Report #11123 cancel

  • Creation Date: Sept. 8, 2020, 12:46 a.m.
  • Last Update: Sept. 8, 2020, 12:47 a.m.
  • File: 044
  • Results:
Binary
DLL
False cancel
Size
344.00KB
trid
40.0% Win32 Executable MS Visual C++
35.4% Win64 Executable
8.4% Win32 Dynamic Link Library
5.7% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
61506482ddd28756e443b3de05a3b1cf
sha1
8d7effb5a456289d13f725486a30bed727a01be0
crc32
0x98ba6c8d
sha224
2d469ea490e12114ef2c4f88e18ccbd6ebf16da1b8592de131b0467c
sha256
15e3107a2c30da16832db6f9cdadd38c7a202d72b6a43899b9642d3b695d6f50
sha384
12877c4d2938a75ff4226c1c9cb543d5f5a5d299b35b74ac0f189f8f6b383828c46b39aa0651c14d55301c424e35ceef
sha512
18a7178209e6e9edd15e22c97ad15b049370fe457fcec815fe702d75514014460f80326e3a4ae6ca496582467c57398cdb250bf826b76e62bf2c56e1f38efe46
ssdeep
6144:lulpMmWxFAppqxH1Hj1uJGEYpxQoCM4TU79zJlDpIafgul3:klp8Huqv8YTQoC9U7HlDpZY
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, anti_dbg, contentis_base64, Visual_Cpp_2003_DLL_Microsoft, IsPacked, win_files_operation, IsPE32, Check_OutputDebugStringA_iat, IsWindowsGUI

Suspicious
True check_circle

Strings
List
C0B.Il
strcpy_s(resultstr, resultsize, autofos.man)
f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgdel.cpp
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp
nataded.exe
Debug %s!
Debug %s!
IT+[-D
f:\dd\vctools\crt_bld\self_x86\crt\src\convrtcp.c
%uP42NS%#Xb8c
t)%cl
\r%F<N
Buffer is too small
Program: %s%s%s%s%s%s%s%s%s%s%s%s
Program: %s%s%s%s%s%s%s%s%s%s%s%s
Client hook re-allocation failure at file %hs line %d.
Client hook allocation failure at file %hs line %d.
%hs(%d) :
Data: <%s> %s
mscoree.dll
,O.bV
(unsigned)(c + 1) <= 256
client block at 0x%p, subtype %x, %Iu bytes long.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
("Invalid file descriptor. File possibly closed by a different thread",0)
The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
normal block at 0x%p, %Iu bytes long.
Bad memory block found at 0x%p.
Bad memory block found at 0x%p.
Memory allocated at %hs(%d).
Memory allocated at %hs(%d).
Memory allocated at %hs(%d).
Memory allocated at %hs(%d).
Memory allocated at %hs(%d).
Memory allocated at %hs(%d).
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
The Block at 0x%p was allocated by aligned routines, use _aligned_free()
crt block at 0x%p, subtype %x, %Iu bytes long.
GetProcAddress
%hs located at 0x%p is %Iu bytes long.
%hs located at 0x%p is %Iu bytes long.
For more information, see the "Visual C++ Libraries as Shared Side-by-Side Assemblies" topic in the product documentation.
ExitProcess
#File Error#(%d) :
CreateEventW
An application has made an attempt to load the C runtime library without using a manifest.
$I10_OUTPUT
IsDebuggerPresent
TerminateProcess
VirtualAlloc
VirtualProtect
Error: possible heap corruption at or near 0x%p
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
CRT detected that the application wrote to memory after end of heap buffer.
CRT detected that the application wrote to memory before start of heap buffer.
CRT detected that the application wrote to memory after end of heap buffer.
CRT detected that the application wrote to memory before start of heap buffer.
SetFilePointer
LoadLibraryW
HeapCreate
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
WriteFile
CreateFileA
QueryPerformanceCounter
GetModuleFileNameW
LoadLibraryA
CRT detected that the application wrote to a heap buffer that was freed.
CRT detected that the application wrote to a heap buffer that was freed.
String is not null terminated
This is an unsupported way to load Visual C++ DLLs. You need to modify your application to build with a manifest.
AFX_DIALOG_LAYOUT
GetTickCount
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c
f:\dd\vctools\crt_bld\self_x86\crt\src\a_env.c
f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c
f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c
_write
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c

Foremost
Matches
0.exe, 344 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: WUSER32.DLL, kernel32.dll, mscoree.dll, MSPDB80.DLL, USER32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 107520
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 414684
Suspicous: False cancel

Sections
Allowed: .text, .data, .tls, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 9.0
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 174288
Suspicious: False cancel

