Report #12703 cancel

  • Creation Date: Aug. 6, 2021, 6:53 p.m.
  • Last Update: Aug. 6, 2021, 8:09 p.m.
  • File: 037
  • Results:
Binary
DLL
False cancel
Size
162.50KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e0059c4ad73116bf0ea29d575ea2c175
sha1
a1316534bb8a3b52ec4f14d8c3172e49f6c5760f
crc32
0x11b2a77f
sha224
c87fa12330deec29b28e03fad2f17f3dc670796f4cb74ee5265fdc44
sha256
fb2e2174a3ec526861932043c1aa5b5e62e3abed0bb73e88e495eab66635e758
sha384
b5e208902e4451537700ce43f356d18d5465dcb2fd61198053ffe775091939b97604cf1d777889e066089be3e58a8c89
sha512
b8a06dd6de28e6d29ebafe58bb6262412add147f01f3d3367dd7da95d083d92656e92a7bfce6a13179dc27b6ee346f5bcf98b0f067be2286a9cc741babd06de4
ssdeep
3072:qCSrRmUaOy/LE6vTgr7kuvO72+wrtmGhoG7MqOKe/l0:qCSrROOSLE8MrbvubwRhHVol
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, contentis_base64, anti_dbg, IP, HasRichSignature, win_mutex, Microsoft_Visual_Cpp_8, HasDebugData, TEAN, win_files_operation, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List


Foremost
Matches
0.exe, 162 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.5.8.29, 0, Unknown, 1.0.2.28, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, mscoree.dll, USER32.DLL
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4215808
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 186996
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 9.0
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 20794
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, mscoree.dll, user32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-02-01 23:00:46
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 1
.text: 18
.rdata: 1

pushpopmath
.text: 4
.rdata: 9

garbagebytes
.text: 11
.rdata: 1

hookdetection
.text: 1

software breakpoint
.text: 1

programcontrolflowchange
.text: 11
.rdata: 1

cpuinstructionsresultscomparison
.rsrc: 12

AVclass
None
1
VirusTotal
md5
e0059c4ad73116bf0ea29d575ea2c175
sha1
a1316534bb8a3b52ec4f14d8c3172e49f6c5760f
SCANS (DETECTION RATE = 65.15%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20210329
version: 21.1.5827.0
detected: True check_circle

CMC
update: 20210327
version: 2.10.2019.1
detected: False cancel

MAX
result: malware (ai score=86)
update: 20210329
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20210328
version: 6.148
detected: True check_circle

Bkav
result: W32.AIDetect.malware1
update: 20210326
version: 1.3.0.9899
detected: True check_circle

K7GW
result: Trojan ( 0057361f1 )
update: 20210329
version: 11.173.36775
detected: True check_circle

ALYac
result: Trojan.GenericKDZ.73787
update: 20210329
version: 1.1.3.1
detected: True check_circle

Avast
result: Win32:PWSX-gen [Trj]
update: 20210329
version: 21.1.5827.0
detected: True check_circle

Avira
result: TR/AD.Nekark.iqwah
update: 20210329
version: 8.3.3.12
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20210329
version: 4.0.0.25
detected: True check_circle

Cyren
update: 20210329
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.DownLoader38.15246
update: 20210329
version: 7.0.49.9080
detected: True check_circle

GData
result: Trojan.GenericKDZ.73787
update: 20210329
version: A:25.29128B:27.22461
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20210328
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20210329
version: 4.4.1
detected: False cancel

VIPRE
update: 20210329
version: 91436
detected: False cancel

Zoner
update: 20210328
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Dropper.Raccoon-9847634-1
update: 20210329
version: 0.103.1.0
detected: True check_circle

Comodo
update: 20210329
version: 33389
detected: False cancel

Lionic
result: Trojan.Win32.Malicious.4!c
update: 20210329
version: 4.2
detected: True check_circle

McAfee
result: Packed-GDK!E0059C4AD731
update: 20210329
version: 6.0.6.653
detected: True check_circle

