Report #5424 check_circle

  • Creation Date: Dec. 21, 2019, 1:32 p.m.
  • Last Update: Dec. 21, 2019, 1:37 p.m.
  • File: UpdateBroker.exe
  • Results:
Binary
DLL
False cancel
Size
97.79KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
6ce3bb70af4b45d999d462a0eea22bdf
sha1
cbd0d13934fdbc405efc2e03c546fda22c2c9a43
crc32
0x5a524507
sha224
2a223f35ac774671c166f9af26d2643c6c9e9a66dbf3aaa916302e1f
sha256
a7c15d3aaa887d6bdfcd1c3b00ae147623ad718a0f5d39a96b1fb62cffd7a8ef
sha384
c7d3b1efbdac0859708f0c970e07a5e39af8b19bfcfaa46dbd1a1c38118fe68d768798274c8c56cf55f353428cb0613d
sha512
a17da73f780a627375d41c66baaf500523be4f04ece3cd026c5cb0ff147dbd20a6aa541ece039257b21ea94b1380f07b92fb27fec890fd76dcdadfaa18ff337d
ssdeep
1536:6xtkV5IdYz4DjfFcGaq/Rs/UPz23yMjJqOsWxcdnPUxVU90+T9t8vFY:aqz4/dNl/RssPz21lq3nPAB+T9+9Y
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, HasDigitalSignature, IP, url, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, HasDebugData, HasOverlay, maldoc_find_kernel32_base_method_1, win_files_operation, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Bhttp://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
http://th.symcb.com/th.crt0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
/http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
/http://crl3.digicert.com/sha2-assured-cs-g1.crl05
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
http://th.symcb.com/th.crl0
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
.http://www.digicert.com/ssl-cps-repository.htm0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.thawte.com/cps0/
#http://crl.thawte.com/ThawtePCA.crl0
!https://www.thawte.com/repository0W
GoogleUpdateBroker_unsigned.pdb
http://th.symcd.com0&
1.3.33.23
1.3.33.23
http://ocsp.digicert.com0A
http://ocsp.digicert.com0O
http://ocsp.digicert.com0C
http://ocsp.digicert.com0C
http://ocsp.digicert.com0C
http://ocsp.digicert.com0N
goopdate.dll
GoogleUpdate.exe
fr-be
fr-ca
fr-ch
operator ""
name="Microsoft.Windows.Common-Controls"
DigiCert Assured ID Root CA0
DigiCert Assured ID Root CA0
DigiCert Assured ID Root CA0
mscoree.dll
<requestedPrivileges>
publicKeyToken="6595b64144ccf1df"
IsProcessorFeaturePresent
GetProcAddress
ExitProcess
SShU
DigiCert Assured ID CA-10
DigiCert Assured ID CA-10
DigiCert Assured ID CA-1
IsDebuggerPresent
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
TerminateProcess
CreateProcessW
GetModuleHandleW
GetModuleFileNameW
FindFirstFileExW
FindNextFileW
WriteFile
LoadLibraryExW
FreeLibrary
CreateFileW
QueryPerformanceCounter
http://ocsp.thawte.com0
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 10 -->
<!-- Windows 8 -->
<!-- Windows 7 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
api-ms-win-security-systemfunctions-l1-1-0
<requestedExecutionLevel level="asInvoker" />
GetCPInfo
fr-CA
fr-CH
fr-LU
GetProcessHeap
version="6.0.0.0"
7A7F7S7_7u7
@advapi32
DigiCert1*0(
DigiCert1%0#
2 2;2B2I2N2S2c2h2m2
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-winrt-l1-1-0
language="*"

