Report #10926 check_circle

  • Creation Date: Sept. 2, 2020, 7:27 p.m.
  • Last Update: Sept. 2, 2020, 7:35 p.m.
  • File: 001.exe
  • Results:
Binary
DLL
False cancel
Size
180.00KB
trid
33.6% OS/2 Executable
33.1% Generic Win/DOS Executable
33.1% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
ca5f78eeb07761ac981ecfcc2f009044
sha1
aa03c23c6d197e3500b98c5c736562ef6ceb2f6d
crc32
0x1756c17f
sha224
4fdf651c8e191d8cde17b5785d9ad57862daa2732eebe91b0f2e8f72
sha256
f9f69e564250cef3f92c212f1ca42867f53c1a5551b406ffa0d817c787c313d7
sha384
7980388e2636b06a5144c5011e9d507f8aadc703e5f868fe5250984f8b44ffd613dbe6e1e437993884f773162001e689
sha512
8faa9a702950ac2b66ebc6ca1baa1fbb8f51ff522c32116e3688d95962d55ef61f22d781ca16a4946caa7e1e00ceeeefabd3d13c16882b1e0170d0cb0c5291a1
ssdeep
3072:yCT9MFP3A6ojJHFuAkwVlVREeQXtMEuXeeNG1FVI3gO1KdjMufOSWlqfCyjIBLjw:+35SlBxVbRn7pOeA1F4gXjYSaqxeLjb0
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, tElock_098_tE, IsPacked, tElock_v098_additional, tElock_10_private_tE_additional, tElock_v098_tHE_EGOiSTE_h, CodeCrypt_v016b_v0163b_additional, tElock_V099_10_Private_tE, tElock_098_Special_Build_forgot_heXer, IsWindowsGUI, HasModified_DOS_Message, tElock_098_tE_additional, tElock_v098_tHE_EGOiSTE_h_additional, IsPE32, tElockv098tE, tElock_V099_V10_Private_tE, tElock_098_tHE_EGOiSTE_h, contentis_base64, tElock_10_private_tE, tElock_v098, tElockv098, tElock_098_Special_Build_forgot_heXer_additional, tElock098tE, tElock_v098_tE, tElock_v096, tElock_v098b1_tHE_EGOiSTE, NeoLite_v200_additional, tElock_v098b1_additional, tElock_v098b1, tElock_099_10_private_tE, tElock_v098_tHE_EGOiSTE

Suspicious
True check_circle

Strings
List
pu.Gr
I.Zw
TuW4%cl
SshoD
GetModuleHandleA
FD3E
ce8A
%/ta
=-en
m(E060idf
at (=
r_HBt6e6
4yI,,;h/
~CA"a?l1`yo
liU)1B[/
$S6T3=a-sfA
e.J,IHL_n
<E$FtW#
!i|.PD+;@fK
9NpaR"u
EvA/0Jo
ERl3/C,
dsM#9/o
W;La9S'
ht_:;U
^Dtt:o
~AvHc"]
o>ht)
?srxHt|
epaa;zi%
6%;D1E
D2EAG2H
uTYXor}
w-u)Osm
MmH+iOG
M;Oaega
3S:(t8CS
(N>thY={M
0$odSI
$Ho)^2
Ki2rt#
4!GCsU
tEly[2
^poE0
oDm3@
.Hco7
!rFE9
d2t-I
a3Dm$/
.EG&8d
*y@rE8
wD[LS2<
D(:OE
K+@MItd
"Sb&YEC
@F*asHC
\r(ic:
gOA@$U
T<]GeA
b88eS9
}(oWA
d=lE_
ys<I]
oah>:
IP_eS
L#odU
oAgu`
CPUi|
NsxTn|"
\yVEd
]rEFH
/GIvT
I&lwd
FlEh\
bapT"
2D(N=H
[dE;
^dE_
#Hi/
[UDpsS
AbNBL%
de*+
uOSVK1
LTd0&
3t/Sb
0/RHs
6yaaR
OU7gS
ma8eB
Y1osI
5hI>
7.7}#
4PhBo
8yVSE
yisW9
hA4MR
]?,9=
@#2\%
y2toh
gh,CNo

Foremost
Matches
0.exe, 180 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: user32.dll, kernel32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 8192
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 184930
Suspicous: False cancel

Sections
Allowed: .cle, .rsrc,
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 244694
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: user32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-05-03 18:14:15
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: NeoLite v2.00, tElock 0.99 - 1.0 private -> tE!, tElock v0.98b1, CodeCrypt v0.16b - v0.163b, tElock v0.98, tElock 0.98 -> tE!
Compiled: False cancel
Compilers
MainPacker: tElock 0.98 -> tE!

