Report #12644 check_circle

Binary
DLL
False cancel
Size
316.00KB
trid
70.6% Windows ActiveX control
18.9% Win32 Executable MS Visual C++
3.9% Win32 Dynamic Link Library
2.7% Win32 Executable
1.2% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
348340b02eb71e7373a511cf010377bd
sha1
c73de304586322a2282c11e35e777b47325ddba7
crc32
0x5d0d0bba
sha224
eb6dd32097961620fff2def4936d3089b51ab0e0b60244d71ae17145
sha256
76bb1d6d78295a74b2999ddc2e346acd8ce612087949a075b8e156f08baf0d3b
sha384
f019ee835dfcefc4d512b86370f16c674bc4e90da4dc8d660ca90b8b22c8b6706f7c9e3197856b251b689a05ad76c3af
sha512
60db7c71da7147c3bdf453fa499d438ec2fde26557edc5c4d751327a3aa9d54502439884b799c0845e1072f0fc1158e80568a2f9ed2c6bf33a0290b478a39a00
ssdeep
3072:s/0UP1palmYxYlUwkj0lSvtjHrBcomASnKU59hu7FL8SM+0tYhYYoqbN:s1u/YlUwa0ueoWnrU7FgSM+0i22
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, network_tcp_socket, generic_javascript_obfuscation, Microsoft_Visual_Basic_v50_additional, HasRichSignature, contentis_base64, android_meterpreter, IsPE32, Microsoft_Visual_Basic_v50, Microsoft_Visual_Basic_v50_v60, Microsoft_Visual_Basic_v50v60_additional, Microsoft_Visual_Basic_v50v60, SEH__vba, IsWindowsGUI

Suspicious
True check_circle

Strings
List
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
c:\\windows\\system32\\msvbvm60.dll
wsock32.dll
storport.sys
mswsock.dll
tape.sys
ndis.sys
winspool.drv
msimg32.dll
wtsapi32.dll
msvbvm60.dll
comctl32.dll
msacm32.dll
version.dll
Wininet.dll
nddeapi.dll
clusapi.dll
certcli.dll
Wininet.dll
InstCheck.dll
InstCheck.dll
InstCheck.dll
hal.dll
urlmon.dll
rsaenh.dll
vdmdbg.dll
ntdll.dll
authz.dll
shfolder.dll
framedyn.dll
mcisendcommandw
ntoskrnl.exe
mprapi.dll
mpr.dll
api-ms-win-core-sysinfo-l1-2-1.dll
insertmenua
getoverlappedresult
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-1.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-handle-l1-1-0.dll
indycore100.bpl
mscoree.dll
_mbsnbicmp
imagelist_dragenter
imagelist_destroy
httpsendrequestexw
httpendrequestw
httpsendrequestw
getconsoleoutputcp
setclasslonga
getclasslongw
__vbaOnError
__vbaOnError
__vbaOnError
__vbaOnError
__vbaOnError
__vbaOnError
__vbaOnError
getcpinfo
getprocessheap
getcommandlinea
shellexecutea
findexecutablea
zwunloaddriver
_acmdln
isdebuggerpresent
setfilesecurityw
setfilesecuritya
outputdebugstringa
getshellwindow
setthreadexecutionstate
destroycursor
registerwindowmessagea
flushfilebuffers
HasChrome
HasChrome
heapdestroy
regflushkey
coinitializesecurity
internetattemptconnect
urldownloadtofilew
lookupprivilegevaluea
destroymenu
setsecurityinfo
getsecurityinfo
hidecaret
destroyicon
registerdragdrop
OLESelfRegister
mprconfigserverdisconnect
initializesecuritydescriptor
callnamedpipew
registerclassexw
registerclassa
internetcrackurlw
checktokenmembership
internetcrackurla

