Report #12653 cancel

  • Creation Date: June 22, 2021, 3:04 p.m.
  • Last Update: June 22, 2021, 3:09 p.m.
  • File: amtouq.dll
  • Results:
Binary
DLL
True check_circle
Size
649.50KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
1976f991ef73e1b3305fab51d0db41a9
sha1
30b4dc4fb7bc20a810308de8b150f49cc82b4e28
crc32
0x1b411119
sha224
849f5ca1b025f130b9b4c3b4b45b1996ffff4f36eb99da558ea22ac7
sha256
a2a2231540a83c68d7bee4eb6dbfbad81ac2993ee698bbe4e9fb71a6d0d2f943
sha384
8ed2faa7b719f5fa1ffbd44a3ce3d4f076c95e97ed3a85706ecd360cf2d2f3e0cfb61a7f7fb017af34534065acafee5c
sha512
a261788dd076309fa5d00e0ad7ca083d23192b85fe02672b4b81833acc752c9c09a80c3ede9be3b696ff907f94200da223e064541d2527581101cdc29c24796e
ssdeep
12288:Z9HQ0QpFcsVI/Nt92MRsRz388Gnr93ndsAgsgk+5EUqO:Zi3M9VaRzs8Gp3utqUq
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IsDLL, domain, contentis_base64, Check_OutputDebugStringA_iat, Borland_Delphi_DLL, HasDebugData, Borland_Delphi_v40_v50, HasRichSignature, win_mutex, Borland_Delphi_30_, win_files_operation, Microsoft_Visual_Cpp_v50v60_MFC, maldoc_find_kernel32_base_method_1, Borland_Delphi_30_additional, IsPE32, Borland_Delphi_v30, IsWindowsGUI, anti_dbg, IP

Suspicious
True check_circle

Strings
List


Foremost
Matches
0.dll, 649 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.7.2.221, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll, Ckernel32.dll, Ringuse.DLL, OLEAUT32.dll, ADVAPI32.dll, OLEACC.dll, ole32.dll, USER32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 268800
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .data, .idata, .gfids, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 14.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 216672
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll, oleaut32.dll, advapi32.dll, oleacc.dll, ole32.dll, user32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: ckernel32.dll, ringuse.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-03-27 07:59:42
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???)

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 1

pushret
.data: 23
.text: 51
.idata: 6

pushpopmath
.data: 20
.text: 44
.reloc: 10

sizeofimage
.text: 1

garbagebytes
.data: 7
.text: 15

hookdetection
.text: 7
.reloc: 3

stealthimport
.text: 1

peb ntglobalflag
.text: 1

isdebbugerpresent
.text: 1

software breakpoint
.data: 1
.text: 12
.reloc: 2

fakeconditionaljumps
.text: 10

programcontrolflowchange
.data: 7
.text: 15

cpuinstructionsresultscomparison
.data: 46
.text: 91

AVclass
zload
1
VirusTotal
md5
1976f991ef73e1b3305fab51d0db41a9
sha1
30b4dc4fb7bc20a810308de8b150f49cc82b4e28
SCANS (DETECTION RATE = 41.18%)
AVG
result: Win32:Trojan-gen
update: 20210622
version: 21.1.5827.0
detected: True check_circle

CMC
update: 20210506
version: 2.10.2019.1
detected: False cancel

MAX
update: 20210622
version: 2019.9.16.1
detected: False cancel

APEX
result: Malicious
update: 20210622
version: 6.177
detected: True check_circle

Bkav
result: W32.AIDetect.malware1
update: 20210622
version: 1.3.0.9899
detected: True check_circle

K7GW
update: 20210622
version: 11.190.37521
detected: False cancel

ALYac
update: 20210622
version: 1.1.3.1
detected: False cancel

Avast
result: Win32:Trojan-gen
update: 20210622
version: 21.1.5827.0
detected: True check_circle

Avira
result: TR/AD.ZLoader.onxjs
update: 20210622
version: 8.3.3.12
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20210622
version: 4.0.0.27
detected: True check_circle

Cyren
update: 20210622
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20210622
version: 7.0.49.9080
detected: False cancel

GData
update: 20210622
version: A:25.30036B:27.23453
detected: False cancel

Panda
result: Trj/GdSda.A
update: 20210622
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20210622
version: 5.0.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20210622
version: 93484
detected: True check_circle

