Report #12651 check_circle

  • Creation Date: June 14, 2021, 5:03 p.m.
  • Last Update: June 14, 2021, 5:10 p.m.
  • File: evader.exe
  • Results:
Binary
DLL
False cancel
Size
93.50KB
trid
72.2% Windows ActiveX control
17.1% Win64 Executable
4.0% Win32 Dynamic Link Library
2.7% Win32 Executable
1.2% OS/2 Executable
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
707b40d8967b66967fe53a2817755731
sha1
3f1ff2d4752737c881bc59e3f786e97c77471089
crc32
0x1b43d36e
sha224
dcaf18329b7d7d149ff77ddfb3908810efae136189e7c82112e37ef1
sha256
d913081477c52bda86b8f67b53e733703d764c3fa027c90d1dfc42674ed73d10
sha384
d9305694f8c1299c8d7a8fa10990e6d3f811948d65997fb8b3ab8a03e92c2f6a7a36cea139c62a3027b492e4f7e70159
sha512
da71f1edf75fcadc2984855a0db570df745b2a4815c8eb72fc50824f5d545a9bf781d57397e6cc93dbb31d77a6cd5bffe23435021e557feab688dfaa7473fbff
ssdeep
768:d9meSzP7lgnFndU59qKl6sLiix0XJTr3kGzOGiVhAhYDkqzk3v2ntkB1:dX8P+FndU59VLi00hsGYhAhYoqzk+tA
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, anti_dbg, IsPE64, contentis_base64, android_meterpreter, win_registry, HasDebugData, IsConsole, network_tcp_socket, Microsoft_Visual_Cpp_80_DLL, SEH__vba, HasRichSignature

Suspicious
True check_circle

Strings
List
c:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
c:\\windows\\system32\\msvbvm60.dll
wsock32.dll
storport.sys
mswsock.dll
COMCTL32.dll
ndis.sys
tape.sys
winspool.drv
MSVCR110.dll
msimg32.dll
comctl32.dll
msacm32.dll
wtsapi32.dll
msvbvm60.dll
version.dll
WINMM.dll
nddeapi.dll
clusapi.dll
certcli.dll
UxTheme.dll
InstCheck.dll
InstCheck.dll
urlmon.dll
ntdll.dll
authz.dll
vdmdbg.dll
hal.dll
rsaenh.dll
shfolder.dll
framedyn.dll
mcisendcommandw
ntoskrnl.exe
mprapi.dll
mpr.dll
proc.exe
proc.exe
api-ms-win-core-sysinfo-l1-2-1.dll
getoverlappedresult
insertmenua
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-1.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-handle-l1-1-0.dll
indycore100.bpl
mscoree.dll
_mbsnbicmp
imagelist_dragenter
imagelist_destroy
<requestedPrivileges>
shell_notifyiconw
__crt_debugger_hook
httpsendrequestexw
httpsendrequestw
httpendrequestw
getconsoleoutputcp
setclasslonga
getclasslongw
__vbaOnError
__vbaOnError
__vbaOnError
getcpinfo
getprocessheap
getcommandlinea
shellexecutea
IsProcessorFeaturePresent
findexecutablea
zwunloaddriver
_acmdln
isdebuggerpresent
setfilesecuritya
setfilesecurityw
outputdebugstringa
getshellwindow
setthreadexecutionstate
destroycursor
registerwindowmessagea
flushfilebuffers
HasChrome
heapdestroy
regflushkey
CreateEventW
coinitializesecurity
internetattemptconnect
urldownloadtofilew
lookupprivilegevaluea
regconnectregistrya
destroymenu
setsecurityinfo
getsecurityinfo
hidecaret
destroyicon
registerdragdrop
OLESelfRegister
iowmiregistrationcontrol
IsDebuggerPresent
mprconfigserverdisconnect
initializesecuritydescriptor
callnamedpipew

