Report #11334 check_circle

  • Creation Date: Sept. 11, 2020, 3:28 a.m.
  • Last Update: Sept. 11, 2020, 3:32 a.m.
  • File: Revised po 6874 soa.exe
  • Results:
Binary
DLL
False cancel
Size
1.79MB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
b75276d65e5a4bf2e6217d6168cffdf2
sha1
0da5b53d3fcb5a5dfdcbb3edabf9109309b1515b
crc32
0x7009dc8e
sha224
a272658a8fc3f7fa8f0bcd7f0a492972c7abe9bc31d74fc8a995e4e5
sha256
07e96a6f49837746373abf7962b0f5d2175b4f35ca152811e38f3d9deb20a8e3
sha384
75e65698272b8e1933e2846b2473c0b16317a14eb9bc7930f0d9b40bed06b1814af747cf5a5bcf2b4d830147900f27fa
sha512
3e802b651ac2975a55faa9f999e9b905d239f48bc86f32cf86786b3f3d96c4d933fa515f7e40788418045791d364f288423bf34346bf8d3b09d0feb10ef5fb58
ssdeep
24576:VkzYaC+cp7K5T79bFa+itb4iokMPKeOkwRYPteR5e3w71HRj:UYayp7y9RaFtb4iiP5wEUn+wJHl
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, CRC32_poly_Constant, Microsoft_Visual_C_v70_Basic_NET, Warp, Microsoft_Visual_Studio_NET, NET_executable_, IP, IsPacked, Microsoft_Visual_C_v70_Basic_NET_additional, CAP_HookExKeylogger, NET_executable, Microsoft_Visual_Studio_NET_additional, keylogger, contentis_base64, win_hook, NETexecutableMicrosoft, IsPE32, WarpStrings, IsWindowsGUI, HasDigitalSignature, url, IsNET_EXE, Microsoft_Visual_C_Basic_NET, HasOverlay, Big_Numbers3, Big_Numbers1

Suspicious
True check_circle

Strings
List
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
1http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#
1http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r
https://secure.comodo.net/CPS0C
https://secure.comodo.net/CPS0C
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
3http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
https://sectigo.com/CPS0D
https://sectigo.com/CPS0B
https://www.bitvise.com/0
https://www.bitvise.com/0
3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Bitvise.SSH.Client" type="win32"></assemblyIdentity><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
UInt3stem.Security
DI.ht
My.Computer
Hu.Va
http://ocsp.comodoca.com0
http://ocsp.comodoca.com0
http://ocsp.comodoca.com0"
http://ocsp.comodoca.com0"
System.Net
System.Management
System.Windows
ApplicationBstem.IO
0.as
AccessedThtModel.Design
BvSsh.exe
k.Am
u.Gi
P.Gp
t.Fm
k.ly
pszPrcrypt.dll
System.Security.Cryptography
(f.AO;1
http://www.usertrust.com1
http://www.usertrust.com1
http://www.usertrust.com1
7.AX
u.LS
a.tZ
System.Security.PrincipalToInt64
http://ocsp.usertrust.com0
http://ocsp.usertrust.com0
http://ocsp.usertrust.com0
System.Net.Mime
http://ocsp.sectigo.com0
http://ocsp.sectigo.com0
System.user32.dll
System.Net.Maerator
{ s.yba%
vaultcli.dll
1.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
8.43.0.0
11.0.0.0
sUQbmoTUUQozH.exe
ProcessorNam.Windows.Forms
@0_
BufferBlockCopy.Properties.Resources
8.0.0.0
4.0.0.0
4.0.0.0
System.Windows.Markup
?vPTo|ged
I'RyI
urc|dxnag|
4System.Web.Services.Proplate
%ETp"
kL+54bG%E|
kSGzT+UFh
2r%G~9Dp7b
1aLw
5%E1.S8
System.IO.CompreInvalidOperationException
S%5i?T
-D%4e
!%GHT
DelegateCallback
_IncludeInGlobalOperatsSL
%nT46
abled permanently!
System.IO.IsolatedStorage
remove_Changed
-%uI}l
%6LuE5

Foremost
Matches
2255.bmp, 1 KB, 2257.bmp, 1 KB, 2260.bmp, 1 KB, 2263.bmp, 1 KB, 2266.bmp, 1 KB, 2268.bmp, 1 KB, 2271.bmp, 1 KB, 2274.bmp, 1 KB, 2277.bmp, 1 KB, 2280.bmp, 1 KB, 2282.bmp, 1 KB, 2285.bmp, 1 KB, 2288.bmp, 1 KB, 2291.bmp, 1 KB, 2293.bmp, 1 KB, 2296.bmp, 1 KB, 2299.bmp, 1 KB, 2302.bmp, 1 KB, 2304.bmp, 1 KB, 2307.bmp, 1 KB, 2310.bmp, 1 KB, 2313.bmp, 1 KB, 2315.bmp, 1 KB, 2318.bmp, 1 KB, 2321.bmp, 1 KB, 2324.bmp, 1 KB, 2327.bmp, 1 KB, 2329.bmp, 1 KB, 2332.bmp, 1 KB, 2335.bmp, 1 KB, 2338.bmp, 1 KB, 2340.bmp, 1 KB, 2343.bmp, 1 KB, 2346.bmp, 1 KB, 2349.bmp, 1 KB, 2351.bmp, 1 KB, 2354.bmp, 1 KB, 2357.bmp, 1 KB, 2360.bmp, 1 KB, 2363.bmp, 1 KB, 2365.bmp, 1 KB, 2368.bmp, 1 KB, 2371.bmp, 1 KB, 2374.bmp, 1 KB, 2376.bmp, 1 KB, 2379.bmp, 1 KB, 2382.bmp, 1 KB, 2385.bmp, 1 KB, 2387.bmp, 1 KB, 2390.bmp, 1 KB, 2393.bmp, 1 KB, 2396.bmp, 1 KB, 2399.bmp, 1 KB, 2401.bmp, 1 KB, 2404.bmp, 1 KB, 2407.bmp, 1 KB, 2410.bmp, 1 KB, 2412.bmp, 1 KB, 2415.bmp, 1 KB, 2418.bmp, 1 KB, 2421.bmp, 1 KB, 2423.bmp, 1 KB, 2426.bmp, 1 KB, 2429.bmp, 1 KB, 2432.bmp, 1 KB, 2434.bmp, 1 KB, 2437.bmp, 1 KB, 2440.bmp, 1 KB, 2443.bmp, 1 KB, 2446.bmp, 1 KB, 2448.bmp, 1 KB, 2451.bmp, 1 KB, 2454.bmp, 1 KB, 2457.bmp, 1 KB, 2459.bmp, 1 KB, 2462.bmp, 1 KB, 2465.bmp, 1 KB, 2468.bmp, 1 KB, 2470.bmp, 1 KB, 2473.bmp, 1 KB, 2476.bmp, 1 KB, 2479.bmp, 1 KB, 2482.bmp, 1 KB, 2484.bmp, 1 KB, 2487.bmp, 1 KB, 2490.bmp, 1 KB, 2493.bmp, 1 KB, 2495.bmp, 1 KB, 2498.bmp, 1 KB, 2501.bmp, 1 KB, 2504.bmp, 1 KB, 2506.bmp, 1 KB, 2509.bmp, 1 KB, 2512.bmp, 1 KB, 2515.bmp, 1 KB, 2518.bmp, 1 KB, 2520.bmp, 1 KB, 2523.bmp, 1 KB, 2526.bmp, 1 KB, 2529.bmp, 1 KB, 2531.bmp, 1 KB, 2534.bmp, 1 KB, 2537.bmp, 1 KB, 2540.bmp, 1 KB, 2542.bmp, 1 KB, 2545.bmp, 1 KB, 2548.bmp, 1 KB, 2551.bmp, 1 KB, 2554.bmp, 1 KB, 2556.bmp, 1 KB, 2559.bmp, 1 KB, 2562.bmp, 1 KB, 2565.bmp, 1 KB, 2567.bmp, 1 KB, 2570.bmp, 1 KB, 2573.bmp, 1 KB, 2576.bmp, 1 KB, 2578.bmp, 1 KB, 2581.bmp, 1 KB, 2584.bmp, 1 KB, 2587.bmp, 1 KB, 2589.bmp, 1 KB, 2592.bmp, 1 KB, 2595.bmp, 1 KB, 2598.bmp, 1 KB, 2601.bmp, 1 KB, 2603.bmp, 1 KB, 2606.bmp, 1 KB, 2609.bmp, 1 KB, 2612.bmp, 1 KB, 2614.bmp, 1 KB, 2617.bmp, 1 KB, 2620.bmp, 1 KB, 2623.bmp, 1 KB, 2625.bmp, 1 KB, 2628.bmp, 1 KB, 2631.bmp, 1 KB, 2634.bmp, 1 KB, 2637.bmp, 1 KB, 2639.bmp, 1 KB, 2642.bmp, 1 KB, 2645.bmp, 1 KB, 2648.bmp, 1 KB, 2650.bmp, 1 KB, 2653.bmp, 1 KB, 2656.bmp, 1 KB, 2659.bmp, 1 KB, 2661.bmp, 1 KB, 2664.bmp, 1 KB, 2667.bmp, 1 KB, 2670.bmp, 1 KB, 2673.bmp, 1 KB, 2675.bmp, 1 KB, 2678.bmp, 1 KB, 2681.bmp, 1 KB, 2684.bmp, 1 KB, 2686.bmp, 1 KB, 2689.bmp, 1 KB, 2692.bmp, 1 KB, 2695.bmp, 1 KB, 2697.bmp, 1 KB, 2700.bmp, 1 KB, 2703.bmp, 1 KB, 2706.bmp, 1 KB, 2708.bmp, 1 KB, 2711.bmp, 1 KB, 2714.bmp, 1 KB, 2717.bmp, 1 KB, 2720.bmp, 1 KB, 2722.bmp, 1 KB, 2725.bmp, 1 KB, 2728.bmp, 1 KB, 2731.bmp, 1 KB, 2733.bmp, 1 KB, 2736.bmp, 1 KB, 2739.bmp, 1 KB, 2742.bmp, 1 KB, 2744.bmp, 1 KB, 2747.bmp, 1 KB, 2750.bmp, 1 KB, 2753.bmp, 1 KB, 2756.bmp, 1 KB, 2758.bmp, 1 KB, 2761.bmp, 1 KB, 2764.bmp, 1 KB, 2767.bmp, 1 KB, 2769.bmp, 1 KB, 2772.bmp, 1 KB, 2775.bmp, 1 KB, 2778.bmp, 1 KB, 2780.bmp, 1 KB, 2783.bmp, 1 KB, 2786.bmp, 1 KB, 2789.bmp, 1 KB, 2792.bmp, 1 KB, 2794.bmp, 1 KB, 2797.bmp, 1 KB, 2800.bmp, 1 KB, 2803.bmp, 1 KB, 2805.bmp, 1 KB, 2808.bmp, 1 KB, 2811.bmp, 1 KB, 2814.bmp, 1 KB, 2816.bmp, 1 KB, 2819.bmp, 1 KB, 2822.bmp, 1 KB, 2825.bmp, 1 KB, 2827.bmp, 1 KB, 2830.bmp, 1 KB, 2833.bmp, 1 KB, 2836.bmp, 1 KB, 2839.bmp, 1 KB, 2841.bmp, 1 KB, 2844.bmp, 1 KB, 2847.bmp, 1 KB, 2850.bmp, 1 KB, 2852.bmp, 1 KB, 2855.bmp, 1 KB, 2858.bmp, 1 KB, 2861.bmp, 1 KB, 2863.bmp, 1 KB, 2866.bmp, 1 KB, 2869.bmp, 1 KB, 2872.bmp, 1 KB, 2875.bmp, 1 KB, 2877.bmp, 1 KB, 2880.bmp, 1 KB, 2883.bmp, 1 KB, 2886.bmp, 1 KB, 2888.bmp, 1 KB, 2891.bmp, 1 KB, 2894.bmp, 1 KB, 2897.bmp, 1 KB, 2899.bmp, 1 KB, 2902.bmp, 1 KB, 2905.bmp, 1 KB, 2908.bmp, 1 KB, 2911.bmp, 1 KB, 2913.bmp, 1 KB, 2916.bmp, 1 KB, 2919.bmp, 1 KB, 2922.bmp, 1 KB, 2924.bmp, 1 KB, 2927.bmp, 1 KB, 2930.bmp, 1 KB, 2933.bmp, 1 KB, 2935.bmp, 1 KB, 2938.bmp, 1 KB, 2941.bmp, 1 KB, 2944.bmp, 1 KB, 2946.bmp, 1 KB, 2949.bmp, 1 KB, 2952.bmp, 1 KB, 2955.bmp, 1 KB, 2958.bmp, 1 KB, 2960.bmp, 1 KB, 2963.bmp, 1 KB, 2966.bmp, 1 KB, 2969.bmp, 1 KB, 2971.bmp, 