Report #1421 cancel

  • Creation Date: Nov. 16, 2019, 11:21 p.m.
  • Last Update: Nov. 17, 2019, 10 a.m.
  • File: NFe_20574894985.exe
  • Results:
Binary
DLL
False cancel
Size
4.95MB
trid
61.6% InstallShield setup
20.3% Win32 Executable Delphi generic
6.4% Win32 Executable
2.9% Win16/32 Executable Delphi generic
2.9% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
ed55bd5f86cc5572e70de2c4ce131a58
sha1
aebc75c549418eda875187cc749c30105a90f1bc
crc32
0x66274bc9
sha224
bea35a28b284874b82bed5de10b0bcbd6af9649f364e704ef6afb2af
sha256
e998bb97b29662c760eb9198d05c4c85a2bae474336d5b985e72a44a28b11233
sha384
9b27fd2ad95a62480e823544c9999262bf335991a04817ef4e05e6941eb797f6e2dc59742a6df36aa3800c8c9816c7ea
sha512
9e61ca65481152cbb4ddab1e6a917a06e3e1435aebde111672450da7b9f945e36b21c5ab90c70ef02e6b21ac7a5402e2d6a6c43e5e8f4303100e62fe673f90c8
ssdeep
98304:gxyKnlW/sAOGA1zyZehckrFIpOpQAEEJtAtP:gEdkGvZeGkrFuF
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
domain, Borland, IP, Delphi_DecodeDate, borland_delphi, Delphi_FormShow, Delphi_CompareCall, win_files_operation, IsPE32, contentis_base64, screenshot, win_hook, win_mutex, keylogger, Delphi_Random, IsWindowsGUI, Delphi_Copy, HasDigitalSignature, url, win_registry, HasOverlay, Delphi_StrToInt, Big_Numbers0

Suspicious
True check_circle

Strings
List
%http://s.symcb.com/universal-root.crl0
http://sv.symcb.com/sv.crt0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/rpa0
https://d.symcb.com/cps0%
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
http://s1.symcb.com/pca3-g5.crl0
c:\program files (x86)\borland\delphi7\Lib\ADVXPVS.pas
c:\program files (x86)\borland\delphi7\Lib\BtnXPVS.pas
t.Ht
CaptionFont.Style
DataFont.Style
CaptionFont.Name
DataFont.Name
LabelFont.Name
LabelFont.Name
Font.Style
Font.Name
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
Font.Style
LabelFont.Style
LabelFont.Style
NotesFont.Name
NotesFont.Name
NotesFont.Style
NotesFont.Style
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
HeaderSettings.Font.Name
HeaderSettings.Font.Name
HeaderSettings.Font.Style
HeaderSettings.Font.Style
http://www.symauth.com/rpa00
http://www.symauth.com/cps0(
%s.Seek not implemented$Operation not allowed on sorted list Too many rows or columns deleted$%s not in a class registration group
h.gD
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
1.0.0.1
1.2.0.1
1.0.0.1
1.2.1.0
http://sv.symcd.com0&
http://s2.symcb.com0
h.KM
http://s.symcd.com06
1.3.1.2
P.rsrc
SOFTWARE\Borland\Delphi\RTL
Delphi%.8X
Software\Borland\Locales
Software\Borland\Delphi\Locales
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
Software\Borland\Database Engine
version.dll
uxtheme.dll
vcltest3.dll
1.4.0.0
4.2.2.0
1.6.0.0
1.4.7.0
1.4.0.1
1.6.0.0
1.6.0.0
1.4.0.1
1.4.7.0
1.6.0.0
1.6.0.0
1.4.3.0
1.4.7.0
1.4.0.0
http://ts-ocsp.ws.symantec.com0;
OnDeleteError
%s<input type="hidden" name="%s" value="%s">%s
='>.>
&ouml;
&ocirc;
2.0.0.0
&oslash;
&ograve;
&otilde;
Self-
ControlOfs%.8X%.8X
WndProcPtr%.8X%.8X
Cannot connect to database '%s'ZAn error occurred while attempting to initialize the Borland Database Engine (error $%.4x)
fkCalculated
Calculated
P+a=whT
%s.WriteItem(%d)

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed
hasFiles: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4140544
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1047392
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed
hasLibs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: False cancel
Value: 0
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 194
.rsrc: 455

nopsequence
.rsrc: 20

pushpopmath
none: 12
.rsrc: 157
.reloc: 44

ss register
.rsrc: 20

garbagebytes
none: 192
.rsrc: 122

hookdetection
none: 6
.rsrc: 2
.reloc: 6

software breakpoint
none: 4
.rsrc: 33
.reloc: 26

fakeconditionaljumps
.rsrc: 7

programcontrolflowchange
none: 192
.rsrc: 116

cpuinstructionsresultscomparison
none: 33
.rsrc: 94

AVclass
None
1
VirusTotal
md5
ed55bd5f86cc5572e70de2c4ce131a58
sha1
aebc75c549418eda875187cc749c30105a90f1bc
SCANS (DETECTION RATE = 32.86%)
AVG
result: FileRepMalware
update: 20190129
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190129
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=83)
update: 20190129
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190129
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20190129
version: 11.25.29821
detected: False cancel

ALYac
result: Trojan.Crypt.Delf.E
update: 20190129
version: 1.1.1.5
detected: True check_circle

Avast
result: FileRepMalware
update: 20190129
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1014694
update: 20190129
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190129
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190129
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190129
version: 7.0.34.11020
detected: False cancel

GData
result: Trojan.Crypt.Delf.E
update: 20190129
version: A:25.20390B:25.14259
detected: True check_circle

Panda
update: 20190129
version: 4.6.4.2
detected: False cancel

VBA32
result: BScope.Trojan.Hesv
update: 20190129
version: 3.35.1
detected: True check_circle

VIPRE
update: 20190129
version: 72710
detected: False cancel

Zoner
update: 20190128
version: 1.0
detected: False cancel

ClamAV
update: 20190129
version: 0.101.1.0
detected: False cancel

Comodo
update: 20190129
version: 30349
detected: False cancel

F-Prot
update: 20190129
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Zeagle
update: 20190129
version: 0.1.5.2
detected: True check_circle

McAfee
update: 20190129
version: 6.0.6.653
detected: False cancel

Rising
result: Downloader.Shrejh!8.101E5/N3#82% (RDM+:cmRtazo2eCXZSDf2KeEaGrWpFnCx)
update: 20190129
version: 25.0.0.24
detected: True check_circle

Sophos
update: 20190129
version: 4.98.0
detected: False cancel

Yandex
update: 20190129
version: 5.5.1.3
detected: False cancel

Zillya
update: 20190128
version: 2.0.0.3740
detected: False cancel

Acronis
update: 20190128
version: 1.0.1.40
detected: False cancel

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
result: Trojan.Crypt.Delf.E
update: 20190129
version: 1.0.0.837
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20190129
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20181108
version: 3.0.2
detected: False cancel

TACHYON
update: 20190129
version: 2019-01-29.02
detected: False cancel

Tencent
update: 20190129
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190129
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190129
version: 1.0.0.403
detected: False cancel

eGambit
result: PE.Heur.InvalidSig
update: 20190129
version: v4.3.5
detected: True check_circle

Ad-Aware
result: Trojan.Crypt.Delf.E
update: 20190129
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20190129
version: 4.2
detected: False cancel

Emsisoft
result: Trojan.Crypt.Delf.E (B)
update: 20190129
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Trojan.Crypt.Delf.E
update: 20190129
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Injector.ECVW!tr
update: 20190129
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20181128
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190129
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190129
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190129
version: 1.0
detected: False cancel

Symantec
update: 20190129
version: 1.8.0.0
detected: False cancel

Trapmine
update: 20190123
version: 3.1.40.719
detected: False cancel

AhnLab-V3
update: 20190129
version: 3.14.1.22785
detected: False cancel

Antiy-AVL
update: 20190129
version: 3.0.0.1
detected: False cancel

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20190129
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Pynamer.B!ac
update: 20190129
version: 1.1.15600.4
detected: True check_circle

Qihoo-360
update: 20190129
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20190129
version: 6.8.0.5.3988
detected: False cancel

Trustlook
update: 20190129
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190129
version: 1.0
detected: False cancel

Cybereason
result: malicious.f86cc5
update: 20190109
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Injector.BUVZ
update: 20190129
version: 18786
detected: True check_circle

TrendMicro
update: 20190129
version: 10.0.0.1040
detected: False cancel

BitDefender
result: Trojan.Crypt.Delf.E
update: 20190129
version: 7.2
detected: True check_circle

CrowdStrike
update: 20181023
version: 1.0
detected: False cancel

K7AntiVirus
update: 20190129
version: 11.25.29822
detected: False cancel

SentinelOne
update: 20190124
version: 1.0.21.269
detected: False cancel

Avast-Mobile
update: 20190129
version: 190129-00
detected: False cancel

Malwarebytes
update: 20190129
version: 2.1.1.1115
detected: False cancel

CAT-QuickHeal
update: 20190129
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190129
version: 1.0.134.24576
detected: False cancel

MicroWorld-eScan
result: Trojan.Crypt.Delf.E
update: 20190129
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190123
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190129
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R020H0CAT19
update: 20190129
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
e998bb97b29662c760eb9198d05c4c85a2bae474336d5b985e72a44a28b11233
scan_id
e998bb97b29662c760eb9198d05c4c85a2bae474336d5b985e72a44a28b11233-1548784424
resource
ed55bd5f86cc5572e70de2c4ce131a58
positives
23
scan_date
2019-01-29 17:53:44
verbose_msg
Scan finished, information embedded
response_code
1
Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 54.02%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 92.87%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 57.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 90.86%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 98.98%
suspicious: False cancel