Report #5318 check_circle

  • Creation Date: Nov. 21, 2019, 5:42 p.m.
  • Last Update: Nov. 21, 2019, 6:23 p.m.
  • File: 009
  • Results:
Binary
DLL
False cancel
Size
132.00KB
trid
34.2% Win32 Dynamic Link Library
23.4% Win32 Executable
10.7% Win16/32 Executable Delphi generic
10.5% OS/2 Executable
10.4% Generic Win/DOS Executable
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
0e0776034e5e096704cd28cbd40cdaa3
sha1
a0a25395bcb3d5d592c49e5244ea2226801bad03
crc32
0x393e8871
sha224
b1e8093fae87749aea821d7b4ceda00f709a431b9720944782e50523
sha256
186ff276e9a955faecfd2a6d2f13681836dd07a65b16d09cd49446c413a8ef69
sha384
adee14a8f9f4c1e4be005a4227c6901c201b65445a0b27eeeb9779e7299b84d4cc8b42633bb9698c7ad4dfb9d03855ac
sha512
f0118594d11060ea50f3b15d239e66ca9793032c372f56985156b0f4640280663edfc6924dc12504e640a8469d36e270e497fed43d02afe5eb22b71ef5f2c3d6
ssdeep
3072:e1u8LBv/zUg+wxBtYhI97Q55Rt9JjHdanD1bqCD8ORGs:e1vLpUg/i67ut9enDle
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
domain, HasDebugData, contentis_base64, IsPacked, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
lehAh.pdb
O.cx
ESENT.dll
micro.exe
Y^fDS
{]UtI%u
Hint Designer Form:TsFrameAdapter adapter must be placed on the handled frame
major%minor%build%patch%2100 bDlpFQbHOPRVGAKqXWRe 1001101010101000
GetForegroundWindow
SetTimer
9AUG7'S
e#-TyKiV>
*S=G.6e
iS@opS4
2 2$2,2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
]c`sEl0
1 1$1(1,1014181<1@1D1H1L1P1T1\1p1t1x1|1
/eIGkVrc:
Microsoft
~rNO.H,
D$C5HT
Main palette :
Preserved settings :
`lAIv?nP
CompanyName
^FN1O
:Eo<hPw
/M)VReI
ProductName
Decimal -
/(,1#11
7HuM"D
r1Ld-A
update statistics :P
3P,oN
Additional colors :
mGtMvp1O
ilQN?H.
VarFileInfo
FileDescription
OriginalFilename
eachinfiniteGoogleQH
InternalName
EAKpndAmcEAEenaAi
StringFileInfo
FileVersion
R6rpN-m
Translation
Application
023223742392312937 33
@.data
pK1LAd4
aimttLq
aw+[Dg
R/&me
R/&me
R/&me
AiF-)
"orc;
SOA;D
H;RT>s\
Green :
The community
TUmD\A
d+Owa
pyright
Blue :
doB@L
.code
HbIl|
Style :
Arrow length
OSG<l
sHak$
tI]ks
decoder not found error
.ft=L-
everybody used
Define colors
8923745 392044
.dUPkR
Wr(rEM
{rEmVK
Bevel width
carmen logo
Red :
7>"1:
`)Nc.L
HY\-pr
362388 7848 1 992 92782
sliaBi
O1Da
Ict3
iaY2
3inF
PbsWj AND jAw
Sinha
AfOiF
RSDSU
(nl.H

Foremost
Matches
0.exe, 132 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ADVAPI32.dll, ESENT.dll, USER32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 0
Suspicious: True check_circle
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: sijj, .mr, .data, code, .crt, .code, j, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 14.0
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 13200
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match., The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, esent.dll, user32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1995-11-13 21:08:05
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
emotet
1
VirusTotal
md5
0e0776034e5e096704cd28cbd40cdaa3
sha1
a0a25395bcb3d5d592c49e5244ea2226801bad03
SCANS (DETECTION RATE = 89.86%)
AVG
result: Win32:Trojan-gen
update: 20191117
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20191117
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20191116
version: 5.86
detected: True check_circle

K7GW
result: Trojan ( 0053b3091 )
update: 20191117
version: 11.78.32579
detected: True check_circle

ALYac
result: Trojan.Agent.Emotet
update: 20191117
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Trojan-gen
update: 20191117
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.Emotet.zdeun
update: 20191117
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Emotet.JI.gen!Eldorado
update: 20191117
version: 6.2.2.2
detected: True check_circle

DrWeb
result: Trojan.EmotetENT.304
update: 20191117
version: 7.0.41.7240
detected: True check_circle

GData
result: Win32.Trojan-Spy.Emotet.8QV6X9
update: 20191117
version: A:25.24008B:26.16683
detected: True check_circle

Panda
result: Trj/WLT.E
update: 20191117
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.Trojan.Emotet
update: 20191116
version: 4.2.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20191117
version: 79394
detected: True check_circle

Zoner
result: Trojan.Win32.75135
update: 20191116
version: 1.0.0.1
detected: True check_circle

ClamAV
result: Win.Trojan.Emotet-6758463-0
update: 20191117
version: 0.102.0.0
detected: True check_circle

Comodo
result: Malware@#33nzc6n97w6gt
update: 20191117
version: 31733
detected: True check_circle

F-Prot
result: W32/Emotet.JI.gen!Eldorado
update: 20191117
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Win32.Emotet
update: 20191117
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.buk
update: 20191113
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Kryptik!1.B4D6 (KTSE)
update: 20191117
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/EncPk-ANY
update: 20191117
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.PWS.Emotet!
update: 20191114
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Emotet.Win32.7537
update: 20191115
version: 2.0.0.3952
detected: True check_circle

Acronis
result: suspicious
update: 20191113
version: 1.1.1.58
detected: True check_circle

Alibaba
result: Trojan:Win32/Emotet.6504311e
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Autoruns.GenericS.D1DECFF2
update: 20191117
version: 1.0.0.861
detected: True check_circle

Cylance
result: Unsafe
update: 20191117
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190918
version: 3.0.15
detected: True check_circle

FireEye
result: Generic.mg.0e0776034e5e0967
update: 20191117
version: 29.7.0.0
detected: True check_circle

TACHYON
result: Trojan/W32.Emotet.135168.G
update: 20191117
version: 2019-11-17.02
detected: True check_circle

Tencent
update: 20191117
version: 1.0.0.1
detected: False cancel

ViRobot
result: Trojan.Win32.Agent.135168.EW
update: 20191117
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.Emotet
update: 20191117
version: 1.0.0.403
detected: True check_circle

Ad-Aware
result: Trojan.Autoruns.GenericKDS.31379442
update: 20191117
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Emotet.4!c
update: 20191116
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.Emotet (A)
update: 20191031
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.Emotet.zdeun
update: 20191117
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Emotet.BN!tr
update: 20191117
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190904
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Trojan.Banker.Emotet.ecw
update: 20191117
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20191117
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20191117
version: 1.0
detected: False cancel

Symantec
result: Trojan.Emotet
update: 20191116
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20190826
version: 3.1.81.800
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Emotet.R246431
update: 20191117
version: 3.16.4.25692
detected: True check_circle

Antiy-AVL
result: Trojan[Banker]/Win32.Emotet
update: 20191117
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Banker.Win32.Emotet.brjm
update: 20191117
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Emotet.BU!bit
update: 20191117
version: 1.1.16500.1
detected: True check_circle

Qihoo-360
result: HEUR/QVM20.1.63CA.Malware.Gen
update: 20191117
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan-Banker.Win32.Emotet.brjm
update: 20191117
version: 1.0
detected: True check_circle

Cybereason
result: malicious.34e5e0
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: Win32/Emotet.BN
update: 20191117
version: 20361
detected: True check_circle

TrendMicro
result: TSPY_EMOTET.THAABGAH
update: 20191117
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.Autoruns.GenericKDS.31379442
update: 20191117
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0053b3091 )
update: 20191117
version: 11.78.32579
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20191115
version: 1.0.31.33
detected: True check_circle

Avast-Mobile
update: 20191115
version: 191114-10
detected: False cancel

Malwarebytes
result: Trojan.Emotet
update: 20191117
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20191117
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Fuerboos
update: 20191116
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.EmotetENT.fknjto
update: 20191117
version: 1.0.134.24859
detected: True check_circle

BitDefenderTheta
result: Gen:Trojan.Heur2.PPBB.3.0.iG0@b8UnT!kG5c
update: 20191113
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.Autoruns.GenericKDS.31379442
update: 20191117
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
result: Trojan.Agent/Gen-Emotet
update: 20191115
version: 5.6.0.1032
detected: True check_circle

McAfee-GW-Edition
result: BehavesLike.Win32.Emotet.cc
update: 20191117
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TSPY_EMOTET.THAABGAH
update: 20191117
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
186ff276e9a955faecfd2a6d2f13681836dd07a65b16d09cd49446c413a8ef69
scan_id
186ff276e9a955faecfd2a6d2f13681836dd07a65b16d09cd49446c413a8ef69-1573985642
resource
0e0776034e5e096704cd28cbd40cdaa3
permalink
https://www.virustotal.com/file/186ff276e9a955faecfd2a6d2f13681836dd07a65b16d09cd49446c413a8ef69/analysis/1573985642/
positives
62
scan_date
2019-11-17 10:14:02
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/11/2019 - 17:45:43.575Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
21/11/2019 - 17:45:43.575Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/11/2019 - 17:45:43.590Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/11/2019 - 17:45:43.622Open1480C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:43.622Open1480C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:43.622Open1480C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:43.622Unknown1480C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:43.622Unknown1480C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/11/2019 - 17:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\System32\wow64.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\System32\wow64.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\System32\wow64win.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\System32\wow64win.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\System32\wow64log.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows
21/11/2019 - 17:45:43.622Unknown2076C:\malware.exeC:\Windows
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Monitor
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\ESENT.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\esent.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\esent.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/11/2019 - 17:45:43.622Open2076C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/11/2019 - 17:45:43.622Unknown1480C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:43.637Open2076C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
21/11/2019 - 17:45:43.637Open2076C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/11/2019 - 17:45:43.637Unknown2076C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/11/2019 - 17:45:43.637Open2076C:\malware.exeC:\
21/11/2019 - 17:45:43.637Unknown2076C:\malware.exeC:\
21/11/2019 - 17:45:43.637Open2076C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/11/2019 - 17:45:43.637Open2076C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/11/2019 - 17:45:43.653Unknown1480C:\malware.exeC:\Windows
21/11/2019 - 17:45:43.653Unknown1480C:\malware.exeC:\Monitor
21/11/2019 - 17:45:43.731Open2076C:\malware.exeC:\dwmapi.dll
21/11/2019 - 17:45:43.731Open2076C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
21/11/2019 - 17:45:43.731Open2076C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\SysWOW64\bundlebuild.exe
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\Windows
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\malware.exe.Local
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\WindowsShell.Manifest
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows\SysWOW64\dsmcaching.exe
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Monitor
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\Monitor
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Windows
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\Windows
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Monitor
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\Monitor
21/11/2019 - 17:45:49.731Open2076C:\malware.exeC:\Monitor\Malware
21/11/2019 - 17:45:49.731Unknown2076C:\malware.exeC:\Monitor\Malware
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\PROPSYS.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\System32\propsys.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\System32\propsys.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\
21/11/2019 - 17:45:49.747Unknown2076C:\malware.exeC:\
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.747Unknown2076C:\malware.exeC:\malware.exe
21/11/2019 - 17:45:49.747Unknown2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.747Unknown2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\ntmarta.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Monitor\Malware
21/11/2019 - 17:45:49.747Unknown2076C:\malware.exeC:\Monitor\Malware
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.747Unknown2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64\dsmcaching.exe
21/11/2019 - 17:45:49.747Open2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.762Unknown2076C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 17:45:49.762Open2076C:\malware.exeC:\Windows\SysWOW64\dsmcaching.exe:Zone.Identifier
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\CRYPTSP.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\RpcRtRemote.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/11/2019 - 17:45:49.872Unknown2076C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/11/2019 - 17:45:49.872Open2076C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/11/2019 - 17:45:49.872Unknown2076C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/11/2019 - 17:45:49.950Unknown2076C:\malware.exeC:\Windows
21/11/2019 - 17:45:49.950Unknown2076C:\malware.exeC:\Monitor
21/11/2019 - 17:45:49.950Unknown2076C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

Process
Trace
21/11/2019 - 17:45:43.622Create1480C:\malware.exe2076C:\malware.exe
21/11/2019 - 17:45:49.950Terminate1480C:\malware.exe2076C:\malware.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:59829 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:50043 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:49551 code dns.msftncsi.com.

Response
computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255


TCP
Info
computer localhost:65195 arrow_forward 104.136.151.73:80
computer localhost:65200 arrow_forward 105.224.170.204:80
computer localhost:65194 arrow_forward 200.54.111.170:80
computer localhost:65199 arrow_forward 105.224.170.204:80
computer localhost:65191 arrow_forward 186.159.186.156:8080
computer localhost:65192 arrow_forward 186.159.186.156:8080
computer localhost:65197 arrow_forward 66.112.88.78:80
computer localhost:65201 arrow_forward 190.194.71.111:443
computer localhost:65193 arrow_forward 200.54.111.170:80
computer localhost:65198 arrow_forward 66.112.88.78:80
computer localhost:65196 arrow_forward 104.136.151.73:80

UDP
Info
computer localhost:49551 arrow_forward computer localhost:53
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:53 arrow_forward computer localhost:49551
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50043
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:50043 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:59829 arrow_forward computer localhost:53
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 72.50%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.81%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 59.95%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Back
Add to Collection
Download