1 KB, 2974.bmp, 1 KB, 2977.bmp, 1 KB, 2980.bmp, 1 KB, 2982.bmp, 1 KB, 2985.bmp, 1 KB, 2988.bmp, 1 KB, 2991.bmp, 1 KB, 2994.bmp, 1 KB, 2996.bmp, 1 KB, 2999.bmp, 1 KB, 3002.bmp, 1 KB, 3005.bmp, 1 KB, 3007.bmp, 1 KB, 3010.bmp, 1 KB, 3013.bmp, 1 KB, 3016.bmp, 1 KB, 3018.bmp, 1 KB, 3021.bmp, 1 KB, 3024.bmp, 1 KB, 3027.bmp, 1 KB, 3030.bmp, 1 KB, 3032.bmp, 1 KB, 3035.bmp, 1 KB, 3038.bmp, 1 KB, 3041.bmp, 1 KB, 3043.bmp, 1 KB, 3046.bmp, 1 KB, 3049.bmp, 1 KB, 3052.bmp, 1 KB, 3054.bmp, 1 KB, 3057.bmp, 1 KB, 3060.bmp, 1 KB, 3063.bmp, 1 KB, 3066.bmp, 1 KB, 3068.bmp, 1 KB, 3071.bmp, 1 KB, 3074.bmp, 1 KB, 3077.bmp, 1 KB, 3079.bmp, 1 KB, 3082.bmp, 1 KB, 3085.bmp, 1 KB, 3088.bmp, 1 KB, 3090.bmp, 1 KB, 3093.bmp, 1 KB, 3096.bmp, 1 KB, 3099.bmp, 1 KB, 3101.bmp, 1 KB, 3104.bmp, 1 KB, 3107.bmp, 1 KB, 3110.bmp, 1 KB, 3113.bmp, 1 KB, 3115.bmp, 1 KB, 3118.bmp, 1 KB, 3121.bmp, 1 KB, 3124.bmp, 1 KB, 3126.bmp, 1 KB, 3129.bmp, 1 KB, 3132.bmp, 1 KB, 3135.bmp, 1 KB, 3137.bmp, 1 KB, 3140.bmp, 1 KB, 3143.bmp, 1 KB, 3146.bmp, 1 KB, 3149.bmp, 1 KB, 3151.bmp, 1 KB, 3154.bmp, 1 KB, 3157.bmp, 1 KB, 3160.bmp, 1 KB, 3162.bmp, 1 KB, 3165.bmp, 1 KB, 3168.bmp, 1 KB, 3171.bmp, 1 KB, 3173.bmp, 1 KB, 3176.bmp, 1 KB, 3179.bmp, 1 KB, 3182.bmp, 1 KB, 3185.bmp, 1 KB, 3187.bmp, 1 KB, 3190.bmp, 1 KB, 3193.bmp, 1 KB, 3196.bmp, 1 KB, 3198.bmp, 1 KB, 3201.bmp, 1 KB, 3204.bmp, 1 KB, 3207.bmp, 1 KB, 3209.bmp, 1 KB, 3212.bmp, 1 KB, 3215.bmp, 1 KB, 3218.bmp, 1 KB, 3220.bmp, 1 KB, 3223.bmp, 1 KB, 3226.bmp, 1 KB, 3229.bmp, 1 KB, 3232.bmp, 1 KB, 3234.bmp, 1 KB, 3237.bmp, 1 KB, 3240.bmp, 1 KB, 3243.bmp, 1 KB, 3245.bmp, 1 KB, 3248.bmp, 1 KB, 3251.bmp, 1 KB, 3254.bmp, 1 KB, 3256.bmp, 1 KB, 3259.bmp, 1 KB, 3262.bmp, 1 KB, 3265.bmp, 1 KB, 3268.bmp, 1 KB, 3270.bmp, 1 KB, 3273.bmp, 1 KB, 3276.bmp, 1 KB, 3279.bmp, 1 KB, 3281.bmp, 1 KB, 3284.bmp, 1 KB, 3287.bmp, 1 KB, 3290.bmp, 1 KB, 3292.bmp, 1 KB, 3295.bmp, 1 KB, 3298.bmp, 1 KB, 3301.bmp, 1 KB, 3304.bmp, 1 KB, 3306.bmp, 1 KB, 3309.bmp, 1 KB, 3312.bmp, 1 KB, 3315.bmp, 1 KB, 3317.bmp, 1 KB, 3320.bmp, 1 KB, 3323.bmp, 1 KB, 3326.bmp, 1 KB, 3328.bmp, 1 KB, 3331.bmp, 1 