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.cle: 82
.rsrc: 1

pushpopmath
.cle: 54
.rsrc: 3

garbagebytes
.cle: 28

hookdetection
.cle: 8

software breakpoint
.cle: 2

programcontrolflowchange
.cle: 28

AVclass
lmwca8vxylk
1
VirusTotal
md5
ca5f78eeb07761ac981ecfcc2f009044
sha1
aa03c23c6d197e3500b98c5c736562ef6ceb2f6d
SCANS (DETECTION RATE = 43.48%)
AVG
result: Win32:Evo-gen [Susp]
update: 20200902
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200902
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=80)
update: 20200902
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200901
version: 6.66
detected: True check_circle

Bkav
update: 20200901
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200902
version: 11.133.35146
detected: False cancel

ALYac
update: 20200902
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:Evo-gen [Susp]
update: 20200902
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20200902
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20200902
version: 4.0.0.24
detected: True check_circle

Cyren
update: 20200902
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.Siggen9.44167
update: 20200902
version: 7.0.48.8080
detected: True check_circle

GData
result: Gen:Trojan.Heur.DNP.lmWca8VXYLk
update: 20200902
version: A:25.26861B:27.20030
detected: True check_circle

Panda
update: 20200902
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200902
version: 4.4.1
detected: False cancel

VIPRE
update: 20200902
version: 86398
detected: False cancel

Zoner
update: 20200902
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200902
version: 0.102.4.0
detected: False cancel

Comodo
result: TrojWare.Win32.TrojanDownloader.Dadobra.~AXN@498r4p
update: 20200728
version: 32668
detected: True check_circle

Ikarus
update: 20200902
version: 0.1.5.2
detected: False cancel

McAfee
result: GenericRXLE-RD!1E28A3B9AA94
update: 20200902
version: 6.0.6.653
detected: True check_circle

Rising
update: 20200902
version: 25.0.0.26
detected: False cancel

Sophos
result: Mal/MSIL-UG
update: 20200902
version: 4.98.0
detected: True check_circle

Yandex
update: 20200901
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200902
version: 2.0.0.4167
detected: False cancel

Acronis
result: suspicious
update: 20200806
version: 1.1.1.77
detected: True check_circle

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Heur.DNP.lmWca8VXYLk
update: 20200902
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200902
version: 2.3.1.101
detected: False cancel

Elastic
result: malicious (high confidence)
update: 20200831
version: 4.0.8
detected: True check_circle

FireEye
result: Generic.mg.ca5f78eeb07761ac
update: 20200902
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200902
version: 2020-09-02.02
detected: False cancel

Tencent
update: 20200902
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200902
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200902
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_100%
update: 20200902
detected: True check_circle

Ad-Aware
result: Gen:Trojan.Heur.DNP.lmWca8VXYLk
update: 20200902
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200902
version: 4.2
detected: False cancel

F-Secure
update: 20200902
version: 12.0.86.52
detected: False cancel

Fortinet
result: MSIL/GenKryptik.EJUF!tr
update: 20200902
version: 6.2.142.0
detected: True check_circle

Invincea
result: ML/PE-A + Mal/MSIL-UG
update: 20200902
version: 1.0.1.0
detected: True check_circle

Jiangmin
update: 20200902
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200902
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200902
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20200902
version: 1.12.0.0
detected: True check_circle

AhnLab-V3
update: 20200902
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
update: 20200902
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200902
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20200902
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:MSIL/AgentTesla.BL!MTB
update: 20200902
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
result: HEUR/QVM18.1.AABB.Malware.Gen
update: 20200902
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200902
version: 1.0
detected: True check_circle

Cybereason
result: malicious.eb0776
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
update: 20200902
version: 21926
detected: False cancel

TrendMicro
update: 20200902
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Trojan.Heur.DNP.lmWca8VXYLk
update: 20200902
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (D)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200902
version: 11.133.35146
detected: False cancel

SentinelOne
result: DFI - Malicious PE
update: 20200724
version: 4.4.0.0
detected: True check_circle

Malwarebytes
update: 20200902
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20200902
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200902
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200902
version: 1.0.134.25140
detected: False cancel

BitDefenderTheta
result: AI:Packer.F15808101F
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Trojan.Heur.DNP.lmWca8VXYLk
update: 20200902
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200828
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200902
version: 10.0.0.1040
detected: False cancel

total
69
sha256
f9f69e564250cef3f92c212f1ca42867f53c1a5551b406ffa0d817c787c313d7
scan_id
f9f69e564250cef3f92c212f1ca42867f53c1a5551b406ffa0d817c787c313d7-1599085679
resource
ca5f78eeb07761ac981ecfcc2f009044
positives
30
scan_date
2020-09-02 22:27:59
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 63.54%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 59.86%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 62.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 55.09%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.92%
suspicious: True check_circle

Add to Collection
Download