Report #11078 check_circle

  • Creation Date: Sept. 7, 2020, 8:18 p.m.
  • Last Update: Sept. 7, 2020, 8:42 p.m.
  • File: 005
  • Results:
Binary
DLL
False cancel
Size
172.50KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
5a14e0ef81ea15e9afd4defdeaa840ae
sha1
a2a477a36236e38ca0140e3f751006a624f142ef
crc32
0x1331591f
sha224
9b45cc71219c5a4ee07f84c9229bbd2bb1e1bcbf247fcfaaef1ca321
sha256
4b12f4fdf07d06fb59b5619d01a293c51d32efd183d45a87459b47d5169cfe51
sha384
406c772d6dad488d0996a656e98602a989e82925c98ecfb5f5f3760e8d97caf546a435adccf7e32c6e184551ee1d61bc
sha512
ffb8a416fd0e8e39cc8cbab881c2f22edb03948665d2cb63dc6ccb83e56f64b22a0c837257beda076877e8d8d00588a9bdd8b4f8571deae11da2fe8503f87b01
ssdeep
1536:s/lLWqbPoATxKPTPCl+X8KY9/JOed/ohT6NxAMQ854URociX4Q2jw/mb3rU9:s/lLW2PoAp/xZdd/vsXQ4URoQM/
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, HasDebugData, IP, IsPE32, Obsidium_v10059_Final, IsWindowsGUI

Suspicious
True check_circle

Strings
List
C:\lihedoyeyusun\pezigekoyipu\herubodojog.pdb
94773\bin\dutisulek.pdb
1.3.3.4
xjelishu.izi
<=UOLPKA=VECCA
57-3$&)&&&%%&)6&3:"$.,
%%')!
jThH%A
mscoree.dll
GetProcAddress
ExitProcess
IsDebuggerPresent
TerminateProcess
VirtualAlloc
LoadLibraryA
QueryPerformanceCounter
GetModuleFileNameA
HeapCreate
GetModuleFileNameW
RemoveDirectoryA
FindFirstFileExA
CreateFileW
WriteFile
GetModuleHandleW
GetTickCount
SleepEx
Sleep
GetCPInfo
A=CACANCA;4M=
-v|34ea&
ZMUUAO@<:E
B;L>OADC<4MM
GCEEISHFD\
=VP=KABB9=;W=?LS
4/A|ladk
&.*?cgfu_ZSE
VWEJJLGER_
EqduRAC_
wsoirzGT`
9:<bqmntyWO[
DD[IRNl|{z~
IICEERP2
92-99.72,..+,429
.39/<,5,2;+22.
(-+/293<1.
:543,--95#54/4)(&&5.
BOKM=CRCPP]%
C===D=NL
et_VOl)
`.rdata
InterlockedIncrement
InterlockedDecrement
e4@Sc
e<4Cl
B6e}+t
HSDSRRRJ]V]RMt
Kl>9T/h
InternalName
FileVersionBeer
StringFileInfo
TFJSSTJDP]sswtxy
@.data
WEDE&
mSS<n:|
eCO3N4
SXSPKjuwrpl
WideCharToMultiByte
HUTO1
pddbdbbghgenefwty
OR[rb
E;ypl
!5463=
1.7.54
Tasih gazomavova peza
h(%A
h(&A
RIODL
PIIDB
xoN5ye
!cr1%H
(,2-83
WWRWRGHUZHBbw
[ //#
r2@sw
ncdddfe
Ih.7
""}*3
slcfcdgggpg
WSHGJO
#(Vnds
OD4l
Thp%,
t+Ht
wIVSP
)vmlPR
hoC@
SUVWh
oD*n
i(Co
]aRW

Foremost
Matches
0.exe, 172 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.3.3.4, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, mscoree.dll, ADVAPI32.dll, USER32.DLL
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4778496
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 219641
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 9.0
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5357
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, mscoree.dll, advapi32.dll, user32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-12-18 04:41:22
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 4
.text: 20

pushpopmath
.rsrc: 1
.text: 7
.rdata: 6

ss register
.text: 1

garbagebytes
.rsrc: 2
.text: 9

programcontrolflowchange
.rsrc: 2
.text: 9

cpuinstructionsresultscomparison
.rsrc: 10

AVclass
rack
1
VirusTotal
md5
5a14e0ef81ea15e9afd4defdeaa840ae
sha1
a2a477a36236e38ca0140e3f751006a624f142ef
SCANS (DETECTION RATE = 81.43%)
AVG
result: Win32:DropperX-gen [Drp]
update: 20200811
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200811
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=100)
update: 20200811
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200810
version: 6.58
detected: True check_circle

