Report #10753 check_circle

  • Creation Date: June 24, 2020, 8:27 p.m.
  • Last Update: June 24, 2020, 8:32 p.m.
  • File: PO476.exe
  • Results:
Binary
DLL
False cancel
Size
387.50KB
trid
81.0% Generic CIL Executable
7.2% Win32 Dynamic Link Library
4.9% Win32 Executable
2.2% OS/2 Executable
2.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
b49b5a45ceabbcabf0297376c7ff8b11
sha1
deb284810d5d7bac6b9419d99811f66503009eac
crc32
0x3c105a39
sha224
dbe3c25ada6c3d55b4d6961f36e50618ee9d5cc0153c3a6fb1e38857
sha256
c609c67af44e04383084b8494a2c12170fb20127e107f2bc4138a165ed927c8f
sha384
fecd7556adc329a4649c5a3a73ddab13d955106594acded325be04ec5d3e70d75fd9cceaa131e7b37d7e89891d2beb64
sha512
7f63e7f5e8eac83d01477cf05c73bd89dc2b5d69b37468be25ffa227fced62f7b966c95802e2c2e84a54f044ae84efcff31df8263f6e2fc4cfe180c052306557
ssdeep
6144:JQNjprJlcWseFAHm5Uw5gL1O9syLE5TPEVK6A+z:IrJlhszG5Uw5mUg5Tsbz
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IsWindowsGUI, maldoc_getEIP_method_1, NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, RIPEMD160_Constants, CRC32b_poly_Constant, SHA1_Constants, IsNET_EXE, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, NET_executable_, domain, IP, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, Big_Numbers3, Big_Numbers1

