Report #11705 check_circle

  • Creation Date: Sept. 22, 2020, 4:53 a.m.
  • Last Update: Sept. 22, 2020, 5:01 a.m.
  • File: Arcgrupo6733.exe
  • Results:
Binary
DLL
False cancel
Size
1.37MB
trid
45.5% Win32 Executable Borland Delphi 7
30.9% Win32 Executable Borland Delphi 5
18.0% Win32 Executable Borland Delphi 6
2.9% InstallShield setup
0.9% Win32 Executable Delphi generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
433f0d2f9cb930d03278fd4d27a6af7d
sha1
1cfeef1863612d7e31bdde59eb63e6560c93b9ca
crc32
0xcd1bc458
sha224
ec25965707a48528409bf43e74dda3790c5bc408026e3bda2647a5f3
sha256
2da773b7be773fabde37aae1eb39e1c8a5f0b0dd88c7402067b921797893e709
sha384
2ad436c1905fd5af2174bcc68e4cc528059e3017ba5aba035760533762dd15a7619f0f6f01f6fa67d5e409b61b1f3e84
sha512
d68fa1ddd9fe742e65ce897aeca3554945369ec90921e6f62c3ff4ae1aa94c2dfd8a3481aaf5027f072e2b050e6fa930a61ba9328b15a75e9e7fb95cf4625f96
ssdeep
24576:+LeiVyEW5ArsMEZ99lNeFXyTm7spIpxig6F6fIHQlZlTU+1yFr:+plq99lNehFiJ6flNTPgFr
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, IP, CookieTools, Borland_Delphi_30_, HasOverlay, network_dropper, CRC32_poly_Constant, BASE64_table, Delphi_DecodeDate, RIPEMD160_Constants, borland_delphi, Delphi_FormShow, network_dns, BobSoftMiniDelphiBoBBobSoft, CRC32_table, Microsoft_Visual_Cpp_v50v60_MFC, BobSoft_Mini_Delphi_BoB_BobSoft_additional, win_files_operation, IsPE32, win_hook, RijnDael_AES_CHAR, contentis_base64, network_tcp_socket, screenshot, network_tcp_listen, Borland_Delphi_v40_v50, keylogger, win_mutex, Borland_Delphi_40_additional, Borland_Delphi_40, Delphi_Random, IsWindowsGUI, network_udp_sock, Delphi_Copy, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, SHA1_Constants, win_registry, Delphi_CompareCall, RijnDael_AES_LONG, Delphi_StrToInt, Borland_Delphi_30_additional, Borland_Delphi_v30

Suspicious
True check_circle

Strings
List
the appropriate version of this product at http://www.componentace.com
Web site: http://www.componentace.com
c:\program files (x86)\borland\delphi7\Lib\bsEffects.pas
c:\program files (x86)\borland\delphi7\Lib\bsEffects.pas
c:\program files (x86)\borland\delphi7\Lib\bsEffects.pas
c:\program files (x86)\borland\delphi7\Lib\bsEffects.pas
t.Ht
Font.Name
Font.Style
Invalid compressed size, rfs.size = %d, count = %d
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
feel free to contact us at support@componentace.com
127.0.0.1
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
dbxdrivers.ini
\Software\Borland\C++Builder
\Software\Borland\DBExpress
wsock32.dll
dbxconnections.ini
\Software\Borland\Delphi
P.rsrc
SOFTWARE\Borland\Delphi\RTL
Delphi%.8X
Software\Borland\Locales
Software\Borland\Delphi\Locales
\Software\Borland\BDS
msimg32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
version.dll
wininet.dll
uxtheme.dll
vcltest3.dll
0.0.0.1
0.0.0.0
dwmapi.dll
SHFolder.dll
Network is down.
Host is down.
Hashed list of file names is invalid
Username
Password for "%s"
EDIT_DELETE=Delete
Socket Error # %d
OnDeleteError
OnReceive
OnReceive
""fD**~T
+IdTCPServer
CLSID\%s\InProcServer32
ControlOfs%.8X%.8X
WndProcPtr%.8X%.8X
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
Calculated
fkCalculated
Bad address.
select * from
select * from
select * from
Socks server did not respond.$Invalid socks authentication method.%Authentication error to socks server.
Connected.
JumpID("","%s")
7%8E8r8
%2A2O2
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
OnCommand(
Connect timed out.
Command not supported.
showfocus
showfocus
showfocus
focuscellrect
showfocus
showfocus
focustabrect
showfocus
focustabrect
focusedskinrect
showfocus
focusedskinrect
showfocus
focuscellrect
showfocus
showfocus
Connection refused.
Too many open files.
Apartment
AfterDelete
Connection reset by peer.
Connection timed out.
Sub-menu is not in menu
dbExpress Error: Invalid Length4dbExpress Error: Invalid Transaction Isolation Level'dbExpress Error: Invalid Transaction ID)dbExpress Error: Duplicate Transaction ID@dbExpress Error: Application is not licensed to use this feature1dbExpress Error: Local Transaction already active2dbExpress Error: Multiple Transactions not Enabled/Multiple Connections not supported by %s driver&Driver (%s) not found in Cfg file (%s)
Cannot compress file '%s'. Zip64 mode is not enabled
Inserts are not allowed#CommandText changes are not allowed=Error decoding URL style (%%XX) encoded string at position %d1Invalid URL encoded character (%s) at position %d
Producer
Producer
%s,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Foremost
Matches
0.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 127.0.0.1, 1, localhost.
Suspicious: 0.0.0.1, 0, Unknown
hasAllowed: True check_circle
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.componentace.com
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: Error loading MIDAS.DLL, URLMON.DLL, MAPI32.DLL, wininet.dll, WS2_32.DLL, user32.dll, uxtheme.dll, dwmapi.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, SHFolder.dll, gdi32.dll, wsock32.dll, oleaut32.dll, kernel32.dll, vcltest3.dll, version.dll, shell32.dll, MIDAS.DLL, msimg32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 316928
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1123840
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: urlmon.dll, mapi32.dll, wininet.dll, ws2_32.dll, user32.dll, uxtheme.dll, dwmapi.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, shfolder.dll, gdi32.dll, wsock32.dll, oleaut32.dll, kernel32.dll, version.dll, shell32.dll, msimg32.dll
hasLibs: True check_circle
Suspicious: error loading midas.dll, vcltest3.dll, midas.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1992-06-19 19:22:17
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: BobSoft Mini Delphi -> BoB / BobSoft
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.0, Borland Delphi v6.0 - v7.0
MainPacker: BobSoft Mini Delphi -> BoB / BobSoft

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 194
.rsrc: 7

pushpopmath
none: 33
.rsrc: 6
.reloc: 51

garbagebytes
none: 186

hookdetection
none: 6
.reloc: 4

software breakpoint
none: 9
.reloc: 27

programcontrolflowchange
none: 186

cpuinstructionsresultscomparison
none: 31
.rsrc: 65

AVclass
banload
1
VirusTotal
md5
433f0d2f9cb930d03278fd4d27a6af7d
sha1
1cfeef1863612d7e31bdde59eb63e6560c93b9ca
SCANS (DETECTION RATE = 64.18%)
AVG
result: Win32:Banker-NAO [Trj]
update: 20180601
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180601
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=83)
update: 20180601
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180601
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 7000000f1 )
update: 20180601
version: 10.48.27339
detected: True check_circle

ALYac
result: Gen:Variant.Symmi.71986
update: 20180601
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Banker-NAO [Trj]
update: 20180601
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Dldr.Delphi.ypzey
update: 20180601
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180601
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.FQGS-2703
update: 20180601
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180601
version: 7.0.28.2020
detected: False cancel

GData
result: Gen:Variant.Symmi.71986
update: 20180601
version: A:25.17265B:25.12390
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20180601
version: 4.6.4.2
detected: True check_circle

VBA32
result: suspected of Trojan.Downloader.gen.h
update: 20180601
version: 3.12.32.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180601
version: 67028
detected: True check_circle

Zoner
update: 20180531
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180601
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180601
version: 0.99.2.0
detected: False cancel

Comodo
result: .UnclassifiedMalware
update: 20180601
version: 29116
detected: True check_circle

F-Prot
update: 20180601
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180601
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.axi
update: 20180601
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180601
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20180601
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Delf!NqoLPg2mOWk
update: 20180529
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180601
version: 2.0.0.3565
detected: False cancel

Arcabit
result: Trojan.Symmi.D11932
update: 20180601
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180601
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180507
version: 2.1.2
detected: True check_circle

Tencent
result: Win32.Trojan.Virus.Pacd
update: 20180601
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180601
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180601
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180601
detected: False cancel

Ad-Aware
result: Gen:Variant.Symmi.71986
update: 20180601
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Gen.Variant.Symmi!c
update: 20180601
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Symmi.71986 (B)
update: 20180601
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Symmi.71986
update: 20180601
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banload.XVC!tr.dldr
update: 20180601
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180601
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20180601
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180601
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180601
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20180601
version: 1.6.0.0
detected: True check_circle

nProtect
update: 20180601
version: 2018-06-01.03
detected: False cancel

AhnLab-V3
update: 20180601
version: 3.12.1.20996
detected: False cancel

Antiy-AVL
result: Trojan/Win32.AGeneric
update: 20180601
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win32.Delf.kmns
update: 20180601
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Banload
update: 20180601
version: 1.1.14901.4
detected: True check_circle

