Report #12960 check_circle

  • Creation Date: Aug. 19, 2021, 10:23 p.m.
  • Last Update: Aug. 19, 2021, 10:27 p.m.
  • File: 001
  • Results:
Binary
DLL
False cancel
Size
519.00KB
trid
64.5% Win32 Executable MS Visual C++
13.6% Win32 Dynamic Link Library
9.3% Win32 Executable
4.1% OS/2 Executable
4.1% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
f9d60a6f9602d8bc8826f71c4b2a5a09
sha1
ed780dde21421bc2b195c411015ac4c36ee42dbe
crc32
0x6a9f21d6
sha224
839ef1fb50308796c6e48d6b9ec9ad83508b5aab5545ad334d4ecbf8
sha256
dd3f4329365ca4f289bcaf6acdf96919271500ea44e5513519cc53b079df8762
sha384
1e2d4837d4670c55717aac6bb559f079fb0dc31d0f3ad2b9da258d99d2b1a4bfa1a505e64a76987ba0e6a2bd7982e9f9
sha512
564b5c3d16ca082bfb0ae9d50423f0501f072657ed0d518a98fa92cd5ae5156a687cb4c124094a7f11d20c21adefca6a7e55bb97e8096c901d9efeaaf85512f7
ssdeep
6144:dIxV/YjqzJg+RHV6N/L6yPzFwP3NCEA4L7DMMR0nd+Z0fQBu6MTyGlePFKjrSO5:dIPYjq1TR16ZDx78HDFyd+yoP+lePFy
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, DebuggerException__SetConsoleCtrl, anti_dbg, IP, HasDebugData, ThreadControl__Context, HasRichSignature, win_mutex, Microsoft_Visual_Cpp_8, contentis_base64, IsPacked, TEAN, win_files_operation, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Imports
USER32.dll
GetComboBoxInfo
ADVAPI32.dll
ClearEventLogW
KERNEL32.dll
WriteConsoleW, GetSystemPowerStatus, DeleteVolumeMountPointW, GetDefaultCommConfigW, CreateMutexW, GetStdHandle, InterlockedDecrement, SetSystemTimeAdjustment, FileTimeToSystemTime, GetNamedPipeHandleStateW, CallNamedPipeW, EnumResourceNamesW, BuildCommDCBAndTimeoutsA, EnterCriticalSection, DebugSetProcessKillOnExit, EnumTimeFormatsW, TlsSetValue, GetACP, WriteFile, GetCurrentActCtx, ReleaseActCtx, AddRefActCtx, GetHandleInformation, OpenFile, VerifyVersionInfoA, GetVersionExA, FreeLibrary, LoadLibraryExW, GetComputerNameA, CommConfigDialogA, VirtualProtect, GetProcessPriorityBoost, LoadLibraryW, GlobalAlloc, SetEndOfFile, CancelWaitableTimer, GetCurrentDirectoryW, VirtualFree, GetCommMask, HeapFree, RaiseException, GetBinaryTypeA, GlobalSize, SetConsoleMode, GetLargestConsoleWindowSize, WriteConsoleInputW, OpenMutexW, SetThreadContext, AddAtomW, FindVolumeMountPointClose, GetSystemTime, GetCommandLineA, SetLocalTime, GetSystemTimeAsFileTime, DisconnectNamedPipe, SetConsoleCursorInfo, TerminateProcess, GetFileAttributesW, GetLastError, lstrlenA, CompareStringW, CompareStringA, lstrcpyA, CreateJobObjectW, RtlUnwind, GetStartupInfoA, HeapAlloc, LeaveCriticalSection, SetHandleCount, GetFileType, DeleteCriticalSection, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetProcAddress, GetModuleHandleA, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, GetCurrentThread, Sleep, ExitProcess, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapCreate, HeapDestroy, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, FatalAppExitA, VirtualAlloc, HeapReAlloc, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetOEMCP, IsValidCodePage, MultiByteToWideChar, HeapSize, SetConsoleCtrlHandler, InterlockedExchange, LoadLibraryA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, ReadFile, SetFilePointer, GetLocaleInfoW, CloseHandle, WriteConsoleA, GetConsoleOutputCP, SetStdHandle, GetTimeZoneInformation, CreateFileA, SetEnvironmentVariableA
Strings
List
t.Ht
C:\mafipuxo_fovosizecozidabo dakoc.pdb
e.Na
2.RO
tmp_2125291370\bin\nisifem.pdb
t.Sk
gm.pk
1.0.2.18
1.sz
1.6.28.29
&ohd
EDg|d
{$4?[%%
i0[%o
%i7o-
,%E{[5
ty<%tA
o~R%cF
fDrw
KD%nE
signed
[thunk]:
mscoree.dll
GetProcAddress
ExitProcess
IsDebuggerPresent
TerminateProcess
cointerface
VirtualAlloc
VirtualProtect
SetFilePointer
LoadLibraryW
CreateFileA
FreeLibrary
GetModuleHandleA
LoadLibraryA
CreateMutexW
QueryPerformanceCounter
HeapCreate
GetModuleFileNameA
GetModuleHandleW
WriteFile
LoadLibraryExW
2EAB
LC_CTYPE
ReadFile
e9Cf
LC_COLLATE
LC_MONETARY
LC_NUMERIC
`template static data member destructor helper'
`template static data member constructor helper'
SetThreadContext
GetTickCount
LC_TIME
Sleep
GetConsoleOutputCP
GetCPInfo
.?AVbad_cast@std@@
%2^%
IK8d3tM#
{/i#fl1~EbL
teHtFHt&Hu
`oWEet'4H
protected:
0IT)-IH
~yIzAIr:}
%"pISI`K
`anonymous namespace'
tM<it-<ot)<ut%<xt!<Xt
pr-china
private:
GAIsProcessorFeaturePresent
UisRGKK;
RcO2U@&
english-usa
german-swiss
template-parameter-
`template-parameter
mD|gEw_]#'
`vtordispex{
italian-swiss
united-states
AiMuo\7
`vtordisp{
]gLf5I_
utF8=;N
Ro&sMChP
american-english
french-canadian
english-american
`non-type-template-parameter
AV%wPwL=,
:Jd%NDKOs$&
|mo<)ymFn
cli::pin_ptr<
`adjustor{
^|dwclI*
<ellipsis>
generic-type-