KB, 3334.bmp, 1 KB, 3337.bmp, 1 KB, 3339.bmp, 1 KB, 3342.bmp, 1 KB, 3345.bmp, 1 KB, 3348.bmp, 1 KB, 3351.bmp, 1 KB, 3353.bmp, 1 KB, 3356.bmp, 1 KB, 3359.bmp, 1 KB, 3362.bmp, 1 KB, 3364.bmp, 1 KB, 3367.bmp, 1 KB, 3370.bmp, 1 KB, 3373.bmp, 1 KB, 3375.bmp, 1 KB, 3378.bmp, 1 KB, 3381.bmp, 1 KB, 3384.bmp, 1 KB, 3387.bmp, 1 KB, 3389.bmp, 1 KB, 3392.bmp, 1 KB, 3395.bmp, 1 KB, 3398.bmp, 1 KB, 3400.bmp, 1 KB, 3403.bmp, 1 KB, 3406.bmp, 1 KB, 3409.bmp, 1 KB, 3411.bmp, 1 KB, 0.exe, 1 MB, 3428.png, 1 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious: http://www.usertrust.com1, http://crt.usertrust.com/usertrustrsaaddtrustca.crt0%, https://sectigo.com/cps0d, http://crl.comodoca.com/comodorsacertificationauthority.crl0q, https://sectigo.com/cps0b, http://crt.sectigo.com/sectigorsatimestampingca.crt0#, http://crl.usertrust.com/addtrustexternalcaroot.crl05, http://crt.usertrust.com/utnaddtrustobject_ca.crt0%, https://www.bitvise.com/0, http://crl.sectigo.com/sectigorsatimestampingca.crl0t, http://crt.comodoca.com/comodorsacodesigningca.crt0$, http://crl.sectigo.com/comodotimestampingca_2.crl0r, http://ocsp.comodoca.com0, http://crl.usertrust.com/utn-userfirst-object.crl0t, http://crl.usertrust.com/usertrustrsacertificationauthority.crl0v, http://crt.comodoca.com/comodorsaaddtrustca.crt0$, https://secure.comodo.net/cps0c, http://ocsp.usertrust.com0, http://crt.sectigo.com/comodotimestampingca_2.crt0#, http://ocsp.sectigo.com0, http://crl.comodoca.com/comodorsacodesigningca.crl0t
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: System.user32.dll, vaultcli.dll, mscoree.dll, User32.dll, pszPrcrypt.dll
hasFiles: True check_circle
Suspicious: System.Xml
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 104448
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1761934
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: vaultcli.dll, mscoree.dll, user32.dll
hasLibs: True check_circle
Suspicious: system.user32.dll, pszprcrypt.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-12-02 12:30:51
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 584