Suspicious
True check_circle

Strings
List
System.Security
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
p.gn
soyt.jinF2.cri
stxm.fec
stxm.fec
stxm.wef
rcxs.ees
s.fec
y.cer
y.cmt
stxm.ees
stxm.ees
stxm.eef
stxm.eun
0.0.0.0
11.0.0.0
16.0.0.0
d.hti
1.1.1.1
1.1.1.1
1.1.1.1
OI9}_Dr<
OI9}_Dr;
^g|`NA6
Microsoft.Win32.Primitives.Properties.Resources.resources
Microsoft.Win32.Primitives.Properties.Resources
%+5e_|
bled permanently!
%E(%I
3System.Resources.Tools.StronglyTypedResourceBuilder
Ou{ii`ei%As
te%As
!This program cannot be run iCTIONAREHOST
mscoree.dll
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Foremost
Matches
127.jpg, 17 KB, 187.bmp, 1 KB, 191.bmp, 1 KB, 195.bmp, 1 KB, 198.bmp, 1 KB, 202.bmp, 1 KB, 206.bmp, 1 KB, 210.bmp, 1 KB, 214.bmp, 1 KB, 217.bmp, 1 KB, 221.bmp, 1 KB, 225.bmp, 1 KB, 229.bmp, 1 KB, 233.bmp, 1 KB, 236.bmp, 1 KB, 240.bmp, 1 KB, 244.bmp, 1 KB, 248.bmp, 1 KB, 252.bmp, 1 KB, 255.bmp, 1 KB, 259.bmp, 1 KB, 263.bmp, 1 KB, 267.bmp, 1 KB, 271.bmp, 1 KB, 274.bmp, 1 KB, 278.bmp, 1 KB, 282.bmp, 1 KB, 286.bmp, 1 KB, 290.bmp, 1 KB, 293.bmp, 1 KB, 297.bmp, 1 KB, 301.bmp, 1 KB, 305.bmp, 1 KB, 309.bmp, 1 KB, 312.bmp, 1 KB, 316.bmp, 1 KB, 320.bmp, 1 KB, 324.bmp, 1 KB, 328.bmp, 1 KB, 331.bmp, 1 KB, 335.bmp, 1 KB, 339.bmp, 1 KB, 343.bmp, 1 KB, 347.bmp, 1 KB, 350.bmp, 1 KB, 354.bmp, 1 KB, 358.bmp, 1 KB, 362.bmp, 1 KB, 365.bmp, 1 KB, 369.bmp, 1 KB, 373.bmp, 1 KB, 377.bmp, 1 KB, 381.bmp, 1 KB, 384.bmp, 1 KB, 388.bmp, 1 KB, 392.bmp, 1 KB, 396.bmp, 1 KB, 400.bmp, 1 KB, 403.bmp, 1 KB, 407.bmp, 1 KB, 411.bmp, 1 KB, 415.bmp, 1 KB, 419.bmp, 1 KB, 422.bmp, 1 KB, 426.bmp, 1 KB, 430.bmp, 1 KB, 434.bmp, 1 KB, 438.bmp, 1 KB, 441.bmp, 1 KB, 445.bmp, 1 KB, 449.bmp, 1 KB, 453.bmp, 1 KB, 457.bmp, 1 KB, 460.bmp, 1 KB, 464.bmp, 1 KB, 468.bmp, 1 KB, 472.bmp, 1 KB, 476.bmp, 1 KB, 479.bmp, 1 KB, 483.bmp, 1 KB, 487.bmp, 1 KB, 491.bmp, 1 KB, 495.bmp, 1 KB, 498.bmp, 1 KB, 502.bmp, 1 KB, 506.bmp, 1 KB, 510.bmp, 1 KB, 514.bmp, 1 KB, 517.bmp, 1 KB, 521.bmp, 1 KB, 525.bmp, 1 KB, 529.bmp, 1 KB, 533.bmp, 1 KB, 536.bmp, 1 KB, 540.bmp, 1 KB, 544.bmp, 1 KB, 548.bmp, 1 KB, 552.bmp, 1 KB, 555.bmp, 1 KB, 559.bmp, 1 KB, 563.bmp, 1 KB, 567.bmp, 1 KB, 571.bmp, 1 KB, 574.bmp, 1 KB, 578.bmp, 1 KB, 582.bmp, 1 KB, 586.bmp, 1 KB, 590.bmp, 1 KB, 593.bmp, 1 KB, 597.bmp, 1 KB, 601.bmp, 1 KB, 605.bmp, 1 KB, 609.bmp, 1 KB, 612.bmp, 1 KB, 616.bmp, 1 KB, 620.bmp, 1 KB, 624.bmp, 1 KB, 628.bmp, 1 KB, 631.bmp, 1 KB, 635.bmp, 1 KB, 639.bmp, 1 KB, 643.bmp, 1 KB, 647.bmp, 1 KB, 650.bmp, 1 KB, 654.bmp, 1 KB, 658.bmp, 1 KB, 662.bmp, 1 KB, 666.bmp, 1 KB, 669.bmp, 1 KB, 673.bmp, 1 KB, 677.bmp, 1 KB, 681.bmp, 1 KB, 685.bmp, 1 KB, 688.bmp, 1 KB, 692.bmp, 1 KB, 696.bmp, 1 KB, 700.bmp, 1 KB, 704.bmp, 1 KB, 707.bmp, 1 KB, 711.bmp, 1 KB, 715.bmp, 1 KB, 719.bmp, 1 KB, 723.bmp, 1 KB, 726.bmp, 1 KB, 730.bmp, 1 KB, 734.bmp, 1 KB, 738.bmp, 1 KB, 742.bmp, 1 KB, 745.bmp, 1 KB, 749.bmp, 1 KB, 753.bmp, 1 KB, 757.bmp, 1 KB, 0.exe, 387 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 1.1.1.1, 1, one.one.one.one.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 402206
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-02-04 02:09:21
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 42

pushpopmath
.text: 77

ss register
.text: 1

garbagebytes
.text: 12

hookdetection
.text: 4

software breakpoint
.text: 1

programcontrolflowchange
.text: 12

cpuinstructionsresultscomparison
.rsrc: 1
.text: 5

AVclass
formbook
1
VirusTotal
md5
b49b5a45ceabbcabf0297376c7ff8b11
sha1
deb284810d5d7bac6b9419d99811f66503009eac
SCANS (DETECTION RATE = 53.52%)
AVG
result: Win32:Trojan-gen
update: 20200509
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=84)
update: 20200509
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200507
version: 6.19
detected: True check_circle

Bkav
update: 20200509
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200509
version: 11.107.34045
detected: False cancel

ALYac
result: Trojan.GenericKD.43106067
update: 20200509
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Trojan-gen
update: 20200509
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20200509
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20200509
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20200509
version: 7.0.46.3050
detected: False cancel

GData
result: Trojan.GenericKD.43106067
update: 20200509
version: A:25.25598B:26.18663
detected: True check_circle

Panda
update: 20200508
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200508
version: 4.4.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200509
version: 83576
detected: True check_circle

Zoner
update: 20200508
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Malware.Formbook-7399661-0
update: 20200508
version: 0.102.2.0
detected: True check_circle

Comodo
result: Malware@#1bljd3jhjjsr3
update: 20200509
version: 32422
detected: True check_circle

F-Prot
update: 20200509
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Spy.Agent
update: 20200508
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXKK-GU!B49B5A45CEAB
update: 20200509
version: 6.0.6.653
detected: True check_circle

Rising
result: Stealer.Formbook!1.C470 (CLASSIC)
update: 20200509
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200509
version: 4.98.0
detected: True check_circle

Yandex
update: 20200507
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200508
version: 2.0.0.4086
detected: False cancel

Acronis
update: 20200509
version: 1.1.1.75
detected: False cancel

Alibaba
result: TrojanSpy:MSIL/Kryptik.b2113f08
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D291BF13
update: 20200508
version: 1.0.0.875
detected: True check_circle

Cylance
result: Unsafe
update: 20200509
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200226
version: 3.0.17
detected: True check_circle

FireEye
result: Generic.mg.b49b5a45ceabbcab
update: 20200508
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200508
version: 2020-05-08.02
detected: False cancel

Tencent
update: 20200509
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200508
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200509
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200509
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.43106067
update: 20200509
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20200509
version: 4.2
detected: False cancel

Emsisoft
result: Trojan.GenericKD.43106067 (B)
update: 20200509
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20200509
version: 12.0.86.52
detected: False cancel

Fortinet
result: MSIL/Kryptik.VSR!tr
update: 20200509
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200508
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200509
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200509
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200508
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20200505
version: 3.2.25.947
detected: False cancel

AhnLab-V3
result: Malware/Win32.RL_Generic.C4087093
update: 20200508
version: 3.17.5.27267
detected: True check_circle

Antiy-AVL
update: 20200509
version: 3.0.0.1
detected: False cancel

MaxSecure
update: 20200507
version: 1.0.0.1
detected: False cancel

Microsoft
result: TrojanSpy:Win32/Swotter.A!bit
update: 20200508
version: 1.1.17000.7
detected: True check_circle

Qihoo-360
result: Generic/Trojan.Spy.beb
update: 20200509
version: 1.0.0.1120
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.VSR
update: 20200509
version: 21297
detected: True check_circle

TrendMicro
result: TROJ_GEN.R022C0WE820
update: 20200509
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.43106067
update: 20200509
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200508
version: 11.107.34043
detected: False cancel

SentinelOne
result: DFI - Malicious PE
update: 20200505
version: 2.2.0.96
detected: True check_circle

Avast-Mobile
update: 20200508
version: 200508-00
detected: False cancel

Malwarebytes
result: Trojan.Crypt
update: 20200509
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200508
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200508
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200509
version: 1.0.134.25112
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34108.ym0@aymZImm
update: 20200428
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.43106067
update: 20200509
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200508
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.fm
update: 20200508
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R022C0WE820
update: 20200509
version: 10.0.0.1040
detected: True check_circle

total
71
sha256
c609c67af44e04383084b8494a2c12170fb20127e107f2bc4138a165ed927c8f
scan_id
c609c67af44e04383084b8494a2c12170fb20127e107f2bc4138a165ed927c8f-1588995959
resource
b49b5a45ceabbcabf0297376c7ff8b11
positives
38
scan_date
2020-05-09 03:45:59
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 75.52%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 81.20%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 42.80%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.91%
suspicious: True check_circle

Add to Collection
Download