Foremost
Matches
0.exe, 519 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.6.28.29, 0, Unknown, 1.0.2.18, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, mscoree.dll, ADVAPI32.dll, USER32.DLL
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4533248
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 553694
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 9.0
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 21606
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, mscoree.dll, advapi32.dll, user32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-11-23 10:13:38
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 147
.rsrc: 1
.text: 3

pushpopmath
.data: 96
.text: 9
.rdata: 9

ss register
.data: 3

garbagebytes
.data: 56
.rsrc: 1
.text: 2

hookdetection
.data: 8
.text: 2

stealthimport
.text: 1

software breakpoint
.data: 7
.rsrc: 1

fakeconditionaljumps
.data: 5

programcontrolflowchange
.data: 52
.rsrc: 1
.text: 2

cpuinstructionsresultscomparison
.rsrc: 1

AVclass
stellarstealer
1
VirusTotal
md5
f9d60a6f9602d8bc8826f71c4b2a5a09
sha1
ed780dde21421bc2b195c411015ac4c36ee42dbe
SCANS (DETECTION RATE = 82.46%)
AVG
result: Win32:DropperX-gen [Drp]
update: 20210813
version: 21.1.5827.0
detected: True check_circle

CMC
update: 20210812
version: 2.10.2019.1
detected: False cancel

MAX
result: malware (ai score=80)
update: 20210813
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20210813
version: 6.197
detected: True check_circle

Bkav
result: W32.AIDetect.malware1
update: 20210813
version: 1.3.0.9899
detected: True check_circle

K7GW
result: Riskware ( 0040eff71 )
update: 20210813
version: 11.204.37984
detected: True check_circle

ALYac
result: Trojan.GenericKD.36723230
update: 20210813
version: 1.1.3.1
detected: True check_circle

Avast
result: Win32:DropperX-gen [Drp]
update: 20210813
version: 21.1.5827.0
detected: True check_circle

Avira
result: TR/AD.StellarStealer.nclqo
update: 20210813
version: 8.3.3.12
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20210813
version: 4.0.0.27
detected: True check_circle

Cyren
result: W32/Kryptik.DWF.gen!Eldorado
update: 20210813
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen13.11948
update: 20210813
version: 7.0.49.9080
detected: True check_circle

GData
result: Trojan.GenericKD.36723230
update: 20210813
version: A:25.30567B:27.24072
detected: True check_circle

Panda
result: Trj/Genetic.gen
update: 20210812
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanPSW.Convagent
update: 20210812
version: 5.0.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20210813
version: 94710
detected: True check_circle

Zoner
update: 20210813
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Packed.Generic-9853074-1
update: 20210813
version: 0.103.3.0
detected: True check_circle

Comodo
result: Malware@#3moxaglzpvwz4
update: 20210813
version: 33798
detected: True check_circle

Lionic
result: Trojan.Win32.Agent.4!c
update: 20210813
version: 4.2
detected: True check_circle

Rising
result: Trojan.Kryptik!1.D4E6 (CLASSIC)
update: 20210813
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/Generic-S + Mal/GandCrypt-B
update: 20210813
version: 1.3.0.0
detected: True check_circle

Yandex
result: Trojan.Agent!i8+RFGq/rAs
update: 20210813
version: 5.5.2.24
detected: True check_circle

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
result: Trojan:Win32/Glupteba.7077f415
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2305A1E
update: 20210813
version: 1.0.0.886
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20210805
version: 4.0.27
detected: True check_circle

TACHYON
update: 20210813
version: 2021-08-13.02
detected: False cancel

Tencent
update: 20210813
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20210813
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210813
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_98%
update: 20210813
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.36723230
update: 20210813
version: 3.0.21.179
detected: True check_circle

Fortinet
result: W32/Kryptik.HKMB!tr
update: 20210813
version: 6.2.142.0
detected: True check_circle

Jiangmin
result: Trojan.Agent.dgic
update: 20210813
version: 16.0.100
detected: True check_circle

Kingsoft
result: Win32.Troj.Undef.(kcloud)
update: 20210813
version: 2017.9.26.565
detected: True check_circle

Paloalto
result: generic.ml
update: 20210813
version: 1.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win.SmokeLoader.R416213
update: 20210813
version: 3.20.4.10148
detected: True check_circle

MaxSecure
result: Trojan.Malware.120229267.susgen
update: 20210813
version: 1.0.0.1
detected: True check_circle

Qihoo-360
result: Win32/Trojan.Generic.HwoCo2MA
update: 20210813
version: 1.0.0.1300
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Agent.gen
update: 20210813
version: 1.0
detected: True check_circle

Cybereason
result: malicious.e21421
update: 20210330
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Kryptik.HKNI
update: 20210813
version: 23786
detected: True check_circle

Gridinsoft
result: Trojan.Win32.Agent.oa!s1
update: 20210813
version: 1.0.51.144
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DDK21
update: 20210813
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.36723230
update: 20210813
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20210203
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20210813
version: 11.204.37983
detected: True check_circle

SentinelOne
result: Static AI - Malicious PE
update: 20210805
version: 6.1.0.4
detected: True check_circle

Malwarebytes
result: Trojan.MalPack.GS
update: 20210813
version: 4.2.2.27
detected: True check_circle

CAT-QuickHeal
update: 20210813
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.StellarStealer.iulxwt
update: 20210813
version: 1.0.146.25311
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZexaF.34058.GqW@aKsQF8pG
update: 20210803
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.36723230
update: 20210813
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20210807
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: Backdoor.Win32.GLUPTEBA.SMTH.hp
update: 20210813
version: 10.0.0.1040
detected: True check_circle