pushpopmath
.text: 563

ss register
.text: 42

garbagebytes
.text: 214

hookdetection
.text: 18

software breakpoint
.text: 28

fakeconditionaljumps
.text: 18

programcontrolflowchange
.text: 197

cpuinstructionsresultscomparison
.rsrc: 2
.text: 44

AVclass
agensla
1
VirusTotal
md5
b75276d65e5a4bf2e6217d6168cffdf2
sha1
0da5b53d3fcb5a5dfdcbb3edabf9109309b1515b
SCANS (DETECTION RATE = 72.46%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200817
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200816
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=80)
update: 20200817
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200816
version: 6.60
detected: True check_circle

Bkav
update: 20200815
version: 1.3.0.9899
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20200817
version: 11.130.35006
detected: True check_circle

ALYac
result: Trojan.GenericKDZ.69274
update: 20200817
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:PWSX-gen [Trj]
update: 20200817
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Redcap.bizga
update: 20200817
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200815
version: 4.0.0.24
detected: False cancel

Cyren
result: W32/Trojan.CXPN-6501
update: 20200817
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.PWS.Siggen2.53126
update: 20200817
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKDZ.69274
update: 20200817
version: A:25.26630B:27.19833
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200816
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20200814
version: 4.4.1
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200817
version: 85996
detected: True check_circle

Zoner
result: Trojan.Win32.91643
update: 20200817
version: 0.0.0.0
detected: True check_circle

ClamAV
update: 20200816
version: 0.102.4.0
detected: False cancel

Comodo
update: 20200728
version: 32668
detected: False cancel

F-Prot
update: 20200817
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Inject
update: 20200816
version: 0.1.5.2
detected: True check_circle

McAfee
result: Fareit-FVT!B75276D65E5A
update: 20200817
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Kryptik!8.8 (CLOUD)
update: 20200817
version: 25.0.0.26
detected: True check_circle

Sophos
result: Troj/MSILIn-VT
update: 20200817
version: 4.98.0
detected: True check_circle

Yandex
update: 20200707
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200814
version: 2.0.0.4155
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
result: TrojanPSW:MSIL/AgentTesla.eb603b0a
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D10E9A
update: 20200817
version: 1.0.0.877
detected: True check_circle

Cylance
result: Unsafe
update: 20200817
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20200727
version: 4.0.6
detected: True check_circle

FireEye
result: Generic.mg.b75276d65e5a4bf2
update: 20200817
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200817
version: 2020-08-17.01
detected: False cancel

Tencent
result: Win32.Trojan.Falsesign.Peza
update: 20200817
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Z.Ursu.1876584
update: 20200816
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Malware.Gen
update: 20200817
version: 1.0.0.403
detected: True check_circle

eGambit
result: PE.Heur.InvalidSig
update: 20200817
detected: True check_circle

Ad-Aware
result: Trojan.GenericKDZ.69274
update: 20200817
version: 3.0.16.117
detected: True check_circle

AegisLab
result: Trojan.MSIL.Agensla.i!c
update: 20200817
version: 4.2
detected: True check_circle

F-Secure
result: Trojan.TR/Redcap.bizga
update: 20200817
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Kryptik.XGC!tr
update: 20200817
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200502
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: Trojan.PSW.MSIL.anrv
update: 20200816
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200817
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200817
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200816
version: 1.11.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Agensla.C4176856
update: 20200816
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Generic
update: 20200817
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200817
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200814
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:MSIL/AgentTesla.VN!MTB
update: 20200817
version: 1.1.17300.4
detected: True check_circle

Qihoo-360
result: Generic/Trojan.PSW.374
update: 20200817
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200817
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.XGM
update: 20200817
version: 21834
detected: True check_circle

TrendMicro
result: TrojanSpy.MSIL.TRICKBOT.WLDE
update: 20200817
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKDZ.69274
update: 20200817
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20200817
version: 11.130.35006
detected: True check_circle

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Trojan.MalPack.Caesar
update: 20200817
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200817
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojanpws.Msil
update: 20200816
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Agensla.hqswiq
update: 20200817
version: 1.0.134.25119
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZemsilF.34152.Yn2@aelslOcG
update: 20200805
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKDZ.69274
update: 20200817
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200814
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TrojanSpy.MSIL.TRICKBOT.WLDE
update: 20200817
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
07e96a6f49837746373abf7962b0f5d2175b4f35ca152811e38f3d9deb20a8e3
scan_id
07e96a6f49837746373abf7962b0f5d2175b4f35ca152811e38f3d9deb20a8e3-1597644051
resource
b75276d65e5a4bf2e6217d6168cffdf2
positives
50
scan_date
2020-08-17 06:00:51
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/9/2020 - 2:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/9/2020 - 2:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/9/2020 - 2:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 75.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 88.15%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 43.38%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.86%
suspicious: False cancel

Add to Collection
Download