Report #12010 cancel

  • Creation Date: Sept. 23, 2020, 6:39 a.m.
  • Last Update: Sept. 23, 2020, 7:05 a.m.
  • File: 005
  • Results:
Binary
DLL
False cancel
Size
4.00KB
trid
33.4% OS/2 Executable
33.0% Generic Win/DOS Executable
32.9% DOS Executable Generic
0.5% VXD Driver
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
e8eb13e08ebbdbf13400263919d4e01f
sha1
99bc9406fc4edf480a8ef84bef8263a4dcad161b
crc32
0x73a5cb04
sha224
5a436f487affdcb36a44cb7372500aa5cbc2940932c831291a7ef836
sha256
99a305b395e433924576ddc489ea1fd63233a1cbba3331ba1192b4d8d52bcb8b
sha384
03135482531720bdf6d65d777434f58eaa4de8094c09d8b4b58d7f20eb1c7cd201a257729c60461c2a2d59330068628c
sha512
82b106ce45a73fc39c3e3a964010cd56a31887a03435fbc1f81dbc8f66273757094245b830c9b2eb5129de310d152db3af56fe532394fd61216e4021071f3294
ssdeep
48:ZvtPiyxpbJwAm0J45hlg+1eqJ8oH4Pdo0DUmXFanUWMpR6YsgMMXPxE4Ymz:Z16yxTWeZdo0D51aSpYUMqPF
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, network_tcp_socket, FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET, contentis_base64, IsPE64, HasOverlay, FASM, AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER, IsWindowsGUI

Suspicious
True check_circle

Strings
List
wsock32.dll
wsock32.dll
inet_addr
GetProcAddress
IsWow64Process
VirtualAlloc
VirtualAlloc
closesocket
LoadLibraryA
WSAStartup
connect
socket
Sleep
Sleep
send
recv
__WSAFDIsSet
.0.22
85.93
!This program cannot be run in DOS mode.
GetCurrentProcess
htons
RtlZeroMemory
lstrcatA
lstrcpyA
lstrcpyA
.idata
select
.data
kernel32.dll
kernel32.dll
kernel32.dll
.text
D$ A

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, kernel32.dll, wsock32.dll, wsock32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 512
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 18316
Suspicous: False cancel

Sections
Allowed: .text, .idata, .data
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 1
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 1
Linker
Version: 1.71
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4961
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, wsock32.dll
hasLibs: True check_circle
Suspicious: kernel32.dll, wsock32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2016-02-22 19:41:20
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: AHTeam EP Protector 0.3 (fake PCGuard 4.03-4.15) -> FEUERRADER
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushpopmath
.idata: 1

AVclass
tinyloader
1
VirusTotal
md5
e8eb13e08ebbdbf13400263919d4e01f
sha1
99bc9406fc4edf480a8ef84bef8263a4dcad161b
SCANS (DETECTION RATE = 84.72%)
AVG
result: Win64:Evo-gen [Susp]
update: 20200107
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20200107
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200107
version: 5.103
detected: True check_circle

Bkav
result: W32.KryptikTQP.Trojan
update: 20200107
version: 1.3.0.9899
detected: True check_circle

K7GW
result: Trojan ( 004dfbed1 )
update: 20200107
version: 11.86.32969
detected: True check_circle

ALYac
result: Backdoor.DllBot.gen
update: 20200107
version: 1.1.1.5
detected: True check_circle

Avast
result: Win64:Evo-gen [Susp]
update: 20200107
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1015033
update: 20200107
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W64/S-cd516b9b!Eldorado
update: 20200107
version: 6.2.2.2
detected: True check_circle

DrWeb
result: Trojan.Siggen6.58820
update: 20200107
version: 7.0.42.9300
detected: True check_circle

GData
result: Trojan.Agent.CJSM
update: 20200107
version: A:25.24502B:26.17272
detected: True check_circle

Panda
result: Trj/CI.A
update: 20200106
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.Win64.TinyLoader
update: 20200104
version: 4.3.0
detected: True check_circle

VIPRE
result: Trojan.Win64.Tinyloader.d (v)
update: 20200107
version: 80610
detected: True check_circle

Zoner
update: 20200107
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20200107
version: 0.102.1.0
detected: False cancel