total
57
sha256
dd3f4329365ca4f289bcaf6acdf96919271500ea44e5513519cc53b079df8762
scan_id
dd3f4329365ca4f289bcaf6acdf96919271500ea44e5513519cc53b079df8762-1628847065
resource
f9d60a6f9602d8bc8826f71c4b2a5a09
positives
47
scan_date
2021-08-13 09:31:05
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/8/2021 - 21:45:50.106Open2692C:\malware.exeC:\ktmw32.dll
19/8/2021 - 21:45:50.106Open2692C:\malware.exeC:\Windows\SysWOW64\ktmw32.dll
19/8/2021 - 21:45:50.106Open2692C:\malware.exeC:\Windows\SysWOW64\ktmw32.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\bcrypt.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\WINHTTP.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\webio.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\malware.exe.Local
19/8/2021 - 21:45:50.340Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/8/2021 - 21:45:50.387Unknown2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/8/2021 - 21:45:50.387Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/8/2021 - 21:45:50.387Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/8/2021 - 21:45:50.434Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/8/2021 - 21:45:50.434Open2692C:\malware.exeC:\msvcr100.dll
19/8/2021 - 21:45:50.434Open2692C:\malware.exeC:\Windows\SysWOW64\msvcr100.dll
19/8/2021 - 21:45:50.434Open2692C:\malware.exeC:\Windows\system\msvcr100.dll
19/8/2021 - 21:45:50.434Open2692C:\malware.exeC:\Windows\msvcr100.dll
19/8/2021 - 21:45:50.434Open2692C:\malware.exeC:\Monitor\msvcr100.dll
19/8/2021 - 21:45:50.434Open2692C:\malware.exeC:\Windows\SysWOW64\msvcr100.dll
19/8/2021 - 21:45:50.434Open2692C:\malware.exeC:\Windows\msvcr100.dll
19/8/2021 - 21:45:50.434Open2692C:\malware.exeC:\Windows\SysWOW64\wbem\msvcr100.dll
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\msvcr100.dll
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-1.DLL
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-1.DLL
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-localization-obsolete-l1-2-0.DLL
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/8/2021 - 21:45:50.481Open2692C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/8/2021 - 21:45:50.528Open2692C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/8/2021 - 21:45:50.528Unknown2692C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\cryptsp.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\credssp.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\credssp.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\credssp.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\DNSAPI.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/8/2021 - 21:45:50.575Open2692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/8/2021 - 21:45:50.684Open2692C:\malware.exeC:\IPHLPAPI.DLL
19/8/2021 - 21:45:50.684Open2692C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/8/2021 - 21:45:50.684Open2692C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/8/2021 - 21:45:50.684Open2692C:\malware.exeC:\WINNSI.DLL
19/8/2021 - 21:45:50.684Open2692C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
19/8/2021 - 21:45:50.684Open2692C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
19/8/2021 - 21:45:50.731Open2692C:\malware.exeC:\rasadhlp.dll
19/8/2021 - 21:45:50.731Open2692C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
19/8/2021 - 21:45:50.731Open2692C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
19/8/2021 - 21:45:51.43Open2692C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/8/2021 - 21:45:51.43Open2692C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/8/2021 - 21:45:51.356Open2692C:\malware.exeC:\Windows\SysWOW64\schannel.dll
19/8/2021 - 21:45:51.356Open2692C:\malware.exeC:\Windows\SysWOW64\schannel.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\secur32.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\ncrypt.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
19/8/2021 - 21:45:51.840Unknown2692C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
19/8/2021 - 21:45:51.840Unknown2692C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
19/8/2021 - 21:45:51.840Unknown2692C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
19/8/2021 - 21:45:51.840Unknown2692C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/8/2021 - 21:45:51.840Open2692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/8/2021 - 21:45:51.856Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/8/2021 - 21:45:51.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/8/2021 - 21:45:51.856Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/8/2021 - 21:45:51.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/8/2021 - 21:45:51.856Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/8/2021 - 21:45:51.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/8/2021 - 21:45:51.856Open2692C:\malware.exeC:\GPAPI.dll
19/8/2021 - 21:45:51.856Open2692C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
19/8/2021 - 21:45:51.856Open2692C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/8/2021 - 21:45:51.965Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/8/2021 - 21:45:51.965Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/8/2021 - 21:45:51.965Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\CRYPTSP.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\cryptnet.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:51.965Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:51.965Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\SensApi.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
19/8/2021 - 21:45:51.965Open2692C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
19/8/2021 - 21:45:52.75Open2692C:\malware.exeC:\dhcpcsvc6.DLL
19/8/2021 - 21:45:52.75Open2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
19/8/2021 - 21:45:52.75Unknown2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
19/8/2021 - 21:45:52.75Open2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
19/8/2021 - 21:45:52.75Unknown2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
19/8/2021 - 21:45:52.122Open2692C:\malware.exeC:\dhcpcsvc.DLL
19/8/2021 - 21:45:52.122Open2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
19/8/2021 - 21:45:52.122Open2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
19/8/2021 - 21:45:52.215Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:52.215Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:52.215Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:52.215Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:52.215Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:52.856Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/8/2021 - 21:45:52.856Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/8/2021 - 21:45:52.856Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/8/2021 - 21:45:52.856Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/8/2021 - 21:45:52.856Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/8/2021 - 21:45:52.856Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
19/8/2021 - 21:45:52.856Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/8/2021 - 21:45:51.840Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/8/2021 - 21:45:51.840Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/8/2021 - 21:45:51.840Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/8/2021 - 21:45:51.840Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/8/2021 - 21:45:51.840Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/8/2021 - 21:45:58.762Delete2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
19/8/2021 - 21:45:58.762Write2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
19/8/2021 - 21:45:58.762Delete2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
19/8/2021 - 21:45:58.762Write2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
19/8/2021 - 21:45:58.762Delete2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
19/8/2021 - 21:45:58.762Write2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
19/8/2021 - 21:45:58.762Delete2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
19/8/2021 - 21:45:58.762Write2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 63.75%
suspicious: True check_circle

NFS 3.0 (Threshold = 0.75)
confidence: 98.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 67.22%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 57.50%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 35.94%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download