Foremost
Matches
24.dll, 80 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: InstCheck.dll, imagehlp.dll, api-ms-win-core-profile-l1-1-0.dll, ntdll.dll, api-ms-win-core-synch-l1-2-0.dll, nddeapi.dll, user32.dll, MSVBVM60.DLL, rsaenh.dll, ADVAPI32.dll, authz.dll, api-ms-win-core-handle-l1-1-0.dll, MSVCR110.dll, clusapi.dll, msacm32.dll, mscoree.dll, msvcrt.dll, SHLWAPI.dll, SHELL32.dll, framedyn.dll, wtsapi32.dll, COMCTL32.dll, api-ms-win-core-errorhandling-l1-1-1.dll, OLEAUT32.dll, certcli.dll, vdmdbg.dll, shfolder.dll, RPCRT4.dll, mpr.dll, UxTheme.dll, WINMM.dll, kernel32.dll, mprapi.dll, GDI32.dll, ole32.dll, hal.dll, api-ms-win-core-libraryloader-l1-2-0.dll, msimg32.dll, version.dll, api-ms-win-core-sysinfo-l1-2-1.dll, VBA6.DLL, mswsock.dll, urlmon.dll, c:\\windows\\system32\\msvbvm60.dll, wsock32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 91136
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6772
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: imagehlp.dll, api-ms-win-core-profile-l1-1-0.dll, ntdll.dll, api-ms-win-core-synch-l1-2-0.dll, nddeapi.dll, user32.dll, msvbvm60.dll, rsaenh.dll, advapi32.dll, authz.dll, api-ms-win-core-handle-l1-1-0.dll, clusapi.dll, msacm32.dll, mscoree.dll, msvcrt.dll, shlwapi.dll, shell32.dll, framedyn.dll, wtsapi32.dll, comctl32.dll, api-ms-win-core-errorhandling-l1-1-1.dll, oleaut32.dll, certcli.dll, vdmdbg.dll, shfolder.dll, rpcrt4.dll, mpr.dll, uxtheme.dll, winmm.dll, kernel32.dll, mprapi.dll, gdi32.dll, ole32.dll, hal.dll, msimg32.dll, version.dll, mswsock.dll, urlmon.dll, wsock32.dll
hasLibs: True check_circle
Suspicious: instcheck.dll, msvcr110.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-core-sysinfo-l1-2-1.dll, vba6.dll, c:\\windows\\system32\\msvbvm60.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2021-06-14 17:03:35
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
12448
Suspicious
True check_circle
Disassembly
hasTricks
False cancel
Tricks
AVclass
None
1
VirusTotal
md5
707b40d8967b66967fe53a2817755731
sha1
3f1ff2d4752737c881bc59e3f786e97c77471089
SCANS (DETECTION RATE = 46.38%)
AVG
result: Win64:BankerX-gen [Trj]
update: 20210614
version: 21.1.5827.0
detected: True check_circle

CMC
update: 20210506
version: 2.10.2019.1
detected: False cancel

MAX
result: malware (ai score=89)
update: 20210614
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20210613
version: 6.174
detected: True check_circle

Bkav
update: 20210614
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 0057208f1 )
update: 20210614
version: 11.188.37449
detected: True check_circle

ALYac
result: Gen:Variant.Mikey.123438
update: 20210614
version: 1.1.3.1
detected: True check_circle

Avast
result: Win64:BankerX-gen [Trj]
update: 20210614
version: 21.1.5827.0
detected: True check_circle

Avira
result: TR/VB.Downloader.Gen2
update: 20210614
version: 8.3.3.12
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 99)
update: 20210614
version: 4.0.0.27
detected: True check_circle

Cyren
result: W64/Kryptik.BZP.gen!Eldorado
update: 20210614
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Encoder.30162
update: 20210614
version: 7.0.49.9080
detected: True check_circle

GData
result: Gen:Variant.Mikey.123438
update: 20210614
version: A:25.29956B:27.23360
detected: True check_circle

Panda
update: 20210614
version: 4.6.4.2
detected: False cancel

VBA32
update: 20210614
version: 5.0.0
detected: False cancel

VIPRE
update: 20210614
version: 93294
detected: False cancel

Zoner
update: 20210614
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Dropper.Bancos-7586364-0
update: 20210614
version: 0.103.2.0
detected: True check_circle

Comodo
update: 20210614
version: 33621
detected: False cancel

Ikarus
result: Trojan.Win32.Injector
update: 20210614
version: 0.1.5.2
detected: True check_circle

