Report #1107 check_circle

  • Creation Date: Oct. 30, 2019, 5:46 p.m.
  • Last Update: Oct. 30, 2019, 9:23 p.m.
  • File: NvSmartMax.dll
  • Results:
Binary
DLL
True check_circle
Size
6.71MB
trid
38.3% Win32 Dynamic Link Library
26.2% Win32 Executable
11.8% OS/2 Executable
11.6% Generic Win/DOS Executable
11.6% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
2c26e51d47f4872f379ba57ff2e3b04a
sha1
637b1a6abe705b12e0a1efb626ffbd67a53e91fa
crc32
0x7050a1f4
sha224
7e2d72ebe85268f6ae7c85f83c377666cf45fbd695836cdf6cf63f9b
sha256
596a28f4db109930af576a61e56f2e7b1946fbb27b4ccd6ca9aedba69c4ea87f
sha384
9ae3f450fd967f9a747ff8b439b85f47bd86725cb5aa55866172f36297b9be618cefedb5dbc59aa9ca248ed323ab72bb
sha512
cbd3884d11e6bcbf95360cfb3a5141328e1a068d0468fe3c1df660b18e63d670a6ec0be968d70af6479fc622c283b7fdf776e8c1b2ef076dc8919a4070c9793a
ssdeep
98304:VgHeGgadVEcYXpLpb1EO+29Fkuix59wARf0dW9cJAyQalua6rQRY/nr3Ss:3pagLJphETokuix5mPdYn/Aua6s2f7S
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IsDLL, IP, contentis_base64, IsPacked, Microsoft_Visual_Basic_v50, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
h.SC
t.hN
tk.tN
E.eC
o.Ve
E.PA
a.EG
i.Pr
P_.ie
8.th
ih.do
t.TN
I.eR
_.NA
_.so
U.pt
8Y.Bo
1.Ve
y.lK
Cb.MM
N.cy
G.BY
py.Rw
c.Ve
2.Aw
1t.CV
gh.cV
Y.np
g.ID
E.bm
b.nU
LX.th
c.Mo
2.MA
v.AR
W.TF
-.bo
p.lu
h.hu
4.nL
H.Pk
8.Kp
q.Gu
sh.Cz
z.Dz
Z.uG
z.Dz
z.Dz
g2.uZ
kw.kE
wU.uZ
z.Dz
f.zW
A5z.Dz
z.Dz
z.Dz
z.PN
Z.Lk
gi.Mq
E9f.NE<
ZH.cc
Us.Id/
mft.pt!~
P.tcr@
_WTSAPI32.dll
netapi32.dll
version.dll
Project1.dll
1.0.0.0
1.0.0.0
SHFolder.dll
C.Cbs)4
t.iR`
:&Ia.Si
+8.aR
],0}$|
?Ec_3:w
D1$$AYfD
M26rsG[~
uni,U5]b
mt&oN3
kfDnIW;#7
&o7sc
3dwr;y
m-e&o
$AYfD;
~AYfD;
1nOeW,f4d
;>%/
!]?#
~%/
{ IPs70
s d:*/h:&o
T|Oc
O(wR
WI:E
I:ps
RdS;
~fDt
NI:G

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed
hasFiles: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 166400
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 0
Suspicious: True check_circle
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: True check_circle

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .rdata, .vmp0, .vmp1, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6757024
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed
hasLibs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: False cancel
Value: 0
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 4900

pushpopmath
none: 1729

ss register
none: 47

garbagebytes
none: 2803

hookdetection
none: 114

software breakpoint
none: 108

fakeconditionaljumps
none: 91

programcontrolflowchange
none: 2715

cpuinstructionsresultscomparison
none: 12

AVclass
vmprotbad
1
VirusTotal
md5
2c26e51d47f4872f379ba57ff2e3b04a
sha1
637b1a6abe705b12e0a1efb626ffbd67a53e91fa
SCANS (DETECTION RATE = 49.28%)
AVG
result: Win32:Malware-gen
update: 20191025
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=83)
update: 20191025
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20191025
version: 5.77
detected: True check_circle

Bkav
update: 20191024
version: 1.3.0.10239
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20191023
version: 11.74.32341
detected: True check_circle

ALYac
result: Trojan.GenericKD.32569051
update: 20191025
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20191025
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1017643
update: 20191025
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20191025
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20191025
version: 7.0.41.7240
detected: False cancel

GData
result: Trojan.GenericKD.32569051
update: 20191025
version: A:25.23765B:26.16412
detected: True check_circle

Panda
result: Trj/CI.A
update: 20191024
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20191024
version: 4.2.0
detected: False cancel