Qihoo-360
update: 20180601
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20180531
version: 6.8.0.5.3045
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.Win32.Delf.kmns
update: 20180601
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.XVC
update: 20180601
version: 17483
detected: True check_circle

TrendMicro
result: Possible_Virus
update: 20180601
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Gen:Variant.Symmi.71986
update: 20180601
version: 7.2
detected: True check_circle

CrowdStrike
update: 20180202
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan ( 7000000f1 )
update: 20180601
version: 10.48.27337
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180601
version: 180601-04
detected: False cancel

Malwarebytes
update: 20180601
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180601
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.Banload
update: 20180601
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Delf.emerua
update: 20180601
version: 1.0.106.22618
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Symmi.71986
update: 20180601
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180601
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Dropper.th
update: 20180601
version: v2017.2786
detected: True check_circle

TrendMicro-HouseCall
result: Possible_Virus
update: 20180601
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
2da773b7be773fabde37aae1eb39e1c8a5f0b0dd88c7402067b921797893e709
scan_id
2da773b7be773fabde37aae1eb39e1c8a5f0b0dd88c7402067b921797893e709-1527880292
resource
433f0d2f9cb930d03278fd4d27a6af7d
positives
43
scan_date
2018-06-01 19:11:32
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
22/9/2020 - 4:45:42.793Unknown2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
22/9/2020 - 4:45:42.793Open2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
22/9/2020 - 4:45:42.793Open2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
22/9/2020 - 4:45:42.872Read2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
22/9/2020 - 4:45:42.918Read2412C:\malware.exeC:\malware.exe
22/9/2020 - 4:46:2.997Open2412C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 4:46:2.997Open2412C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\malware.exe.Local
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:46:3.137Unknown2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Windows\WindowsShell.Manifest
22/9/2020 - 4:46:3.137Unknown2412C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Windows\Fonts\sserife.fon
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:3.137Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:3.137Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:3.137Open2412C:\malware.exeC:\malware.exe
22/9/2020 - 4:46:3.137Read2412C:\malware.exeC:\malware.exe
22/9/2020 - 4:46:3.137Unknown2412C:\malware.exeC:\malware.exe
22/9/2020 - 4:46:3.153Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:3.153Open2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:3.153Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:3.153Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:3.153Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 4:46:5.184Unknown2412C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 4:46:5.184Unknown2412C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\Secur32.dll
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\Windows\SysWOW64\secur32.dll
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\Windows\SysWOW64\secur32.dll
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 4:46:5.184Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:46:5.184Unknown2412C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:46:5.184Open2412C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:46:5.184Unknown2412C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\webio.dll
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\webio.dll
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\IPHLPAPI.DLL
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\WINNSI.DLL
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\DNSAPI.dll
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 4:46:5.231Open2412C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Roaming
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Roaming
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Roaming
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
22/9/2020 - 4:46:5.278Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
22/9/2020 - 4:46:5.278Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
22/9/2020 - 4:46:5.372Open2412C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
22/9/2020 - 4:46:5.372Open2412C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
22/9/2020 - 4:46:5.372Open2412C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 4:46:5.372Open2412C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 4:46:5.418Open2412C:\malware.exeC:\dhcpcsvc6.DLL
22/9/2020 - 4:46:5.418Open2412C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
22/9/2020 - 4:46:5.418Unknown2412C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
22/9/2020 - 4:46:5.418Open2412C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
22/9/2020 - 4:46:5.418Unknown2412C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\dhcpcsvc.DLL
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\CRYPTSP.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\RpcRtRemote.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/9/2020 - 4:46:5.465Unknown2412C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/9/2020 - 4:46:5.465Open2412C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/9/2020 - 4:46:5.465Unknown2412C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/9/2020 - 4:46:5.528Open2412C:\malware.exeC:\rasadhlp.dll
22/9/2020 - 4:46:5.528Open2412C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
22/9/2020 - 4:46:5.528Open2412C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
22/9/2020 - 4:46:5.575Open2412C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
22/9/2020 - 4:46:5.575Open2412C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
22/9/2020 - 4:46:5.887Open2412C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 4:46:5.887Open2412C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wininet.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\malware.exe.Local
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:46:5.981Unknown2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 4:46:5.981Open2412C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 4:46:6.43Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
22/9/2020 - 4:46:6.43Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
22/9/2020 - 4:46:6.43Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\discador[1].htm
22/9/2020 - 4:46:6.43Write2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\discador[1].htmdiscador[1].htm
22/9/2020 - 4:46:6.106Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\discador[1].htm
22/9/2020 - 4:46:6.106Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\discador[1].htm
22/9/2020 - 4:46:6.106Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8
22/9/2020 - 4:46:6.106Read2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\discador[1].htmdiscador[1].htm
22/9/2020 - 4:46:6.106Read2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\discador[1].htmdiscador[1].htm
22/9/2020 - 4:46:6.106Write2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:6.106Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\discador[1].htmdiscador[1].htm
22/9/2020 - 4:46:6.106Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\discador[1].htmdiscador[1].htm
22/9/2020 - 4:46:6.715Open2412C:\malware.exeC:\Windows\SysWOW64\wininet.dll
22/9/2020 - 4:46:6.715Open2412C:\malware.exeC:\Windows\SysWOW64\wininet.dll
22/9/2020 - 4:46:8.153Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:8.153Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:8.153Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8
22/9/2020 - 4:46:8.153Read2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:8.153Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8
22/9/2020 - 4:46:8.153Write2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:8.153Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:8.153Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:15.184Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:15.184Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:15.184Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:15.184Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:15.184Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8
22/9/2020 - 4:46:15.184Read2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:15.184Read2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:15.184Read2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:15.184Read2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:15.184Read2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8YG2FAV95XXK8
22/9/2020 - 4:46:17.200Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:17.200Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo
22/9/2020 - 4:46:21.965Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
22/9/2020 - 4:46:21.965Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
22/9/2020 - 4:46:21.965Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\notify[1].htm
22/9/2020 - 4:46:21.965Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\notify[1].htmnotify[1].htm
22/9/2020 - 4:46:24.43Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\ardongrupo\YG2FAV95XXK8
22/9/2020 - 4:46:26.59Open2412C:\malware.exeC:\Users\Behemot\AppData\Local\4Z7284.nhD
22/9/2020 - 4:46:28.200Unknown2412C:\malware.exeC:\Windows
22/9/2020 - 4:46:28.200Unknown2412C:\malware.exeC:\Monitor
22/9/2020 - 4:46:28.200Unknown2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 4:46:28.200Unknown2412C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/9/2020 - 4:46:28.200Unknown2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
22/9/2020 - 4:46:28.200Unknown2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:46:28.200Unknown2412C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
22/9/2020 - 4:46:28.200Unknown2412C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