Zoner
update: 20210621
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20210622
version: 0.103.3.0
detected: False cancel

Comodo
update: 20210622
version: 33645
detected: False cancel

Ikarus
update: 20210622
version: 0.1.5.2
detected: False cancel

McAfee
update: 20210622
version: 6.0.6.653
detected: False cancel

Rising
result: Trojan.Generic@ML.92 (RDMK:wmqPXx3qvjsOeIYNE215xQ)
update: 20210622
version: 25.0.0.26
detected: True check_circle

Sophos
result: ML/PE-A
update: 20210622
version: 1.0.2.0
detected: True check_circle

Yandex
update: 20210622
version: 5.5.2.24
detected: False cancel

Zillya
result: Downloader.Zload.Win32.3
update: 20210622
version: 2.0.0.4392
detected: True check_circle

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20210622
version: 1.0.0.886
detected: False cancel

Cylance
result: Unsafe
update: 20210622
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20210524
version: 4.0.22
detected: True check_circle

FireEye
result: Generic.mg.1976f991ef73e1b3
update: 20210622
version: 32.44.1.0
detected: True check_circle

Sangfor
result: Trojan.Win32.Save.a
update: 20210616
version: 2.9.0.0
detected: True check_circle

TACHYON
update: 20210622
version: 2021-06-22.02
detected: False cancel

Tencent
result: Malware.Win32.Gencirc.113d2252
update: 20210622
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20210622
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Gen
update: 20210622
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20210622
detected: False cancel

Ad-Aware
update: 20210622
version: 3.0.21.179
detected: False cancel

AegisLab
update: 20210622
version: 4.2
detected: False cancel

Emsisoft
update: 20210622
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20210622
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20210622
version: 6.2.142.0
detected: False cancel

Jiangmin
result: Trojan.Generic.ebjvd
update: 20210621
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20210622
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20210622
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20210622
version: 1.14.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Wacatac.C4064135
update: 20210622
version: 3.20.2.10137
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win32.Zload.y
update: 20210622
version: 21.0.1.45
detected: True check_circle

MaxSecure
result: Trojan.Malware.1728101.susgen
update: 20210622
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Wacatac.B!ml
update: 20210622
version: 1.1.18300.4
detected: True check_circle

Qihoo-360
update: 20210622
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20210622
version: 1.0
detected: False cancel

ESET-NOD32
result: a variant of Win32/Kryptik.HCVM
update: 20210622
version: 23504
detected: True check_circle

Gridinsoft
update: 20210622
version: 1.0.45.138
detected: False cancel

TrendMicro
update: 20210622
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20210622
version: 7.2
detected: False cancel

CrowdStrike
result: win/malicious_confidence_80% (D)
update: 20210203
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20210622
version: 11.190.37522
detected: False cancel

SentinelOne
result: Static AI - Malicious PE
update: 20210518
version: 5.1.0.5
detected: True check_circle

Malwarebytes
update: 20210622
version: 4.2.2.27
detected: False cancel

CAT-QuickHeal
update: 20210621
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Zload.inbjvo
update: 20210622
version: 1.0.146.25311
detected: True check_circle

BitDefenderTheta
update: 20210618
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20210622
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20210619
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20210622
version: v2019.1.2+3728
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R06CH0CA621
update: 20210622
version: 10.0.0.1040
detected: True check_circle