Foremost
Matches
0.exe, 84 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.3.33.23, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious: https://www.thawte.com/cps0/, http://crl4.digicert.com/sha2-assured-cs-g1.crl0l, http://th.symcb.com/th.crt0, http://crl.thawte.com/thawtepca.crl0, http://crl4.digicert.com/digicertassuredidca-1.crl0w, http://crl3.digicert.com/sha2-assured-cs-g1.crl05, http://cacerts.digicert.com/digicertassuredidrootca.crt0, http://th.symcb.com/th.crl0, http://crl3.digicert.com/digicertassuredidrootca.crl0:, https://www.thawte.com/repository0w, http://cacerts.digicert.com/digicertsha2assuredidtimestampingca.crt0, http://ocsp.digicert.com0c, http://ocsp.digicert.com0a, http://ocsp.digicert.com0o, http://ocsp.digicert.com0n, http://crl3.digicert.com/digicertassuredidrootca.crl0p, http://ocsp.thawte.com0, http://th.symcd.com0&, http://crl3.digicert.com/sha2-assured-ts.crl02, http://cacerts.digicert.com/digicertsha2assuredidcodesigningca.crt0, http://crl4.digicert.com/sha2-assured-ts.crl0, http://crl4.digicert.com/digicertassuredidrootca.crl0, http://cacerts.digicert.com/digicertassuredidca-1.crt0, http://crl4.digicert.com/digicertassuredidrootca.crl0:, http://crl3.digicert.com/digicertassuredidrootca.crl0o, https://www.digicert.com/cps0, http://www.digicert.com/ssl-cps-repository.htm0, http://crl3.digicert.com/digicertassuredidca-1.crl08
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll, goopdate.dll, kernel32.dll, SHLWAPI.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 45056
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 128307
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .gfids, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 14.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5222
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: mscoree.dll, kernel32.dll, shlwapi.dll
hasLibs: True check_circle
Suspicious: goopdate.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-12-05 00:07:16
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 1

pushret
.rdata: 2

pushpopmath
.rsrc: 2
.rdata: 2
.reloc: 5

sizeofimage
.text: 1

garbagebytes
.rdata: 1

peb ntglobalflag
.text: 1

software breakpoint
.reloc: 1

programcontrolflowchange
.rdata: 1

cpuinstructionsresultscomparison
.rsrc: 2
.rdata: 1

AVclass
None
1
VirusTotal
md5
6ce3bb70af4b45d999d462a0eea22bdf
sha1
cbd0d13934fdbc405efc2e03c546fda22c2c9a43
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20190919
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20190919
version: 2019.9.16.1
detected: False cancel

APEX
update: 20190918
version: 5.64
detected: False cancel

Bkav
update: 20190919
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190912
version: 11.66.31997
detected: False cancel

ALYac
update: 20190919
version: 1.1.1.5
detected: False cancel

Avast
update: 20190919
version: 18.4.3895.0
detected: False cancel

Avira
update: 20190919
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190919
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20190919
version: 7.0.41.7240
detected: False cancel

GData
update: 20190919
version: A:25.23433B:26.16067
detected: False cancel

Panda
update: 20190919
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190919
version: 4.1.0
detected: False cancel

Zoner
update: 20190918
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20190919
version: 0.101.4.0
detected: False cancel

Comodo
update: 20190919
version: 31498
detected: False cancel

F-Prot
update: 20190919
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20190919
version: 0.1.5.2
detected: False cancel

McAfee
update: 20190919
version: 6.0.6.653
detected: False cancel

Rising
update: 20190919
version: 25.0.0.24
detected: False cancel

Sophos
update: 20190919
version: 4.98.0
detected: False cancel

Yandex
update: 20190919
version: 5.5.2.24
detected: False cancel

Zillya
update: 20190919
version: 2.0.0.3904
detected: False cancel

Acronis
update: 20190904
version: 1.1.1.56
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20190919
version: 1.0.0.857
detected: False cancel

Cylance
update: 20190919
version: 2.3.1.101
detected: False cancel

Endgame
update: 20190918
version: 3.0.15
detected: False cancel

FireEye
update: 20190919
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20190919
version: 2019-09-19.02
detected: False cancel

Tencent
update: 20190919
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190919
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190919
version: 1.0.0.403
detected: False cancel

Ad-Aware
update: 20190919
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190919
version: 4.2
detected: False cancel

Emsisoft
update: 20190919
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20190919
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20190919
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190904
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190919
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190919
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190919
version: 1.0
detected: False cancel

Symantec
update: 20190919
version: 1.10.0.0
detected: False cancel

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
update: 20190919
version: 3.16.1.25089
detected: False cancel

Antiy-AVL
update: 20190919
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20190919
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20190919
version: 1.1.16300.1
detected: False cancel

