Report #12010 cancel
- Creation Date: Sept. 23, 2020, 6:39 a.m.
- Last Update: Sept. 23, 2020, 7:05 a.m.
- File: 005
- Results:
Binary
DLL
False cancel
Size
4.00KB
trid
33.4% OS/2 Executable33.0% Generic Win/DOS Executable32.9% DOS Executable Generic0.5% VXD Driver
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
e8eb13e08ebbdbf13400263919d4e01f
sha1
99bc9406fc4edf480a8ef84bef8263a4dcad161b
crc32
0x73a5cb04
sha224
5a436f487affdcb36a44cb7372500aa5cbc2940932c831291a7ef836
sha256
99a305b395e433924576ddc489ea1fd63233a1cbba3331ba1192b4d8d52bcb8b
sha384
03135482531720bdf6d65d777434f58eaa4de8094c09d8b4b58d7f20eb1c7cd201a257729c60461c2a2d59330068628c
sha512
82b106ce45a73fc39c3e3a964010cd56a31887a03435fbc1f81dbc8f66273757094245b830c9b2eb5129de310d152db3af56fe532394fd61216e4021071f3294
ssdeep
48:ZvtPiyxpbJwAm0J45hlg+1eqJ8oH4Pdo0DUmXFanUWMpR6YsgMMXPxE4Ymz:Z16yxTWeZdo0D51aSpYUMqPF
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, network_tcp_socket, FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET, contentis_base64, IsPE64, HasOverlay, FASM, AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER, IsWindowsGUI
Suspicious
True check_circle
Strings
List
wsock32.dllwsock32.dllinet_addrGetProcAddressIsWow64ProcessVirtualAllocVirtualAllocclosesocketLoadLibraryAWSAStartupconnectsocketSleepSleepsendrecv__WSAFDIsSet.0.2285.93!This program cannot be run in DOS mode.GetCurrentProcesshtonsRtlZeroMemorylstrcatAlstrcpyAlstrcpyA.idataselect.datakernel32.dllkernel32.dllkernel32.dll.textD$ A
Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancelAllowedSuspicioushasAllowed: False cancelhasSuspicious: False cancel
URLs
AllowedhasURLs: False cancelSuspicioushasAllowed: False cancelhasSuspicious: False cancel
Files
Allowed:
kernel32.dll, kernel32.dll, wsock32.dll,
wsock32.dllhasFiles: True check_circleSuspicioushasAllowed: True check_circlehasSuspicious: False cancel
Binary
Sizes
RVARVA: 16Suspicious: False cancelCodeSize: 512Suspicious: False cancelImageAddress: 4194304Suspicious: False cancelStackStack: 4096Suspicious: False cancelHeadersHeaders: 512Suspicious: False cancelSuspicious: False cancel
Symbols
NumberNumber: 0Suspicious: True check_circlePointerPointer: 0Suspicious: True check_circleDirectoriesNumber: 16Suspicious: False cancel
Checksum
Value: 18316Suspicous: False cancel
Sections
Allowed: .text, .idata, .dataSuspicioushasAllowed: True check_circlehasSections: True check_circlehasSuspicious: False cancel
Versions
OSVersion: 1Suspicious: False cancelImageVersion: True check_circleSuspicious: 1LinkerVersion: 1.71Suspicious: False cancelSubsystemVersion: 4.0Suspicious: False cancelSuspicious: False cancel
EntryPoint
Address: 4961Suspicious: False cancel
Anomalies
Anomalies: The header checksum and the calculated checksum do not match.hasAnomalies: True check_circle
Libraries
Allowed: kernel32.dll, wsock32.dllhasLibs: True check_circleSuspicious:
kernel32.dll,
wsock32.dllhasAllowed: True check_circlehasSuspicious: True check_circle
Timestamp
Past: False cancelValid: True check_circleValue: 2016-02-22 19:41:20Future: False cancel
Compilation
Packed: True check_circleMissing: False cancelPackers: AHTeam EP Protector 0.3 (fake PCGuard 4.03-4.15) -> FEUERRADERCompiled: False cancelCompilers
Obfuscation
XOR: False cancelFuzzing: False cancel
PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushpopmath
.idata: 1
AVclass
tinyloader
1
VirusTotal
md5
e8eb13e08ebbdbf13400263919d4e01f
sha1
99bc9406fc4edf480a8ef84bef8263a4dcad161b
SCANS (DETECTION RATE = 84.72%)
AVG
result: Win64:Evo-gen [Susp]update: 20200107version: 18.4.3895.0detected: True check_circle
CMC
update: 20190321version: 1.1.0.977detected: False cancel
MAX
result: malware (ai score=100)update: 20200107version: 2019.9.16.1detected: True check_circle
APEX
result: Maliciousupdate: 20200107version: 5.103detected: True check_circle
Bkav
result: W32.KryptikTQP.Trojanupdate: 20200107version: 1.3.0.9899detected: True check_circle
K7GW
result: Trojan ( 004dfbed1 )update: 20200107version: 11.86.32969detected: True check_circle
ALYac
result: Backdoor.DllBot.genupdate: 20200107version: 1.1.1.5detected: True check_circle
Avast
result: Win64:Evo-gen [Susp]update: 20200107version: 18.4.3895.0detected: True check_circle
Avira
result: HEUR/AGEN.1015033update: 20200107version: 8.3.3.8detected: True check_circle
Baidu
update: 20190318version: 1.0.0.2detected: False cancel
Cyren
result: W64/S-cd516b9b!Eldoradoupdate: 20200107version: 6.2.2.2detected: True check_circle
DrWeb
result: Trojan.Siggen6.58820update: 20200107version: 7.0.42.9300detected: True check_circle
GData
result: Trojan.Agent.CJSMupdate: 20200107version: A:25.24502B:26.17272detected: True check_circle
Panda
result: Trj/CI.Aupdate: 20200106version: 4.6.4.2detected: True check_circle
VBA32
result: TrojanDownloader.Win64.TinyLoaderupdate: 20200104version: 4.3.0detected: True check_circle
VIPRE
result: Trojan.Win64.Tinyloader.d (v)update: 20200107version: 80610detected: True check_circle
Zoner
update: 20200107version: 1.0.0.1detected: False cancel
ClamAV
update: 20200107version: 0.102.1.0detected: False cancel
Comodo
result: Malware@#31vmhxzq946qnupdate: 20200107version: 31933detected: True check_circle
F-Prot
result: W64/S-be5d5eeb!Eldoradoupdate: 20200107version: 4.7.1.166detected: True check_circle
Ikarus
result: Trojan.Win64.Tinyupdate: 20200107version: 0.1.5.2detected: True check_circle
McAfee
result: Artemis!E8EB13E08EBBupdate: 20200107version: 6.0.6.653detected: True check_circle
Rising
result: Downloader.Tinyloader!8.D74 (TFE:1:9lbLUxhPStJ)update: 20200107version: 25.0.0.24detected: True check_circle
Sophos
result: Troj/Agent-AQKWupdate: 20200107version: 4.98.0detected: True check_circle
Yandex
result: Trojan.DL.TinyLoader!update: 20200104version: 5.5.2.24detected: True check_circle
Zillya
result: Trojan.Tiny.Win64.6update: 20200106version: 2.0.0.3991detected: True check_circle
Acronis
result: suspiciousupdate: 20200107version: 1.1.1.58detected: True check_circle
Alibaba
result: TrojanDownloader:Application/TinyLoader.cbbf2e58update: 20190527version: 0.3.0.5detected: True check_circle
Arcabit
result: Trojan.Agent.CJSMupdate: 20200107version: 1.0.0.869detected: True check_circle
Cylance
result: Unsafeupdate: 20200107version: 2.3.1.101detected: True check_circle
Endgame
result: malicious (high confidence)update: 20190918version: 3.0.15detected: True check_circle
FireEye
result: Generic.mg.e8eb13e08ebbdbf1update: 20200107version: 29.7.0.0detected: True check_circle
Sangfor
result: Malwareupdate: 20200107version: 1.0detected: True check_circle
TACHYON
result: Backdoor/W32.Akdoor.4096update: 20200107version: 2020-01-07.02detected: True check_circle
Tencent
update: 20200107version: 1.0.0.1detected: False cancel
ViRobot
result: Trojan.Win64.Agent.4096update: 20200107version: 2014.3.20.0detected: True check_circle
Webroot
result: Trojan.Dropper.Genupdate: 20200107version: 1.0.0.403detected: True check_circle
eGambit
update: 20200107detected: False cancel
Ad-Aware
result: Trojan.Agent.CJSMupdate: 20200107version: 3.0.5.370detected: True check_circle
AegisLab
result: Trojan.Win64.TinyLoader.tnJDupdate: 20191220version: 4.2detected: True check_circle
Emsisoft
result: Trojan.Agent.CJSM (B)update: 20200107version: 2018.12.0.1641detected: True check_circle
F-Secure
result: Heuristic.HEUR/AGEN.1015033update: 20200107version: 12.0.86.52detected: True check_circle
Fortinet
result: W64/Tiny.D!trupdate: 20200107version: 6.2.137.0detected: True check_circle
Invincea
result: heuristicupdate: 20191211version: 6.3.6.26157detected: True check_circle
Jiangmin
result: TrojanDownloader.TinyLoader.aupdate: 20200107version: 16.0.100detected: True check_circle
Kingsoft
update: 20200107version: 2013.8.14.323detected: False cancel
Paloalto
result: generic.mlupdate: 20200107version: 1.0detected: True check_circle
Symantec
result: Trojan.Gen.MBTupdate: 20200107version: 1.11.0.0detected: True check_circle
Trapmine
result: malicious.moderate.ml.scoreupdate: 20191216version: 3.2.16.890detected: True check_circle
AhnLab-V3
result: Trojan/Win32.Agent.C1347632update: 20200107version: 3.17.0.26111detected: True check_circle
Antiy-AVL
result: Trojan[Downloader]/Win64.TinyLoaderupdate: 20200107version: 3.0.0.1detected: True check_circle
Kaspersky
result: Trojan-Downloader.Win64.TinyLoader.bupdate: 20200107version: 15.0.1.13detected: True check_circle
Microsoft
result: Trojan:Win64/Anobato.Aupdate: 20200107version: 1.1.16600.7detected: True check_circle
Qihoo-360
result: Win32/Trojan.Downloader.a6cupdate: 20200107version: 1.0.0.1120detected: True check_circle
ZoneAlarm
result: Trojan-Downloader.Win64.TinyLoader.bupdate: 20200107version: 1.0detected: True check_circle
Cybereason
result: malicious.08ebbdupdate: 20190616version: 1.2.449detected: True check_circle
ESET-NOD32
result: a variant of Win64/Tiny.Dupdate: 20200107version: 20631detected: True check_circle
TrendMicro
result: BKDR64_TINY.SM0update: 20200107version: 11.0.0.1006detected: True check_circle
BitDefender
result: Trojan.Agent.CJSMupdate: 20200107version: 7.2detected: True check_circle
CrowdStrike
result: win/malicious_confidence_100% (W)update: 20190702version: 1.0detected: True check_circle
K7AntiVirus
result: Trojan ( 004dfbed1 )update: 20200107version: 11.86.32970detected: True check_circle
SentinelOne
result: DFI - Malicious PEupdate: 20191218version: 1.12.1.57detected: True check_circle
Avast-Mobile
update: 20200106version: 200106-02detected: False cancel
Malwarebytes
result: Trojan.Tinyupdate: 20200107version: 3.6.4.330detected: True check_circle
TotalDefense
update: 20200107version: 37.1.62.1detected: False cancel
CAT-QuickHeal
result: Trojan.Dynamer.S12223update: 20200107version: 14.00detected: True check_circle
NANO-Antivirus
result: Trojan.Win64.Tiny.exxkhxupdate: 20200107version: 1.0.134.25031detected: True check_circle
BitDefenderTheta
update: 20191223version: 7.2.37796.0detected: False cancel
MicroWorld-eScan
result: Trojan.Agent.CJSMupdate: 20200107version: 14.0.297.0detected: True check_circle
SUPERAntiSpyware
update: 20200103version: 5.6.0.1032detected: False cancel
McAfee-GW-Edition
result: BehavesLike.Win64.Generic.xzupdate: 20200107version: v2017.3010detected: True check_circle
TrendMicro-HouseCall
result: BKDR64_TINY.SM0update: 20200107version: 10.0.0.1040detected: True check_circle
total
72
sha256
99a305b395e433924576ddc489ea1fd63233a1cbba3331ba1192b4d8d52bcb8b
scan_id
99a305b395e433924576ddc489ea1fd63233a1cbba3331ba1192b4d8d52bcb8b-1578406833
resource
e8eb13e08ebbdbf13400263919d4e01f
positives
61
scan_date
2020-01-07 14:20:33
verbose_msg
Scan finished, information embedded
response_code
1
Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 65.62%suspicious: True check_circle
Decision Tree (NFS-BRMalware)
confidence: 100.00%suspicious: False cancel
MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 66.92%suspicious: True check_circle
Random Forest (100 estimators, NFS-BRMalware)
confidence: 70.00%suspicious: True check_circle
Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 59.90%suspicious: True check_circle
LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%suspicious: True check_circle