Anomalies
Anomalies: The export table TimeDateStamp and the file header TimeDateStamp do not march.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, mscoree.dll, user32.dll
hasLibs: True check_circle
Suspicious: wuser32.dll, mspdb80.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-07-03 09:20:21
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 1
.rsrc: 1
.text: 82

pushpopmath
.text: 50
.reloc: 8

ss register
.text: 1

garbagebytes
.data: 1
.text: 34

hookdetection
.text: 3
.reloc: 1

software breakpoint
.text: 2
.reloc: 1

fakeconditionaljumps
.text: 16

programcontrolflowchange
.data: 1
.text: 30

cpuinstructionsresultscomparison
.rsrc: 6

AVclass
swisyn
1
VirusTotal
md5
61506482ddd28756e443b3de05a3b1cf
sha1
8d7effb5a456289d13f725486a30bed727a01be0
SCANS (DETECTION RATE = 83.08%)
AVG
result: Win32:Trojan-gen
update: 20200905
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200904
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=100)
update: 20200905
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200904
version: 6.67
detected: True check_circle

Bkav
result: W32.AIDetectVM.malware2
update: 20200904
version: 1.3.0.9899
detected: True check_circle

K7GW
result: Trojan ( 0055e15c1 )
update: 20200905
version: 11.134.35171
detected: True check_circle

ALYac
result: Trojan.Ransom.VegaLocker
update: 20200905
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Trojan-gen
update: 20200905
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1123244
update: 20200905
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20200904
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/Trojan.LYTW-2191
update: 20200904
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Encoder.31068
update: 20200905
version: 7.0.48.8080
detected: True check_circle

GData
result: Gen:Variant.Ursu.766478
update: 20200905
version: A:25.26888B:27.20055
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200904
version: 4.6.4.2
detected: True check_circle

VBA32
result: Malware-Cryptor.Limpopo
update: 20200904
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200904
version: 86448
detected: True check_circle

Zoner
update: 20200904
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200904
version: 0.102.4.0
detected: False cancel

Comodo
result: TrojWare.Win32.UMal.scvkz@0
update: 20200728
version: 32668
detected: True check_circle

Ikarus
result: Trojan.Win32.Crypt
update: 20200904
version: 0.1.5.2
detected: True check_circle

McAfee
result: Trojan-FRUJ!61506482DDD2
update: 20200905
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Kryptik!1.C10B (CLASSIC)
update: 20200904
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/GandCrab-G
update: 20200905
version: 4.98.0
detected: True check_circle

Yandex
update: 20200904
version: 5.5.2.24
detected: False cancel

Zillya
result: Trojan.Kryptik.Win32.1952689
update: 20200904
version: 2.0.0.4169
detected: True check_circle

Acronis
result: suspicious
update: 20200806
version: 1.1.1.77
detected: True check_circle

Alibaba
result: Ransom:Win32/generic.ali2000010
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
update: 20200904
version: 1.0.0.881
detected: False cancel

Cylance
result: Unsafe
update: 20200905
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20200831
version: 4.0.8
detected: True check_circle

FireEye
result: Generic.mg.61506482ddd28756
update: 20200905
version: 32.36.1.0
detected: True check_circle

Sangfor
result: Malware
update: 20200814
version: 1.0
detected: True check_circle

TACHYON
update: 20200905
version: 2020-09-05.01
detected: False cancel

Tencent
result: Win32.Trojan.Swisyn.Wlyu
update: 20200905
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200904
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Malware.gen
update: 20200905
version: 1.0.0.403
detected: True check_circle

Ad-Aware
result: Gen:Variant.Ursu.766478
update: 20200905
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200905
version: 4.2
detected: False cancel

F-Secure
result: Heuristic.HEUR/AGEN.1123244
update: 20200905
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Kryptik.GOGY!tr
update: 20200905
version: 6.2.142.0
detected: True check_circle

Jiangmin
result: Trojan.Swisyn.dpj
update: 20200904
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200905
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200905
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200904
version: 1.12.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.MalPe.R309624
update: 20200904
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Swisyn
update: 20200905
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.Win32.Swisyn.fuaj
update: 20200904
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Occamy.C
update: 20200904
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
result: Win32/Trojan.357
update: 20200905
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan.Win32.Swisyn.fuaj
update: 20200905
version: 1.0
detected: True check_circle

Cybereason
result: malicious.2ddd28
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Kryptik.GZWI
update: 20200904
version: 21937
detected: True check_circle

TrendMicro
result: TROJ_GEN.R057C0DGU20
update: 20200904
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Variant.Ursu.766478
update: 20200905
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0055e15c1 )
update: 20200904
version: 11.134.35170
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200724
version: 4.4.0.0
detected: True check_circle

Malwarebytes
result: Trojan.MalPack.GS
update: 20200905
version: 3.6.4.335
detected: True check_circle

CAT-QuickHeal
result: Trojan.Swisyn
update: 20200904
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Swisyn.hbmtug
update: 20200904
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: AI:Packer.4CF81C3F21
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Ursu.766478
update: 20200904
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200904
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R057C0DGU20
update: 20200904
version: 10.0.0.1040
detected: True check_circle

total
65
sha256
15e3107a2c30da16832db6f9cdadd38c7a202d72b6a43899b9642d3b695d6f50
scan_id
15e3107a2c30da16832db6f9cdadd38c7a202d72b6a43899b9642d3b695d6f50-1599271880
resource
61506482ddd28756e443b3de05a3b1cf
positives
54
scan_date
2020-09-05 02:11:20
verbose_msg
Scan finished, information embedded
response_code
1