total
68
sha256
a2a2231540a83c68d7bee4eb6dbfbad81ac2993ee698bbe4e9fb71a6d0d2f943
scan_id
a2a2231540a83c68d7bee4eb6dbfbad81ac2993ee698bbe4e9fb71a6d0d2f943-1624385085
resource
1976f991ef73e1b3305fab51d0db41a9
positives
28
scan_date
2021-06-22 18:04:45
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
22/6/2021 - 14:45:42.997Open2088C:\Windows\System32\rundll32.exeC:\Windows\System32\apphelp.dll
22/6/2021 - 14:45:42.997Open2088C:\Windows\System32\rundll32.exeC:\Windows\System32\apphelp.dll
22/6/2021 - 14:45:42.997Open2088C:\Windows\System32\rundll32.exeC:\Windows\AppPatch\sysmain.sdb
22/6/2021 - 14:45:43.59Open2088C:\Windows\System32\rundll32.exeC:\Windows\AppPatch\sysmain.sdb
22/6/2021 - 14:45:43.59Open2088C:\Windows\System32\rundll32.exeC:\Windows\AppPatch\sysmain.sdb
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\Prefetch\RUNDLL32.EXE-CD96C414.pf
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64.dll
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64.dll
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64win.dll
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64win.dll
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64cpu.dll
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64cpu.dll
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64log.dll
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows
22/6/2021 - 14:45:43.106Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Windows
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\sechost.dll
22/6/2021 - 14:45:43.106Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\sechost.dll
22/6/2021 - 14:45:43.184Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\apphelp.dll
22/6/2021 - 14:45:43.184Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\apphelp.dll
22/6/2021 - 14:45:43.184Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\sysmain.sdb
22/6/2021 - 14:45:43.184Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe
22/6/2021 - 14:45:43.309Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\AcLayers.dll
22/6/2021 - 14:45:43.309Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\AcLayers.dll
22/6/2021 - 14:45:43.309Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\AcLayers.dll
22/6/2021 - 14:45:43.543Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\winspool.drv
22/6/2021 - 14:45:43.543Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\winspool.drv
22/6/2021 - 14:45:43.793Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\mpr.dll
22/6/2021 - 14:45:43.793Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\mpr.dll
22/6/2021 - 14:45:44.215Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\acwow64.dll
22/6/2021 - 14:45:44.215Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\acwow64.dll
22/6/2021 - 14:45:44.215Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\acwow64.dll
22/6/2021 - 14:45:44.465Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\version.dll
22/6/2021 - 14:45:44.465Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\version.dll
22/6/2021 - 14:45:44.637Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
22/6/2021 - 14:45:44.637Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
22/6/2021 - 14:45:44.637Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
22/6/2021 - 14:45:44.637Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
22/6/2021 - 14:45:44.637Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
22/6/2021 - 14:45:44.637Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
22/6/2021 - 14:45:44.637Read2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe
22/6/2021 - 14:45:44.793Read2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe
22/6/2021 - 14:45:44.840Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shell32.dll
22/6/2021 - 14:45:44.840Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shell32.dll.manifest
22/6/2021 - 14:45:44.840Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shell32.dll
22/6/2021 - 14:45:44.840Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shell32.dll.123.Manifest
22/6/2021 - 14:45:44.840Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shell32.dll
22/6/2021 - 14:45:44.840Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\uxtheme.dll
22/6/2021 - 14:45:44.840Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\uxtheme.dll
22/6/2021 - 14:45:44.934Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\dwmapi.dll
22/6/2021 - 14:45:44.934Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\dwmapi.dll
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rpcss.dll
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rpcss.dll
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe.manifest
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe.123.Manifest
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe.124.Manifest
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe.2.Manifest
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\sysmain.sdb
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor\Malware
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor\Malware
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor\Malware
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor\Malware
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor\Malware
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor\Malware
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Read2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.28Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\ui\SwDRM.dll
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.43Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.43Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.43Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\malware.exe
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\oleacc.dll
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\oleacc.dll
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\oleaccrc.dll
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\oleaccrc.dll
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
22/6/2021 - 14:45:45.43Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-1.DLL
22/6/2021 - 14:48:12.700Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shell32.dll
22/6/2021 - 14:48:12.700Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe.Local
22/6/2021 - 14:48:12.700Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/6/2021 - 14:48:12.700Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/6/2021 - 14:48:12.700Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/6/2021 - 14:48:12.700Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/6/2021 - 14:48:12.700Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/6/2021 - 14:48:12.700Open2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\WindowsShell.Manifest
22/6/2021 - 14:48:12.700Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
22/6/2021 - 14:48:12.715Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Windows
22/6/2021 - 14:48:12.715Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Monitor
22/6/2021 - 14:48:12.715Unknown2196C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/6/2021 - 14:48:12.715Unknown2088C:\Windows\System32\rundll32.exeC:\Monitor

Process
Trace
22/6/2021 - 14:45:42.997Create2088C:\Windows\System32\rundll32.exe2196C:\Windows\SysWOW64\rundll32.exe
22/6/2021 - 14:48:12.715Terminate2088C:\Windows\System32\rundll32.exe2196C:\Windows\SysWOW64\rundll32.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel