Report #1406 check_circle

  • Creation Date: Nov. 16, 2019, 11:18 p.m.
  • Last Update: Nov. 17, 2019, 11:39 a.m.
  • File: msvcr120.dll
  • Results:
Binary
DLL
True check_circle
Size
948.16KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
034ccadc1c073e4216e9466b720f9849
sha1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
crc32
0xae33ca0b
sha224
2609bdab59800115f65d8826fe3fe52398c80c5b8db0ebb52ec95a78
sha256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
sha384
ee0492237bab80e6d265f6844e392a5d88b34b0863cfcca1c9ff9c85618bf01e46b3d3963d4524037f1b66b67d8c151e
sha512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7
ssdeep
12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
IsDLL, domain, DebuggerException__SetConsoleCtrl, Check_OutputDebugStringA_iat, HasDigitalSignature, Borland_Delphi_DLL, HasDebugData, Borland_Delphi_v40_v50, HasRichSignature, win_files_operation, Borland_Delphi_30_, contentis_base64, Microsoft_Visual_Cpp_v50v60_MFC, HasOverlay, url, Misc_Suspicious_Strings, Borland_Delphi_30_additional, IsPE32, Borland_Delphi_v30, IsWindowsGUI, anti_dbg

Suspicious
True check_circle

Strings
List
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
3http://www.microsoft.com/pkiops/docs/primarycps.htm0@
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
Ehttp://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
Chttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
msvcr120.i386.pdb
cmd.exe
cmd.exe
http://microsoft.com0
http://microsoft.com0
MSVCR120.dll
msvcr120.dll
msvcr120.dll
_get_printf_count_output
_set_printf_count_output
fr-be
fr-ca
fr-ch
_Cbuild
_FCbuild
_LCbuild
_get_unexpected
No such process
Lock already taken
SystemRoot
SystemRoot
No such device or address
Result too large
No such device
Too many links
Too many open files
signed
Too many open files in system
Resource device
Operation not permitted
[thunk]:
mscoree.dll
12.00.21005.1 built by: REL
_memicmp_l
_memicmp
_mbsicmp_l
_wcsicmp_l
_mbsnicmp_l
_wcsnicmp_l
_strnicmp_l
_mbsnicmp
_strnicmp
_wcsnicmp
?GetProcessorCount@Concurrency@@YAIXZ
_mbsnbicmp_l
_mbsnbicmp
_wexecle
_mbsicmp
_wcsicmp
_wexecvpe
_wexeclpe
_wexecvp
_wexeclp
_execvpe
_wexecve
_execlpe
_crt_debugger_hook
__crtSleep
_stricmp_l
_flushall
_stricmp
__p__acmdln
_execle
_execlp
_wexecl
_fflush_nolock
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QBE_NXZ
_sleep
- abort() has been called
IsProcessorFeaturePresent
pExecutionResource
_acmdln
__p__wcmdln
GetProcAddress
COMSPEC
COMSPEC
ExitProcess
ppVirtualProcessorRoots
pThreadProxy
Assertion failed: %s, file %s, line %d
Assertion failed: %s, file %s, line %d
CreateEventW

Foremost
Matches
0.dll, 932 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://www.microsoft.com/pki/certs/microoceraut_2010-06-23.crt0, http://crl.microsoft.com/pki/crl/products/microoceraut_2010-06-23.crl0z, http://www.microsoft.com/pkiops/docs/primarycps.htm0@, http://crl.microsoft.com/pki/crl/products/microsofttimestamppca.crl0x, http://microsoft.com0, http://www.microsoft.com/pki/certs/microoceraut2011_2011_03_22.crt0, http://www.microsoft.com/pkiops/certs/miccodsigpca2011_2011-07-08.crt0, http://crl.microsoft.com/pki/crl/products/miccodsigpca_08-31-2010.crl0z, http://crl.microsoft.com/pki/crl/products/microoceraut2011_2011_03_22.crl0, http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0t, http://www.microsoft.com/pki/certs/miccodsigpca_08-31-2010.crt0, http://www.microsoft.com/pki/certs/microsofttimestamppca.crt0, http://www.microsoft.com/pki/certs/mictimstapca_2010-07-01.crt0, http://crl.microsoft.com/pki/crl/products/mictimstapca_2010-07-01.crl0z, http://www.microsoft.com/pki/docs/cps/default.htm0@, http://www.microsoft.com/pki/certs/microsoftrootcert.crt0, http://www.microsoft.com/pkiops/crl/miccodsigpca2011_2011-07-08.crl0a
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: ADVAPI32.DLL, mscoree.dll, USER32.DLL, kernel32.dll, msvcr120.dll, combase.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 56320
Suspicious: False cancel
Image
Address: 268435456
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1028896
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 6
Linker
Version: 12.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 72260
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: advapi32.dll, mscoree.dll, user32.dll, kernel32.dll, msvcr120.dll, combase.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2013-10-04 23:43:50
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???)

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
None
1
VirusTotal
md5
034ccadc1c073e4216e9466b720f9849
sha1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20191116
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20191117
version: 2019.9.16.1
detected: False cancel

APEX
update: 20191116
version: 5.86
detected: False cancel

Bkav
update: 20191116
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20191116
version: 11.78.32577
detected: False cancel

ALYac
update: 20191116
version: 1.1.1.5
detected: False cancel

Avast
update: 20191116
version: 18.4.3895.0
detected: False cancel

Avira
update: 20191116
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20191116
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20191116
version: 7.0.41.7240
detected: False cancel

GData
update: 20191116
version: A:25.24005B:26.16674
detected: False cancel

Panda
update: 20191116
version: 4.6.4.2
detected: False cancel

VBA32
update: 20191116
version: 4.2.0
detected: False cancel

VIPRE
update: 20191116
version: 79378
detected: False cancel

Zoner
update: 20191116
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20191116
version: 0.102.0.0
detected: False cancel

Comodo
update: 20191116
version: 31730
detected: False cancel

F-Prot
update: 20191116
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20191116
version: 0.1.5.2
detected: False cancel

McAfee
update: 20191113
version: 6.0.6.653
detected: False cancel

Rising
update: 20191116
version: 25.0.0.24
detected: False cancel

Sophos
update: 20191116
version: 4.98.0
detected: False cancel

Yandex
update: 20191114
version: 5.5.2.24
detected: False cancel

Zillya
update: 20191115
version: 2.0.0.3952
detected: False cancel

Acronis
update: 20191113
version: 1.1.1.58
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20191116
version: 1.0.0.861
detected: False cancel

Cylance
update: 20191117
version: 2.3.1.101
detected: False cancel

Endgame
update: 20190918
version: 3.0.15
detected: False cancel

FireEye
update: 20191116
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20191116
version: 2019-11-16.02
detected: False cancel

Tencent
update: 20191117
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20191116
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20191117
version: 1.0.0.403
detected: False cancel

Ad-Aware
update: 20191117
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20191116
version: 4.2
detected: False cancel

Emsisoft
update: 20191031
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20191116
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20191116
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190904
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20191116
version: 16.0.100
detected: False cancel

Kingsoft
update: 20191117
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20191117
version: 1.0
detected: False cancel

Symantec
update: 20191116
version: 1.11.0.0
detected: False cancel

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
update: 20191116
version: 3.16.4.25692
detected: False cancel

Antiy-AVL
update: 20191116
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20191116
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20191116
version: 1.1.16500.1
detected: False cancel

Qihoo-360
update: 20191117
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20191116
version: 1.0
detected: False cancel

ESET-NOD32
update: 20191116
version: 20360
detected: False cancel

TrendMicro
update: 20191116
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20191116
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20191116
version: 11.78.32577
detected: False cancel

SentinelOne
update: 20191115
version: 1.0.31.33
detected: False cancel

Avast-Mobile
update: 20191115
version: 191114-10
detected: False cancel

Malwarebytes
update: 20191116
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20191116
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20191116
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20191116
version: 1.0.134.24859
detected: False cancel

BitDefenderTheta
update: 20191113
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20191117
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20191115
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20191116
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20191116
version: 10.0.0.1040
detected: False cancel

total
69
sha256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
scan_id
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f-1573950346
resource
034ccadc1c073e4216e9466b720f9849
positives
0
scan_date
2019-11-17 00:25:46
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Machine Crashed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 93.45%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.33%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 90.50%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 35.13%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download