20200325
version: 32243
detected: False cancel

F-Prot
result: W32/Injector.AAM.gen!Eldorado
update: 20200325
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.VB.Crypt
update: 20200325
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!3B860DEEBCD2
update: 20200325
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Generic!8.C3 (CLOUD)
update: 20200325
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/Inject-FOI
update: 20200325
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Igent.bTort0.27
update: 20200324
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Injector.Win32.693985
update: 20200325
version: 2.0.0.4053
detected: True check_circle

Acronis
result: suspicious
update: 20200315
version: 1.1.1.73
detected: True check_circle

Alibaba
result: Trojan:Win32/Dynamer.5985462d
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D1FFF732
update: 20200325
version: 1.0.0.870
detected: True check_circle

Cylance
result: Unsafe
update: 20200325
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200226
version: 3.0.17
detected: True check_circle

FireEye
result: Generic.mg.3b860deebcd2b51d
update: 20200316
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200324
version: 1.0
detected: True check_circle

TACHYON
update: 20200325
version: 2020-03-25.02
detected: False cancel

Tencent
result: Win32.Trojan.Generic.Lmbe
update: 20200325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200325
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200325
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_94%
update: 20200325
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.33552178
update: 20200325
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20200325
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33552178 (B)
update: 20200325
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Injector.yeqia
update: 20200325
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Generic!tr
update: 20200325
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200219
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: Trojan.Generic.enevt
update: 20200325
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200325
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200325
version: 1.0
detected: True check_circle

Symantec
result: Trojan Horse
update: 20200325
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.moderate.ml.score
update: 20200123
version: 3.2.22.914
detected: True check_circle

AhnLab-V3
result: Malware/Win32.Generic.R329077
update: 20200325
version: 3.17.3.26870
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.AGeneric
update: 20200325
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20200325
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200320
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Dynamer!rfn
update: 20200325
version: 1.1.16900.4
detected: True check_circle

Qihoo-360
result: Generic/HEUR/QVM03.0.F85B.Malware.Gen
update: 20200325
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20200325
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of Win32/Injector.ELCP
update: 20200325
version: 21054
detected: True check_circle

TrendMicro
result: Trojan.Win32.DNP.USXVPCI20
update: 20200325
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33552178
update: 20200325
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 00562e3f1 )
update: 20200324
version: 11.100.33618
detected: True check_circle

SentinelOne
result: DFI - Suspicious PE
update: 20200220
version: 2.0.0.2603
detected: True check_circle

Avast-Mobile
update: 20200324
version: 200323-00
detected: False cancel

Malwarebytes
result: Trojan.GuLoader
update: 20200325
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200325
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Generic
update: 20200325
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20200325
version: 1.0.134.25032
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZevbaCO.34104.em0@ayGHAzni
update: 20200325
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33552178
update: 20200325
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200324
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Vilsel.lh
update: 20200324
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: Trojan.Win32.DNP.USXVPCI20
update: 20200325
version: 10.0.0.1040
detected: True check_circle

total
73
sha256
451707dd87cd4471d7ee3cbfb25dbb2716909c0573bd4eb57401f4f47a8747f1
scan_id
451707dd87cd4471d7ee3cbfb25dbb2716909c0573bd4eb57401f4f47a8747f1-1585133430
resource
3b860deebcd2b51dde907595a4e3b035
positives
56
scan_date
2020-03-25 10:50:30
verbose_msg
Scan finished, information embedded
response_code
1
Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 81.47%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 85.02%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 55.17%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 98.82%
suspicious: True check_circle