VIPRE
update: 20191025
version: 78832
detected: False cancel

Zoner
update: 20191021
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20191024
version: 0.102.0.0
detected: False cancel

Comodo
update: 20191025
version: 31643
detected: False cancel

F-Prot
update: 20191025
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20191024
version: 0.1.5.2
detected: False cancel

McAfee
result: Artemis!2C26E51D47F4
update: 20191025
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Generic@ML.97 (RDMK:zOf4krFOiay1IV0JFTGutg)
update: 20191025
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/VMProtBad-A
update: 20191025
version: 4.98.0
detected: True check_circle

Yandex
update: 20191023
version: 5.5.2.24
detected: False cancel

Zillya
update: 20191024
version: 2.0.0.3932
detected: False cancel

Acronis
result: suspicious
update: 20191018
version: 1.1.1.58
detected: True check_circle

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Generic.D1F0F6DB
update: 20191025
version: 1.0.0.861
detected: True check_circle

Cylance
result: Unsafe
update: 20191025
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190918
version: 3.0.15
detected: True check_circle

FireEye
result: Generic.mg.2c26e51d47f4872f
update: 20191025
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20191025
version: 2019-10-25.01
detected: False cancel

Tencent
update: 20191025
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20191025
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20191025
version: 1.0.0.403
detected: False cancel

eGambit
update: 20191025
version: v5.0.6
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.32569051
update: 20191025
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20191025
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.32569051 (B)
update: 20191025
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Heuristic.HEUR/AGEN.1017643
update: 20191025
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/VMProtBad.A!tr
update: 20191025
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190904
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20191025
version: 16.0.100
detected: False cancel

Kingsoft
update: 20191025
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20191025
version: 1.0
detected: False cancel

Symantec
result: Trojan Horse
update: 20191024
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
update: 20191025
version: 3.16.3.25410
detected: False cancel

Antiy-AVL
result: Trojan/Win32.Wacatac
update: 20191025
version: 3.0.0.1
detected: True check_circle

Kaspersky
update: 20191025
version: 15.0.1.13
detected: False cancel

Microsoft
result: Trojan:Win32/Tiggre!plock
update: 20191025
version: 1.1.16500.1
detected: True check_circle

Qihoo-360
update: 20191025
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20191025
version: 1.0
detected: False cancel

ESET-NOD32
update: 20191025
version: 20237
detected: False cancel

TrendMicro
result: TROJ_GEN.R002C0RJA19
update: 20191025
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.32569051
update: 20191025
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20191025
version: 11.74.32354
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20191012
version: 191012-04
detected: False cancel

Malwarebytes
update: 20191025
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20191024
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20191024
version: 14.00
detected: False cancel

NANO-Antivirus
result: Virus.Win32.Gen.ccmw
update: 20191025
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.32569051
update: 20191025
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20191019
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.vc
update: 20191025
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0RJA19
update: 20191025
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
596a28f4db109930af576a61e56f2e7b1946fbb27b4ccd6ca9aedba69c4ea87f
scan_id
596a28f4db109930af576a61e56f2e7b1946fbb27b4ccd6ca9aedba69c4ea87f-1571980637
resource
2c26e51d47f4872f379ba57ff2e3b04a
positives
34
scan_date
2019-10-25 05:17:17
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
30/10/2019 - 20:45:52.450Open2080C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe.Local
30/10/2019 - 20:45:52.450Open2080C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
30/10/2019 - 20:45:52.450Unknown2080C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
30/10/2019 - 20:45:52.450Open2080C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
30/10/2019 - 20:45:52.450Open2080C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
30/10/2019 - 20:45:52.450Open2080C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
30/10/2019 - 20:45:52.450Open2080C:\Windows\SysWOW64\rundll32.exeC:\Windows\WindowsShell.Manifest
30/10/2019 - 20:45:52.450Unknown2080C:\Windows\SysWOW64\rundll32.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
30/10/2019 - 20:45:52.559Unknown2080C:\Windows\SysWOW64\rundll32.exeC:\Windows
30/10/2019 - 20:45:52.559Unknown2080C:\Windows\SysWOW64\rundll32.exeC:\Monitor
30/10/2019 - 20:45:52.559Unknown2080C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
30/10/2019 - 20:45:52.653Unknown1480C:\Windows\System32\rundll32.exeC:\Monitor

Process
Trace
30/10/2019 - 20:45:52.559Terminate1480C:\Windows\System32\rundll32.exe2080C:\Windows\SysWOW64\rundll32.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 85.66%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 92.37%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 73.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 43.55%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download