McAfee
update: 20210614
version: 6.0.6.653
detected: False cancel

Rising
update: 20210614
version: 25.0.0.26
detected: False cancel

Sophos
update: 20210614
version: 1.0.2.0
detected: False cancel

Yandex
update: 20210614
version: 5.5.2.24
detected: False cancel

Zillya
update: 20210614
version: 2.0.0.4386
detected: False cancel

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20210614
version: 1.0.0.886
detected: False cancel

Cylance
update: 20210614
version: 2.3.1.101
detected: False cancel

Elastic
result: malicious (high confidence)
update: 20210524
version: 4.0.22
detected: True check_circle

FireEye
result: Gen:Variant.Mikey.123438
update: 20210614
version: 32.44.1.0
detected: True check_circle

Sangfor
update: 20210607
version: 2.9.0.0
detected: False cancel

TACHYON
update: 20210614
version: 2021-06-14.02
detected: False cancel

ViRobot
update: 20210614
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210614
version: 1.0.0.403
detected: False cancel

eGambit
update: 20210614
detected: False cancel

Ad-Aware
result: Gen:Variant.Mikey.123438
update: 20210614
version: 3.0.21.179
detected: True check_circle

AegisLab
update: 20210614
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Variant.Mikey.123438 (B)
update: 20210614
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20210614
version: 12.0.86.52
detected: False cancel

Fortinet
result: W64/Kryptik.ERUI!tr
update: 20210614
version: 6.2.142.0
detected: True check_circle

Jiangmin
result: Trojan.MSIL.qkml
update: 20210613
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20210614
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20210614
version: 1.0
detected: False cancel

Symantec
update: 20210614
version: 1.14.0.0
detected: False cancel

AhnLab-V3
result: Trojan/Win32.AgentTesla.R350864
update: 20210614
version: 3.20.2.10137
detected: True check_circle

Antiy-AVL
result: Trojan/Generic.ASMalwS.30EDC2B
update: 20210614
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: VHO:Trojan.Win32.Convagent.gen
update: 20210614
version: 21.0.1.45
detected: True check_circle

MaxSecure
update: 20210614
version: 1.0.0.1
detected: False cancel

Microsoft
result: TrojanDropper:Win64/SodinokibiCrypt.SA!MTB
update: 20210614
version: 1.1.18200.4
detected: True check_circle

Qihoo-360
update: 20210614
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20210614
version: 1.0
detected: False cancel

Cybereason
result: malicious.8967b6
update: 20210330
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win64/Kryptik.CAA
update: 20210614
version: 23461
detected: True check_circle

Gridinsoft
result: Trojan.Win64.Kryptik.oa!s1
update: 20210614
version: 1.0.44.137
detected: True check_circle

TrendMicro
update: 20210614
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Variant.Mikey.123438
update: 20210614
version: 7.2
detected: True check_circle

CrowdStrike
update: 20210203
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan ( 0057208f1 )
update: 20210614
version: 11.188.37448
detected: True check_circle

SentinelOne
update: 20210518
version: 5.1.0.5
detected: False cancel

Malwarebytes
result: Trojan.MalPack
update: 20210614
version: 4.2.2.27
detected: True check_circle

CAT-QuickHeal
result: Trojan.GenericRI.S15761495
update: 20210614
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20210614
version: 1.0.146.25311
detected: False cancel

BitDefenderTheta
update: 20210610
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Gen:Variant.Mikey.123438
update: 20210614
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20210612
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Generic Downloader.x
update: 20210614
version: v2019.1.2+3728
detected: True check_circle

TrendMicro-HouseCall
update: 20210614
version: 10.0.0.1040
detected: False cancel

total
69
sha256
d913081477c52bda86b8f67b53e733703d764c3fa027c90d1dfc42674ed73d10
scan_id
d913081477c52bda86b8f67b53e733703d764c3fa027c90d1dfc42674ed73d10-1623701018
resource
707b40d8967b66967fe53a2817755731
positives
32
scan_date
2021-06-14 20:03:38
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
14/6/2021 - 16:45:42.575Unknown2476C:\malware.exeC:\Monitor\proc.exe
14/6/2021 - 16:45:42.575Unknown2476C:\malware.exeC:\Monitor
14/6/2021 - 16:45:42.575Unknown2476C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 82.50%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 97.94%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 66.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 37.47%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download