Report #10891 check_circle

  • Creation Date: July 10, 2020, 11:22 p.m.
  • Last Update: July 10, 2020, 11:27 p.m.
  • File: scan00465.pdf.exe
  • Results:
Binary
DLL
False cancel
Size
256.50KB
trid
81.0% Generic CIL Executable
7.2% Win32 Dynamic Link Library
4.9% Win32 Executable
2.2% OS/2 Executable
2.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
5c23fa7ba9d5437af31e65a25e02ebeb
sha1
c4fe673e802437070e42e717166128770db035d8
crc32
0xcc8e0f7e
sha224
72fe89b4182d9c196ef1dfb39fbcbb2af17c13941d1c614746af1203
sha256
6ebe953cbd64c1fc7a97e28bbff6e35881c883a409cbdcbffe540db77f88e6c1
sha384
a36e06f76d96bad965f14987aff58fde30a58f39154af72606d0e28504d57f81765475b358dc0b4b0ee2c322cf006731
sha512
6f590ca57c70a832f1558533ab0ba7b50550157f98da5f03eccdc9516bf95ab41ab737d73fe8a25c19c9e54fcc7f183d263fb9e29534bc434d3ce38731618dbe
ssdeep
6144:gHc2xWYKAs4hzexuiCAzME1syoYcfkmRBtQZx9gg+7a:SHxN1ZqCnUoYGVBSW
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, NETDLLMicrosoft, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
exiygmb5.gdn
mwetawxr.pid
l1w15eje.mba
je51bd30.ing
qd2g3tsb.aig
wunsgn1c.cfa
x1guvfyy.mma
rvefw5kg.nba
prhp1i51.kfh
C:\Users\Raz\Documents\Visual Studio 2015\Projects\STUB214\ClassLibrary1\obj\Debug\ZImBOZX.pdb
mzt1zn5s.htc
d2ixkshj.com
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
rrdp353a.vrq
p.Mv
g.cM
ofsb1sql.fyr
System.Security.Cryptography
P5\b.AW/f
zhy2tpl2.jsw
5e12dbm3.tiz
wp12feoi.nmy
53bcpbnk.tpo
stp31hxi.onw
bknqz2uf.tps
nnd0kq3y.rcn
5tnaw2na.bnn
41tyo3nn.yym
31wcpott.ssy
rbtt2nu1.wup
r2tp2g40.qfe
fwuxttho.usj
bjh0ap4t.rxu
0fnnc102.scl
kenf2sdd.ltt
nnpss3wh.jow
acal4ab3.ymn
oc0smo00.jao
ocaa430d.bbi
0fodizoc.rcs
0yp0aycl.ggg
ypnle1e2.xfh
rwguvebj.eut
stnn5gbk.tey
owi5lxk0.xmn
gypsz4pl.oyk
typuebce.vyf
tn0mu2lc.grc
y0rca1di.gxz
woa2uju1.hrc
pip25xsu.rci
1s3foyrc.utu
lbcow32w.naq
maqje3w0.own
q5owgym0.cis
5phohm5v.xpt
phzfvdnn.dlp
sv2c24rm.wip
wiiw1fn0.kyh
zhowwxg1.kes
m3b3tz53.iwt
hkg3s141.pxi
51ry5do4.ndv
d4e2w14v.oyb
a0c522hf.mvg
3j3to0b3.uih
2y0i20ur.cmc
l2420fgi.sqo
b1c25t3k.lyl
nzypq5pw.rdo
um0il0wv.xqa
o02ziee4.jil
rpk24yns.zor
lb1sorh3.kdw
5n3vbuoo.vlk
bubimn04.cft
qje34r1o.buo
ooruo32q.ohn
ekil1nrc.tzw
rhmij4dk.hon
kgo3hg2n.zhi
ap4it3j3.wlp
eukj52pv.lry
1dlwbw2u.nve
hne4b5d1.vth
rd1iuo33.aza
he1ia2ts.vvt
4naj2tjg.add
onc3t32g.uxj
4xei0thi.fmr
ahnwlq21.frt
i0daqh30.nrv
yod1h02a.jae
o4rjh1x0.mso
3ji20psm.sed
35l2rpfy.lad
rp0oa2at.gcq
24qheqhy.wut
3uhaczc2.niw
0pxdmol4.haz

Foremost
Matches
0.exe, 256 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ZImBOZX.dll, user32.dll, uxtheme.dll, mscoree.dll
hasFiles: True check_circle
Suspicious: kdtmkhij.txt
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 7680
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 290931
Suspicous: False cancel

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 262174
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, uxtheme.dll, mscoree.dll
hasLibs: True check_circle
Suspicious: zimbozx.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-05-25 12:19:02
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 1
.text: 90

pushpopmath
.text: 152

ss register
.text: 1

garbagebytes
.text: 28

hookdetection
.text: 4

programcontrolflowchange
.text: 28

cpuinstructionsresultscomparison
.rsrc: 1
.text: 2

AVclass
lokibot
1
VirusTotal
md5
5c23fa7ba9d5437af31e65a25e02ebeb
sha1
c4fe673e802437070e42e717166128770db035d8
SCANS (DETECTION RATE = 79.71%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200608
version: 18.4.3895.0
detected: True check_circle

MAX
result: malware (ai score=85)
update: 20200608
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200607
version: 6.33
detected: True check_circle

Bkav
update: 20200608
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 005676301 )
update: 20200608
version: 11.114.34336
detected: True check_circle

ALYac
result: Trojan.GenericKD.33905193
update: 20200608
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:PWSX-gen [Trj]
update: 20200608
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.LokiBot.iqwau
update: 20200608
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/MSIL_Troj.VE.gen!Eldorado
update: 20200608
version: 6.3.0.2
detected: True check_circle

DrWeb
update: 20200608
version: 7.0.46.3050
detected: False cancel

GData
result: Trojan.GenericKD.33905193
update: 20200608
version: A:25.25868B:27.19018
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200608
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20200608
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200608
version: 84314
detected: True check_circle

Zoner
update: 20200608
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200607
version: 0.102.3.0
detected: False cancel

Comodo
update: 20200608
version: 32517
detected: False cancel

F-Prot
result: W32/MSIL_Troj.VE.gen!Eldorado
update: 20200608
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Inject
update: 20200608
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic.grp
update: 20200608
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.Androm!8.113 (CLOUD)
update: 20200608
version: 25.0.0.25
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200608
version: 4.98.0
detected: True check_circle

Zillya
result: Trojan.Kryptik.Win32.2037116
update: 20200606
version: 2.0.0.4105
detected: True check_circle

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
result: TrojanSpy:MSIL/AgentTesla.8197b4c9
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2055A29
update: 20200608
version: 1.0.0.875
detected: True check_circle

Cylance
result: Unsafe
update: 20200608
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200529
version: 4.0.4
detected: True check_circle

FireEye
result: Generic.mg.5c23fa7ba9d5437a
update: 20200608
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200608
version: 2020-06-08.02
detected: False cancel

Tencent
result: Msil.Backdoor.Androm.Swbb
update: 20200608
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Z.Agent.262656.IT
update: 20200608
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Malware.Gen
update: 20200608
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_100%
update: 20200608
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.33905193
update: 20200608
version: 3.0.5.370
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33905193 (B)
update: 20200605
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.LokiBot.iqwau
update: 20200608
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Generic.WAM!tr
update: 20200608
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Trojan.Generic.fgpab
update: 20200607
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200608
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200608
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.MBT
update: 20200608
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20200505
version: 3.2.25.947
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Kryptik.R338187
update: 20200608
version: 3.17.6.27456
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.PWSteal
update: 20200608
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.MSIL.Androm.gen
update: 20200608
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200606
version: 1.0.0.1
detected: False cancel

Microsoft
result: TrojanSpy:MSIL/AgentTesla.PRB!MTB
update: 20200608
version: 1.1.17100.2
detected: True check_circle

Qihoo-360
result: Generic/Trojan.BO.c1f
update: 20200608
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Backdoor.MSIL.Androm.gen
update: 20200608
version: 1.0
detected: True check_circle

Cybereason
result: malicious.e80243
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.WAM
update: 20200608
version: 21457
detected: True check_circle

TrendMicro
result: Trojan.Win32.PWSTEAL.USXVPEQ20
update: 20200608
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33905193
update: 20200608
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_80% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005676301 )
update: 20200608
version: 11.113.34333
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200601
version: 4.3.0.105
detected: True check_circle

Avast-Mobile
update: 20200608
version: 200608-00
detected: False cancel

Malwarebytes
result: Spyware.LokiBot
update: 20200608
version: 3.6.4.335
detected: True check_circle

CAT-QuickHeal
result: Trojan.Generic
update: 20200608
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20200608
version: 1.0.134.25112
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34126.qm0@aSxnT8f
update: 20200603
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33905193
update: 20200608
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200605
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Generic.grp
update: 20200608
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: Trojan.Win32.PWSTEAL.USXVPEQ20
update: 20200608
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
6ebe953cbd64c1fc7a97e28bbff6e35881c883a409cbdcbffe540db77f88e6c1
scan_id
6ebe953cbd64c1fc7a97e28bbff6e35881c883a409cbdcbffe540db77f88e6c1-1591616739
resource
5c23fa7ba9d5437af31e65a25e02ebeb
positives
55
scan_date
2020-06-08 11:45:39
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 70.99%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 83.83%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 61.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 53.53%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.99%
suspicious: True check_circle

Add to Collection
Download