Bkav
result: W32.AIDetectVM.malware2
update: 20200811
version: 1.3.0.9899
detected: True check_circle

K7GW
result: Riskware ( 0040eff71 )
update: 20200811
version: 11.129.34963
detected: True check_circle

ALYac
result: Trojan.Ransom.Paymen45
update: 20200811
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:DropperX-gen [Drp]
update: 20200811
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Crypt.ZPACK.etnjk
update: 20200811
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20200811
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/Trojan.ZPCR-8543
update: 20200811
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Encoder.31792
update: 20200811
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.33820058
update: 20200811
version: A:25.26564B:27.19766
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200811
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanRansom.Rack
update: 20200811
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200811
version: 85864
detected: True check_circle

Zoner
update: 20200811
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200810
version: 0.102.4.0
detected: False cancel

Comodo
result: Malware@#1lv3lugp44fre
update: 20200728
version: 32668
detected: True check_circle

F-Prot
result: W32/GandCrab.BD.gen!Eldorado
update: 20200811
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Win32.Krypt
update: 20200811
version: 0.1.5.2
detected: True check_circle

McAfee
result: Trojan-FSEV!5A14E0EF81EA
update: 20200811
version: 6.0.6.653
detected: True check_circle

Rising
result: Ransom.Rack!8.2ED (C64:YzY0OqLx22+AcK9w)
update: 20200811
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/GandCrab-G
update: 20200811
version: 4.98.0
detected: True check_circle

Yandex
update: 20200707
version: 5.5.2.24
detected: False cancel

Zillya
result: Trojan.Rack.Win32.408
update: 20200810
version: 2.0.0.4151
detected: True check_circle

Acronis
result: suspicious
update: 20200806
version: 1.1.1.77
detected: True check_circle

Alibaba
result: Ransom:Win32/Gandcrab.6dd3587b
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2040D9A
update: 20200811
version: 1.0.0.877
detected: True check_circle

Cylance
result: Unsafe
update: 20200811
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20200727
version: 4.0.6
detected: True check_circle

FireEye
result: Generic.mg.5a14e0ef81ea15e9
update: 20200811
version: 32.36.1.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200811
version: 2020-08-11.02
detected: False cancel

Tencent
update: 20200811
version: 1.0.0.1
detected: False cancel

ViRobot
result: Trojan.Win32.S.Paymen45.176640
update: 20200811
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Ransom.Gen
update: 20200811
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_98%
update: 20200811
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.33820058
update: 20200811
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Rack.trn0
update: 20200811
version: 4.2
detected: True check_circle

F-Secure
result: Trojan.TR/Crypt.ZPACK.etnjk
update: 20200811
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/GandCrab.G!tr
update: 20200811
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Trojan.Rack.gj
update: 20200811
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200811
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200811
version: 1.0
detected: True check_circle

Symantec
result: Packed.Generic.525
update: 20200811
version: 1.11.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win.MalPe.X2065
update: 20200811
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
result: Trojan[Ransom]/Win32.Rack
update: 20200811
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20200811
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200811
version: 1.0.0.1
detected: False cancel

Microsoft
result: Ransom:Win32/Gandcrab.AHB!MTB
update: 20200811
version: 1.1.17300.4
detected: True check_circle

Qihoo-360
result: Win32/Trojan.Ransom.830
update: 20200811
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20200811
version: 1.0
detected: True check_circle

Cybereason
result: malicious.36236e
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Kryptik.HDGO
update: 20200811
version: 21805
detected: True check_circle

TrendMicro
result: Ransom_Gandcrab.R011C0DEC20
update: 20200811
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33820058
update: 20200811
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20200811
version: 11.129.34965
detected: True check_circle

SentinelOne
result: DFI - Suspicious PE
update: 20200724
version: 4.4.0.0
detected: True check_circle

Malwarebytes
result: Trojan.MalPack.GS
update: 20200811
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200811
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200811
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200811
version: 1.0.134.25119
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZexaF.34152.kq0@aeV20bpG
update: 20200805
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33820058
update: 20200811
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200807
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: Ransom_Gandcrab.R011C0DEC20
update: 20200811
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
4b12f4fdf07d06fb59b5619d01a293c51d32efd183d45a87459b47d5169cfe51
scan_id
4b12f4fdf07d06fb59b5619d01a293c51d32efd183d45a87459b47d5169cfe51-1597172074
resource
5a14e0ef81ea15e9afd4defdeaa840ae
positives
57
scan_date
2020-08-11 18:54:34
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 62.50%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 64.54%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 52.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 50.81%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download