Foremost
Matches
0.exe, 316 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: InstCheck.dll, wtsapi32.dll, ntdll.dll, hal.dll, user32.dll, comctl32.dll, MSVBVM60.DLL, rpcrt4.dll, authz.dll, api-ms-win-core-handle-l1-1-0.dll, framedyn.dll, mscoree.dll, vdmdbg.dll, msvcrt.dll, api-ms-win-core-profile-l1-1-0.dll, wsock32.dll, api-ms-win-core-errorhandling-l1-1-1.dll, msacm32.dll, shfolder.dll, Wininet.dll, certcli.dll, imagehlp.dll, mpr.dll, kernel32.dll, oleaut32.dll, mprapi.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-core-synch-l1-2-0.dll, ole32.dll, msimg32.dll, version.dll, nddeapi.dll, gdi32.dll, VBA6.DLL, mswsock.dll, urlmon.dll, rsaenh.dll, c:\\windows\\system32\\msvbvm60.dll, clusapi.dll, shell32.dll, api-ms-win-core-sysinfo-l1-2-1.dll
hasFiles: True check_circle
Suspicious: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 348160
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 292779
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc, .l1
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5104
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: wtsapi32.dll, ntdll.dll, hal.dll, user32.dll, comctl32.dll, msvbvm60.dll, rpcrt4.dll, authz.dll, api-ms-win-core-handle-l1-1-0.dll, framedyn.dll, mscoree.dll, vdmdbg.dll, msvcrt.dll, api-ms-win-core-profile-l1-1-0.dll, wsock32.dll, api-ms-win-core-errorhandling-l1-1-1.dll, msacm32.dll, shfolder.dll, wininet.dll, certcli.dll, imagehlp.dll, mpr.dll, kernel32.dll, oleaut32.dll, mprapi.dll, api-ms-win-core-synch-l1-2-0.dll, ole32.dll, msimg32.dll, version.dll, nddeapi.dll, gdi32.dll, mswsock.dll, urlmon.dll, rsaenh.dll, clusapi.dll, shell32.dll
hasLibs: True check_circle
Suspicious: instcheck.dll, api-ms-win-core-libraryloader-l1-2-0.dll, vba6.dll, c:\\windows\\system32\\msvbvm60.dll, api-ms-win-core-sysinfo-l1-2-1.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-09-22 19:09:38
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual Basic v5.0, Microsoft Visual Basic v5.0 - v6.0

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
90336, 237792
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 4
.text: 8

nopsequence
.rsrc: 34
.text: 4

pushpopmath
.rsrc: 302
.text: 3

garbagebytes
.rsrc: 2
.text: 4

programcontrolflowchange
.rsrc: 2
.text: 4

cpuinstructionsresultscomparison
.rsrc: 4
.text: 5

AVclass
bankfraud
1
VirusTotal
md5
348340b02eb71e7373a511cf010377bd
sha1
c73de304586322a2282c11e35e777b47325ddba7
SCANS (DETECTION RATE = 61.43%)
AVG
result: Win32:Broban-O [Trj]
update: 20210511
version: 21.1.5827.0
detected: True check_circle

CMC
update: 20210506
version: 2.10.2019.1
detected: False cancel

MAX
result: malware (ai score=82)
update: 20210512
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20210510
version: 6.162
detected: True check_circle

Bkav
result: W32.AIDetect.malware1
update: 20210511
version: 1.3.0.9899
detected: True check_circle

K7GW
update: 20210511
version: 11.181.37150
detected: False cancel

ALYac
result: Gen:Trojan.Heur2.ZGY.5
update: 20210511
version: 1.1.3.1
detected: True check_circle

Avast
result: Win32:Broban-O [Trj]
update: 20210511
version: 21.1.5827.0
detected: True check_circle

Avira
result: TR/Dropper.Gen
update: 20210512
version: 8.3.3.12
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20210511
version: 4.0.0.27
detected: True check_circle

Cyren
result: W32/Virlock.X.gen!Eldorado
update: 20210511
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.KillFiles.16556
update: 20210511
version: 7.0.49.9080
detected: True check_circle

GData
result: Gen:Trojan.Heur2.ZGY.5
update: 20210511
version: A:25.29616B:27.22972
detected: True check_circle

Panda
update: 20210511
version: 4.6.4.2
detected: False cancel

VBA32
update: 20210507
version: 5.0.0
detected: False cancel

VIPRE
update: 20210511
version: 92484
detected: False cancel

Zoner
update: 20210511
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Keylogger.Bancos-7586349-0
update: 20210511
version: 0.103.2.0
detected: True check_circle

Comodo
update: 20210511
version: 33520
detected: False cancel

Ikarus
result: Trojan-Banker.Win32.VB
update: 20210511
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/PWS-Banker.es
update: 20210504
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Noon!8.E7C9 (TFE:dGZlOgFuzzOiYDnPEQ)
update: 20210511
version: 25.0.0.26
detected: True check_circle

Sophos
result: ML/PE-A
update: 20210511
version: 1.0.2.0
detected: True check_circle

Yandex
result: Trojan.Bankfraud!/zPM9blMqLs
update: 20210510
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20210511
version: 2.0.0.4360
detected: False cancel

Acronis
update: 20210211
version: 1.1.1.81
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20210511
version: 1.0.0.886
detected: False cancel

Cylance
result: Unsafe
update: 20210512
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20210420
version: 4.0.21
detected: True check_circle

FireEye
result: Generic.mg.348340b02eb71e73
update: 20210511
version: 32.44.1.0
detected: True check_circle

Sangfor
result: Trojan.Win32.Save.a
update: 20210416
version: 2.9.0.0
detected: True check_circle

TACHYON
update: 20210512
version: 2021-05-12.01
detected: False cancel

Tencent
update: 20210512
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20210511
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210512
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_60%
update: 20210512
detected: True check_circle

Ad-Aware
result: Gen:Trojan.Heur2.ZGY.5
update: 20210512
version: 3.0.21.179
detected: True check_circle

AegisLab
update: 20210512
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Trojan.Heur2.ZGY.5 (B)
update: 20210511
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20210331
version: 12.0.86.52
detected: False cancel

Fortinet
result: W32/CoinMiner.3E08!tr
update: 20210511
version: 6.2.142.0
detected: True check_circle

Jiangmin
result: Trojan.Generic.awuad
update: 20210511
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20210512
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20210512
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20210511
version: 1.14.0.0
detected: True check_circle

AhnLab-V3
update: 20210512
version: 3.20.0.10177
detected: False cancel

Antiy-AVL
result: Trojan/Generic.ASMalwS.C120DD
update: 20210511
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20210512
version: 21.0.1.45
detected: True check_circle

MaxSecure
result: Trojan.Malware.121218.susgen
update: 20210511
version: 1.0.0.1
detected: True check_circle

Microsoft
result: TrojanSpy:Win32/BrobanDel.A
update: 20210511
version: 1.1.18100.6
detected: True check_circle

Qihoo-360
update: 20210512
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20210512
version: 1.0
detected: False cancel

Cybereason
result: malicious.02eb71
update: 20210330
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Spy.Bancos.AEI
update: 20210511
version: 23280
detected: True check_circle

Gridinsoft
update: 20210511
version: 1.0.39.131
detected: False cancel

TrendMicro
result: Possible_TrojSpyBancos.UNP
update: 20210511
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Trojan.Heur2.ZGY.5
update: 20210511
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (D)
update: 20210203
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20210511
version: 11.181.37149
detected: False cancel

SentinelOne
result: Static AI - Malicious PE
update: 20210215
version: 5.0.0.20
detected: True check_circle

Malwarebytes
result: Trojan.Nymaim.Generic
update: 20210511
version: 4.2.2.27
detected: True check_circle

CAT-QuickHeal
update: 20210511
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Bankfraud.dflinw
update: 20210512
version: 1.0.146.25279
detected: True check_circle

BitDefenderTheta
result: AI:Packer.254A2CEF15
update: 20210504
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Trojan.Heur2.ZGY.5
update: 20210511
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20210507
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.ft
update: 20210511
version: v2019.1.2+3728
detected: True check_circle

TrendMicro-HouseCall
result: Possible_TrojSpyBancos.UNP
update: 20210511
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
76bb1d6d78295a74b2999ddc2e346acd8ce612087949a075b8e156f08baf0d3b
scan_id
76bb1d6d78295a74b2999ddc2e346acd8ce612087949a075b8e156f08baf0d3b-1620785400
resource
348340b02eb71e7373a511cf010377bd
positives
43
scan_date
2021-05-12 02:10:00
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 81.88%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 50.70%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 80.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 74.02%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.67%
suspicious: True check_circle

Add to Collection
Download