Process
Trace

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
22/9/2020 - 4:46:5.231Delete2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
22/9/2020 - 4:46:5.231Delete2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
22/9/2020 - 4:46:5.231Delete2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
22/9/2020 - 4:46:5.231Delete2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
22/9/2020 - 4:46:5.231Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
22/9/2020 - 4:46:5.278Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
22/9/2020 - 4:46:5.278Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
22/9/2020 - 4:46:5.278Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
22/9/2020 - 4:46:5.668Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
22/9/2020 - 4:46:5.668Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
22/9/2020 - 4:46:5.668Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
22/9/2020 - 4:46:5.668Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
22/9/2020 - 4:46:6.950Delete2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
22/9/2020 - 4:46:6.950Delete2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
22/9/2020 - 4:46:6.950Write2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
22/9/2020 - 4:46:6.950Delete2412C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code www.aura.krakow.pl.
computer localhost arrow_forward computer gateway:DNS code subgrupo.kinghost.net.
computer localhost arrow_forward computer gateway:50273 code subgrupo.kinghost.net.

Response
computer gateway:DNS arrow_forward computer localhost code subgrupo.kinghost.net. reply_all 177.185.193.52

computer gateway:DNS arrow_forward computer localhost code www.aura.krakow.pl. reply_all 193.105.32.185


TCP
Info
computer localhost:5357 arrow_forward computer localhost:65195
computer localhost:65192 arrow_forward 177.185.193.52:80
computer localhost:65193 arrow_forward 193.105.32.185:80
177.185.193.52:80 arrow_forward computer localhost:65192
computer localhost:5357 arrow_forward computer localhost:49274
computer localhost:65195 arrow_forward computer localhost:5357
computer localhost:49274 arrow_forward computer localhost:5357
193.105.32.185:80 arrow_forward computer localhost:65193

UDP
Info
computer localhost:3702 arrow_forward computer localhost:55395
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:3702 arrow_forward computer localhost:49472
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:55395 arrow_forward help_outline 239.255.255.250:3702
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET www.aura.krakow.pl attach_file /wp-content/uploads/2009/08/IMG40/notify.php
computer localhost send GET subgrupo.kinghost.net attach_file /discador.zip

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 75.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 57.69%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 53.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 54.17%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.78%
suspicious: True check_circle

Add to Collection
Download