Qihoo-360
update: 20190919
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20190919
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20190919
version: 20045
detected: False cancel

TrendMicro
update: 20190919
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20190919
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20190919
version: 11.67.32057
detected: False cancel

SentinelOne
update: 20190807
version: 1.0.31.22
detected: False cancel

Avast-Mobile
update: 20190919
version: 190919-00
detected: False cancel

Malwarebytes
update: 20190919
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190919
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190918
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190919
version: 1.0.134.24859
detected: False cancel

MicroWorld-eScan
update: 20190919
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20190913
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190919
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20190919
version: 10.0.0.1040
detected: False cancel

total
68
sha256
a7c15d3aaa887d6bdfcd1c3b00ae147623ad718a0f5d39a96b1fb62cffd7a8ef
scan_id
a7c15d3aaa887d6bdfcd1c3b00ae147623ad718a0f5d39a96b1fb62cffd7a8ef-1568908729
resource
6ce3bb70af4b45d999d462a0eea22bdf
positives
0
scan_date
2019-09-19 15:58:49
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.185Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.231Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.278Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.325Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.372Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.419Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.466Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.513Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\malware.exe
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\malware.exe
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\malware.exe
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mctres.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\riched20.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\riched20.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\riched20.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\riched20.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\riched20.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.560Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\ntdll.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\kernel32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\KernelBase.dllKernelBase.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\malware.exe
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\msvcrt.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\user32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\gdi32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\lpk.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\usp10.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\ole32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\rpcrt4.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\imm32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\msctf.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\version.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\sfc_os.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\sspicli.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\rsaenh.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\uxtheme.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\dwmapi.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\advapi32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\sechost.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\shlwapi.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\shell32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\WindowsCodecs.dllWindowsCodecs.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\clbcatq.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\oleaut32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\ieframe.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\normaliz.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\iertutil.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\urlmon.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dllapi-ms-win-downlevel-ole32-l1-1-0.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\wininet.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\userenv.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\profapi.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\apphelp.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exeC:\Windows\System32\secur32.dll
21/12/2019 - 12:53:8.669Unknown1728C:\malware.exe\Device\HarddiskVolume2
21/12/2019 - 12:53:8.669Open1728C:\malware.exeC:\Windows
21/12/2019 - 12:53:8.669Open1728C:\malware.exeC:\Windows\System32\wow64.dll
21/12/2019 - 12:53:8.669Open1728C:\malware.exeC:\Windows\System32\wow64.dll
21/12/2019 - 12:53:8.669Open1728C:\malware.exeC:\Windows\System32\wow64win.dll
21/12/2019 - 12:53:8.669Open1728C:\malware.exeC:\Windows\System32\wow64win.dll
21/12/2019 - 12:53:8.669Open1728C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/12/2019 - 12:53:8.669Open1728C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows\System32\wow64log.dll
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows
21/12/2019 - 12:53:8.685Unknown1728C:\malware.exeC:\Windows
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Monitor
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/12/2019 - 12:53:8.685Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/12/2019 - 12:53:8.747Open1728C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
21/12/2019 - 12:53:8.747Open1728C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
21/12/2019 - 12:53:8.747Open1728C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
21/12/2019 - 12:53:8.747Open1728C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
21/12/2019 - 12:53:8.747Open1728C:\malware.exeC:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-1.DLL
21/12/2019 - 12:53:8.841Open1728C:\malware.exeC:\Monitor\GoogleUpdate.exe
21/12/2019 - 12:53:8.841Open1728C:\malware.exeC:\Monitor\GoogleUpdate.exe.exe
21/12/2019 - 12:53:8.888Open1728C:\malware.exeC:\Windows\SysWOW64\api-ms-win-appmodel-runtime-l1-1-1.DLL
21/12/2019 - 12:53:8.888Open1728C:\malware.exeC:\Windows\SysWOW64\ext-ms-win-kernel32-package-current-l1-1-0.DLL
21/12/2019 - 12:53:9.122Unknown1728C:\malware.exeC:\Windows
21/12/2019 - 12:53:9.122Unknown1728C:\malware.exeC:\Monitor

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 93.51%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 90.12%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 62.50%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 55.68%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download