Rising
result: Malware.Obscure/Heur!1.A89F (CLASSIC)
update: 20210329
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20210329
version: 1.0.2.0
detected: True check_circle

Yandex
update: 20210329
version: 5.5.2.24
detected: False cancel

Zillya
update: 20210329
version: 2.0.0.4326
detected: False cancel

Acronis
result: suspicious
update: 20210211
version: 1.1.1.81
detected: True check_circle

Alibaba
result: Trojan:Win32/Kryptik.6ca4c7f8
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D1203B
update: 20210329
version: 1.0.0.881
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20210217
version: 4.0.17
detected: True check_circle

FireEye
result: Generic.mg.e0059c4ad73116bf
update: 20210329
version: 32.44.1.0
detected: True check_circle

TACHYON
update: 20210329
version: 2021-03-29.02
detected: False cancel

Tencent
update: 20210329
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20210329
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210329
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_85%
update: 20210329
detected: True check_circle

Ad-Aware
result: Trojan.GenericKDZ.73787
update: 20210329
version: 3.0.16.117
detected: True check_circle

Emsisoft
result: Trojan.GenericKDZ.73787 (B)
update: 20210329
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20210329
version: 12.0.86.52
detected: False cancel

Fortinet
result: W32/GenKryptik.FDLM!tr
update: 20210329
version: 6.2.142.0
detected: True check_circle

Jiangmin
update: 20210329
version: 16.0.100
detected: False cancel

Kingsoft
result: Win32.Troj.Undef.(kcloud)
update: 20210329
version: 2017.9.26.565
detected: True check_circle

Paloalto
result: generic.ml
update: 20210329
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20210328
version: 1.14.0.0
detected: True check_circle

AhnLab-V3
result: Ransomware/Win.Generic.R374606
update: 20210329
version: 3.19.7.10132
detected: True check_circle

Antiy-AVL
update: 20210329
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan.Win32.Agent.gen
update: 20210329
version: 21.0.1.45
detected: True check_circle

Microsoft
result: Trojan:Win32/Glupteba!ml
update: 20210329
version: 1.1.17900.7
detected: True check_circle

Qihoo-360
result: Win32/Trojan.Generic.HgIASRoA
update: 20210329
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
update: 20210329
version: 1.0
detected: False cancel

Cybereason
result: malicious.4bb8a3
update: 20210307
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Kryptik.HKDV
update: 20210329
version: 23042
detected: True check_circle

Gridinsoft
update: 20210329
version: 1.0.34.125
detected: False cancel

TrendMicro
update: 20210329
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Trojan.GenericKDZ.73787
update: 20210329
version: 7.2
detected: True check_circle

CrowdStrike
update: 20210203
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan ( 0057361f1 )
update: 20210329
version: 11.173.36776
detected: True check_circle

SentinelOne
result: Static AI - Suspicious PE
update: 20210215
version: 5.0.0.20
detected: True check_circle

Malwarebytes
result: Spyware.RaccoonStealer
update: 20210328
version: 4.2.1.18
detected: True check_circle

CAT-QuickHeal
update: 20210329
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20210329
version: 1.0.146.25265
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZexaF.34654.kqW@aWfmUSoG
update: 20210327
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKDZ.73787
update: 20210329
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20210326
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Emotet.ch
update: 20210329
version: v2019.1.2+3728
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002H09CS21
update: 20210329
version: 10.0.0.1040
detected: True check_circle

total
66
sha256
fb2e2174a3ec526861932043c1aa5b5e62e3abed0bb73e88e495eab66635e758
scan_id
fb2e2174a3ec526861932043c1aa5b5e62e3abed0bb73e88e495eab66635e758-1617025035
resource
e0059c4ad73116bf0ea29d575ea2c175
positives
43
scan_date
2021-03-29 13:37:15
verbose_msg
Scan finished, information embedded
response_code
1
Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 61.88%
suspicious: True check_circle

NFS 3.0 (Threshold = 0.75)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 98.70%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 57.50%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 41.51%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle