Report #11674 check_circle

  • Creation Date: Sept. 22, 2020, 12:21 a.m.
  • Last Update: Sept. 22, 2020, 12:26 a.m.
  • File: evader.exe
  • Results:
Binary
DLL
False cancel
Size
438.00KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
f2a4613fbe034dc1d62033137905056f
sha1
b5d726931080a6135ae317eab533096688eca7d8
crc32
0xa0976a20
sha224
b5cf5da19a105875ff1b9b71b6072cf94939ef994f93e750c4d3db96
sha256
553caa6f5b7604ec684294f4b4b0e30d51d2f76539318a7b05d65493a367f025
sha384
34f8247c042278787d204fa9e5b1ac0334bbb252c354b35c0fbd62368148ef292955402d89be8ebc74dd2be2d975d95a
sha512
57d8a298cd50037dad3b49d979678a7319664a1f8939d6c728688fcbb2bfa8f00517c8dd5d5406d7619e6610c574a377a1d1bc1206a3d62fa6538eb3c5ce4426
ssdeep
6144:bLPhl7r2OzcAl4ybqifCB2Hk7r/Q4s1qbNDD8t+cUe+eaaCowMH4Eq1U+c8Y:njqOtegfr4srtBXaYVH6
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, anti_dbg, HasDebugData, IP, contentis_base64, NETexecutableMicrosoft, win_registry, IsPE64, IsConsole, IsPacked, Microsoft_Visual_Cpp_80_DLL, HasRichSignature

Suspicious
True check_circle

Strings
List
c:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
System.IO
n.eg
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
Sokoban.Properties
#Powered by SmartAssembly 7.3.0.3296
COMCTL32.dll
MSVCR110.dll
WINMM.dll
UxTheme.dll
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
MusicPlay.dll
MusicPlay.dll
MusicPlay.dll
16.0.0.0
10.0.12.0
10.0.12.0
10.0.12.0
10.0.12.0
proc.exe
proc.exe
DeleteObjectOnTile
eT-D
R've
Sokoban.Properties.Resources
Sokoban.Properties.Resources.resources
amount_Used
?%uhr
s%tE#
O%Lu(
%a!yI
-%Lc/O
3System.Resources.Tools.StronglyTypedResourceBuilder
MoveEmployee
UseEmployee
moveEmployee
System.Windows.Forms
S7%Lo a
mscoree.dll
mscoree.dll
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADM
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
<requestedPrivileges>
get_ResourceManager
__crt_debugger_hook
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
IsProcessorFeaturePresent
z.aic
SmartAssembly.Attributes
sSlhR
set_ObjectOnTile
get_ObjectOnTile
set_CheckOnClick
DebuggerBrowsableState
DebuggableAttribute
DebuggableAttribute
CreateEventW
DebuggingModes
DebuggingModes
ResourceManager
IsDebuggerPresent
CreateProcessW
helpMenu
helpMenu
CoCreateInstance
QueryPerformanceCounter
RegOpenKeyExW
RegEnumKeyExW
LoadResource
GetModuleHandleW
RegCreateKeyW
RegQueryValueExW
RegGetValueW
RegSetValueExW
RegDeleteKeyW
objectOnTile
StandsOnTile

Foremost
Matches
24.exe, 424 KB, 89.png, 597 B, 91.png, 534 B, 92.png, 779 B, 94.png, 779 B, 96.png, 384 B, 97.png, 384 B, 98.png, 717 B, 100.png, 717 B, 102.png, 716 B, 103.png, 588 B, 105.png, 588 B, 106.png, 671 B, 108.png, 671 B, 109.png, 522 B, 111.png, 676 B, 112.png, 676 B, 114.png, 827 B, 116.png, 539 B, 130.png, 368 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: MusicPlay.dll, ADVAPI32.dll, SHLWAPI.dll, RPCRT4.dll, OLEAUT32.dll, UxTheme.dll, SHELL32.dll, mscoree.dll, MSVCR110.dll, COMCTL32.dll, ole32.dll, USER32.dll, GDI32.dll, KERNEL32.dll, WINMM.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 443904
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6772
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, shlwapi.dll, rpcrt4.dll, oleaut32.dll, uxtheme.dll, shell32.dll, mscoree.dll, comctl32.dll, ole32.dll, user32.dll, gdi32.dll, kernel32.dll, winmm.dll
hasLibs: True check_circle
Suspicious: musicplay.dll, msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-22 00:21:44
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
12448, 60601
Suspicious
True check_circle
Disassembly
hasTricks
False cancel
Tricks
AVclass
agenttesla
1
VirusTotal
md5
f2a4613fbe034dc1d62033137905056f
sha1
b5d726931080a6135ae317eab533096688eca7d8
SCANS (DETECTION RATE = 40.00%)
AVG
result: Win32:CrypterX-gen [Trj]
update: 20200921
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200921
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=83)
update: 20200922
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200919
version: 6.72
detected: True check_circle

Bkav
update: 20200922
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200922
version: 11.141.35290
detected: False cancel

ALYac
result: Gen:Variant.Mikey.115311
update: 20200921
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:CrypterX-gen [Trj]
update: 20200921
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.AgentTesla.yqnys
update: 20200922
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200917
version: 4.0.0.24
detected: False cancel

Cyren
update: 20200921
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.Encoder.30162
update: 20200921
version: 7.0.49.9080
detected: True check_circle

GData
result: Gen:Variant.Mikey.115311
update: 20200922
version: A:25.27099B:27.20253
detected: True check_circle

Panda
update: 20200921
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200921
version: 4.4.1
detected: False cancel

VIPRE
update: 20200922
version: 86870
detected: False cancel

Zoner
update: 20200920
version: 0.0.0.0
detected: False cancel

Comodo
update: 20200921
version: 32832
detected: False cancel

Ikarus
result: Trojan.Win32.Injector
update: 20200921
version: 0.1.5.2
detected: True check_circle

McAfee
update: 20200921
version: 6.0.6.653
detected: False cancel

Rising
result: Backdoor.Remcos!8.B89E (TFE:5:IBRWLZzTx1N)
update: 20200921
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200922
version: 4.98.0
detected: False cancel

Yandex
result: Trojan.Igent.bTXYna.64
update: 20200911
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200919
version: 2.0.0.4178
detected: False cancel

Acronis
update: 20200917
version: 1.1.1.78
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Mikey.D1C26F
update: 20200922
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200922
version: 2.3.1.101
detected: False cancel

Elastic
result: malicious (high confidence)
update: 20200917
version: 4.0.9
detected: True check_circle

FireEye
result: Gen:Variant.Mikey.115311
update: 20200922
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200922
version: 2020-09-22.01
detected: False cancel

Tencent
update: 20200922
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200921
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200922
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200922
detected: False cancel

Ad-Aware
result: Gen:Variant.Mikey.115311
update: 20200921
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200922
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Variant.Mikey.115311 (B)
update: 20200922
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.AgentTesla.yqnys
update: 20200922
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W64/Kryptik.ERUI!tr
update: 20200921
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200922
version: 1.0.1.0
detected: False cancel

Jiangmin
result: Trojan.MSIL.qkml
update: 20200921
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200922
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200922
version: 1.0
detected: False cancel

Symantec
update: 20200921
version: 1.12.0.0
detected: False cancel

AhnLab-V3
result: Trojan/Win32.AgentTesla.R350864
update: 20200921
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
update: 20200921
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200922
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200919
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200922
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200922
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200921
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of Win64/Kryptik.CAA
update: 20200922
version: 22028
detected: True check_circle

TrendMicro
update: 20200922
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Variant.Mikey.115311
update: 20200921
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200922
version: 11.141.35290
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Trojan.MalPack
update: 20200922
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200921
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200921
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200922
version: 1.0.134.25140
detected: False cancel

BitDefenderTheta
update: 20200918
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Gen:Variant.Mikey.115311
update: 20200921
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200918
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win64.Generic.gc
update: 20200921
version: v2019.1.2+3728
detected: True check_circle

TrendMicro-HouseCall
update: 20200922
version: 10.0.0.1040
detected: False cancel

total
70
sha256
553caa6f5b7604ec684294f4b4b0e30d51d2f76539318a7b05d65493a367f025
scan_id
553caa6f5b7604ec684294f4b4b0e30d51d2f76539318a7b05d65493a367f025-1600744907
resource
f2a4613fbe034dc1d62033137905056f
positives
28
scan_date
2020-09-22 03:21:47
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.28Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.43Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.59Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.59Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.59Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.59Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.59Unknown2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.59Open2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.59Write2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.215Unknown2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\Windows\System32\apphelp.dll
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\Windows\System32\apphelp.dll
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\Monitor
21/9/2020 - 23:45:44.215Unknown2476C:\malware.exeC:\Monitor
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.215Unknown2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\
21/9/2020 - 23:45:44.215Unknown2476C:\malware.exeC:\
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\Monitor
21/9/2020 - 23:45:44.215Unknown2476C:\malware.exeC:\Monitor
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\Monitor
21/9/2020 - 23:45:44.215Unknown2476C:\malware.exeC:\Monitor
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.215Read2476C:\malware.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.215Open2476C:\malware.exeC:\Monitor\ui\SwDRM.dll
21/9/2020 - 23:45:44.231Unknown2476C:\malware.exeC:\Monitor
21/9/2020 - 23:45:44.231Unknown2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows
21/9/2020 - 23:45:44.231Unknown2424C:\Monitor\proc.exeC:\Windows
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Monitor
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 23:45:44.231Unknown2424C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
21/9/2020 - 23:45:44.231Open2424C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe.config
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.247Unknown2424C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.247Unknown2424C:\Monitor\proc.exeC:\Monitor\proc.exe
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319
21/9/2020 - 23:45:44.247Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\MUI\0416\mscorees.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\MUI\0416\mscorees.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mscorrc.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mscorrc.dll.DLL
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\System32\mscorrc.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\System32\mscorrc.dll.DLL
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Monitor\mscorrc.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mscorrc.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\system\mscorrc.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\mscorrc.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Monitor\mscorrc.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mscorrc.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\mscorrc.dll
21/9/2020 - 23:45:44.262Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wbem\mscorrc.dll
21/9/2020 - 23:45:44.278Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\mscorrc.dll
21/9/2020 - 23:45:44.278Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe.config
21/9/2020 - 23:45:44.278Open2424C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v4.0.40305
21/9/2020 - 23:45:44.278Open2424C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v4.0.40305
21/9/2020 - 23:45:44.278Open2424C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.dat
21/9/2020 - 23:45:44.278Read2424C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
21/9/2020 - 23:45:44.278Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 23:45:44.278Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 23:45:44.340Open2424C:\Monitor\proc.exeC:\Monitor\dwmapi.dll
21/9/2020 - 23:45:44.340Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 23:45:44.340Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 23:45:44.356Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
21/9/2020 - 23:45:44.356Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
21/9/2020 - 23:45:44.356Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 23:45:44.356Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 23:45:44.356Open2424C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 23:45:44.356Unknown2424C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls

Process
Trace
21/9/2020 - 23:45:44.215Create2476C:\malware.exe2424C:\Monitor\proc.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 80.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 90.16%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 62.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 53.52%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 98.93%
suspicious: False cancel

Add to Collection
Download