Comodo
result: Malware@#31vmhxzq946qn
update: 20200107
version: 31933
detected: True check_circle

F-Prot
result: W64/S-be5d5eeb!Eldorado
update: 20200107
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Win64.Tiny
update: 20200107
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!E8EB13E08EBB
update: 20200107
version: 6.0.6.653
detected: True check_circle

Rising
result: Downloader.Tinyloader!8.D74 (TFE:1:9lbLUxhPStJ)
update: 20200107
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/Agent-AQKW
update: 20200107
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.TinyLoader!
update: 20200104
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Tiny.Win64.6
update: 20200106
version: 2.0.0.3991
detected: True check_circle

Acronis
result: suspicious
update: 20200107
version: 1.1.1.58
detected: True check_circle

Alibaba
result: TrojanDownloader:Application/TinyLoader.cbbf2e58
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Agent.CJSM
update: 20200107
version: 1.0.0.869
detected: True check_circle

Cylance
result: Unsafe
update: 20200107
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190918
version: 3.0.15
detected: True check_circle

FireEye
result: Generic.mg.e8eb13e08ebbdbf1
update: 20200107
version: 29.7.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200107
version: 1.0
detected: True check_circle

TACHYON
result: Backdoor/W32.Akdoor.4096
update: 20200107
version: 2020-01-07.02
detected: True check_circle

Tencent
update: 20200107
version: 1.0.0.1
detected: False cancel

ViRobot
result: Trojan.Win64.Agent.4096
update: 20200107
version: 2014.3.20.0
detected: True check_circle

Webroot
result: Trojan.Dropper.Gen
update: 20200107
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20200107
detected: False cancel

Ad-Aware
result: Trojan.Agent.CJSM
update: 20200107
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win64.TinyLoader.tnJD
update: 20191220
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.Agent.CJSM (B)
update: 20200107
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Heuristic.HEUR/AGEN.1015033
update: 20200107
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W64/Tiny.D!tr
update: 20200107
version: 6.2.137.0
detected: True check_circle

Invincea
result: heuristic
update: 20191211
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: TrojanDownloader.TinyLoader.a
update: 20200107
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200107
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200107
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.MBT
update: 20200107
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.moderate.ml.score
update: 20191216
version: 3.2.16.890
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Agent.C1347632
update: 20200107
version: 3.17.0.26111
detected: True check_circle

Antiy-AVL
result: Trojan[Downloader]/Win64.TinyLoader
update: 20200107
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win64.TinyLoader.b
update: 20200107
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win64/Anobato.A
update: 20200107
version: 1.1.16600.7
detected: True check_circle

Qihoo-360
result: Win32/Trojan.Downloader.a6c
update: 20200107
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan-Downloader.Win64.TinyLoader.b
update: 20200107
version: 1.0
detected: True check_circle

Cybereason
result: malicious.08ebbd
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win64/Tiny.D
update: 20200107
version: 20631
detected: True check_circle

TrendMicro
result: BKDR64_TINY.SM0
update: 20200107
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.Agent.CJSM
update: 20200107
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 004dfbed1 )
update: 20200107
version: 11.86.32970
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20191218
version: 1.12.1.57
detected: True check_circle

Avast-Mobile
update: 20200106
version: 200106-02
detected: False cancel

Malwarebytes
result: Trojan.Tiny
update: 20200107
version: 3.6.4.330
detected: True check_circle

TotalDefense
update: 20200107
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Dynamer.S12223
update: 20200107
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win64.Tiny.exxkhx
update: 20200107
version: 1.0.134.25031
detected: True check_circle

BitDefenderTheta
update: 20191223
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Trojan.Agent.CJSM
update: 20200107
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20200103
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win64.Generic.xz
update: 20200107
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: BKDR64_TINY.SM0
update: 20200107
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
99a305b395e433924576ddc489ea1fd63233a1cbba3331ba1192b4d8d52bcb8b
scan_id
99a305b395e433924576ddc489ea1fd63233a1cbba3331ba1192b4d8d52bcb8b-1578406833
resource
e8eb13e08ebbdbf13400263919d4e01f
positives
61
scan_date
2020-01-07 14:20:33
verbose_msg
Scan finished, information embedded
response_code
1
Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 65.62%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 66.92%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 70.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 59.90%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle