Report #5476 check_circle

  • Creation Date: Feb. 10, 2020, 4:24 p.m.
  • Last Update: Feb. 10, 2020, 5:58 p.m.
  • File: 9k2vBbHr.exe
  • Results:
Binary
DLL
False cancel
Size
418.52KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
dc5532e5ea9ac29014118b397d3f387b
sha1
a6bed53af015148e2f4f7c3d507b83a7b4c1e153
crc32
0x802964f3
sha224
6104800ad56b505bcbbc41028a620fb0d0776904455fbdf3dacdcf71
sha256
90b13f3aa9d4bfe5859218aef13c0da5816ba6a877ea7545e1d4c72b0271b433
sha384
883a7bda9f1cfbc4b7286ed36de61fc58be065252f3be21e2f7ceef71b3b56540ca49ef5b26130ebfee77b15dabc0557
sha512
63db9059d1dd896cfab2b48cecbac6b63b8f10c1fb22bf2d7300c51aa792521528c98acaf2a0fa01da51ff8f3ac046c660fbdb361f84276aec4ff8544341067e
ssdeep
12288:fM9Ay2i6ZZQV02Rm5O2/PDqW/WBdrisxnTO7TsLYOs:fM9Api6ZZQW2aUd2sBO7ThOs
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, HasDigitalSignature, url, IP, contentis_base64, HasOverlay, Microsoft_Visual_Cpp_8, CRC32_table, win_registry, IsConsole, CRC32_poly_Constant, win_files_operation, IsPE32, HasRichSignature, Big_Numbers0

Suspicious
True check_circle

Strings
List
http://sv.symcb.com/sv.crt0
http://sv.symcb.com/sv.crl0f
https://d.symcb.com/rpa0
https://d.symcb.com/cps0%
http://s1.symcb.com/pca3-g5.crl0
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
.http://crl.thawte.com/ThawteTimestampingCA.crl0
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://www.symauth.com/rpa00
http://www.symauth.com/cps0(
Executor.exec():
msiexec.exe
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/Resources.cpp
http://sv.symcd.com0&
http://s2.symcb.com0
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/Registry.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/au/jaureg/jaureg.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/Bundle.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/SysInfo.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/unzip/unzip.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/Jep223UpgradeCodeInstalledJavaTracker.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/KnownProductCodeInstalledJavaTracker.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/Guid.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/Executor.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/common/share/tstrings.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/FileUtils.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/MsiUtils.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/Dll.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/common/windows/WinAutoHandle.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/windows/common/JavaEnvironment.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/common/windows/WinErrorHandling.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/common/share/Version.cpp
c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u131/8869/install/src/common/share/JavaVersion.cpp
jusched.log
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
rt.jar
VERSION.dll
msimsg.dll
msi.dll
jaureg.exe
javac.exe
2.8.131.11
2.8.131.11
2.8.131.11
http://ts-ocsp.ws.symantec.com07
c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u131\8869\install\src\common\share\Version.h
c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u131\8869\install\src\windows\common\InstalledJavaTracker.h
c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u131\8869\install\src\windows\common\Dll.h
Executor.exec(): CreateProcess
Software\JavaSoft\JDK
Software\JavaSoft\JRE
():
address.
Deleted [
] failed
" MSI property is [
n%%%OgaagO
LoadLibraryW(
LoadLibraryExW(
Given version is [
No such process
Failed to delete existing [
nOOOOgaagO%%%O
No such device or address
from
Result too large
No such device
failed
zip file is empty
failed
Too many links
Too many open files in system
Too many open files
cannot load resource
cannot find resource
Resource device
A\Oracle\Java\java.settings.cfg
Operation not permitted
[%d < %d] failed
Value of file version extracted from
archive is too large to be extracted into memory
archive is a directory and can't be extracted into memory
Software\JavaSoft\Java Runtime Environment
%s failed with %s
Software\JavaSoft\Java Development Kit
jaureglist.xml
mscoree.dll
.?AVExecutorError@Executor@@
Executor::ExecProcess
Executor::Executor
ExecutorError in Executor::ExecProcess
Executor::startExecution
MsiViewExecute(
Executor::exec
Registry::getValue
%2dA3A4F4-B792-11D6-A78A-00B0D02%04d0
Executor::createPipe
<requestedPrivileges>
Registry::getString

Foremost
Matches
0.exe, 412 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 2.8.131.11, 1, anantes-650-1-198-11.w2-8.abo.wanadoo.fr.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://s2.symcb.com0, http://www.symauth.com/rpa00, http://sv.symcb.com/sv.crt0, http://crl.thawte.com/thawtetimestampingca.crl0, http://sv.symcd.com0&, http://www.symauth.com/cps0(, http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(, http://sv.symcb.com/sv.crl0f, http://ocsp.thawte.com0, https://d.symcb.com/cps0%, http://s1.symcb.com/pca3-g5.crl0, http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<, https://d.symcb.com/rpa0, http://ts-ocsp.ws.symantec.com07
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: WUSER32.DLL, nKERNEL32.DLL, mscoree.dll, ADVAPI32.dll, SHELL32.dll, OLEAUT32.dll, USER32.dll, VERSION.dll, msimsg.dll, ole32.dll, msi.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious: jaureglist.xml, rt.jar, jusched.log
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 161280
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 438290
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 10.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 160529
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: mscoree.dll, advapi32.dll, shell32.dll, oleaut32.dll, user32.dll, version.dll, msimsg.dll, ole32.dll, msi.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: wuser32.dll, nkernel32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-03-15 06:43:13
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 1
.rsrc: 6
.text: 2
.rdata: 8

pushpopmath
.rsrc: 5
.text: 4
.rdata: 13
.reloc: 14

garbagebytes
.data: 1
.rsrc: 1
.text: 2
.rdata: 3

hookdetection
.rdata: 1

stealthimport
.text: 3

software breakpoint
.text: 8
.rdata: 1
.reloc: 7

fakeconditionaljumps
.text: 2

programcontrolflowchange
.data: 1
.rsrc: 1
.text: 2
.rdata: 3

cpuinstructionsresultscomparison
.rdata: 4

AVclass
None
1
VirusTotal
md5
dc5532e5ea9ac29014118b397d3f387b
sha1
a6bed53af015148e2f4f7c3d507b83a7b4c1e153
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20200202
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20200202
version: 2019.9.16.1
detected: False cancel

APEX
update: 20200201
version: 5.113
detected: False cancel

K7GW
update: 20200202
version: 11.89.33166
detected: False cancel

ALYac
update: 20200202
version: 1.1.1.5
detected: False cancel

Avast
update: 20200202
version: 18.4.3895.0
detected: False cancel

Avira
update: 20200202
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20200202
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20200202
version: 7.0.44.12030
detected: False cancel

GData
update: 20200202
version: A:25.24775B:26.17573
detected: False cancel

Panda
update: 20200202
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200131
version: 4.3.0
detected: False cancel

VIPRE
update: 20200202
version: 81230
detected: False cancel

Zoner
update: 20200202
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20200201
version: 0.102.1.0
detected: False cancel

Comodo
update: 20200202
version: 32035
detected: False cancel

F-Prot
update: 20200202
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20200201
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200202
version: 6.0.6.653
detected: False cancel

Rising
update: 20200202
version: 25.0.0.24
detected: False cancel

Sophos
update: 20200202
version: 4.98.0
detected: False cancel

Yandex
update: 20200131
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200201
version: 2.0.0.4011
detected: False cancel

Acronis
update: 20200128
version: 1.1.1.58
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200202
version: 1.0.0.869
detected: False cancel

Cylance
update: 20200202
version: 2.3.1.101
detected: False cancel

Endgame
update: 20200131
version: 3.0.16
detected: False cancel

FireEye
update: 20200202
version: 29.7.0.0
detected: False cancel

Sangfor
update: 20200114
version: 1.0
detected: False cancel

TACHYON
update: 20200202
version: 2020-02-02.01
detected: False cancel

Tencent
update: 20200202
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200201
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200202
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200202
detected: False cancel

Ad-Aware
update: 20200202
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20200202
version: 4.2
detected: False cancel

Emsisoft
update: 20200202
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20200202
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20200202
version: 6.2.137.0
detected: False cancel

Invincea
update: 20191211
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200202
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200202
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200202
version: 1.0
detected: False cancel

Symantec
update: 20200201
version: 1.11.0.0
detected: False cancel

Trapmine
update: 20200123
version: 3.2.22.914
detected: False cancel

AhnLab-V3
update: 20200201
version: 3.17.0.26111
detected: False cancel

Antiy-AVL
update: 20200202
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20200202
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20200131
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20200202
version: 1.1.16700.3
detected: False cancel

Qihoo-360
update: 20200202
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20200202
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20200202
version: 20771
detected: False cancel

TrendMicro
update: 20200202
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20200202
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200202
version: 11.89.33166
detected: False cancel

SentinelOne
update: 20191218
version: 1.12.1.57
detected: False cancel

Avast-Mobile
update: 20200130
version: 200130-00
detected: False cancel

CAT-QuickHeal
update: 20200201
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200202
version: 1.0.134.25031
detected: False cancel

BitDefenderTheta
update: 20200120
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20200202
version: 14.0.405.0
detected: False cancel

SUPERAntiSpyware
update: 20200131
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20200202
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20200202
version: 10.0.0.1040
detected: False cancel

total
70
sha256
90b13f3aa9d4bfe5859218aef13c0da5816ba6a877ea7545e1d4c72b0271b433
scan_id
90b13f3aa9d4bfe5859218aef13c0da5816ba6a877ea7545e1d4c72b0271b433-1580633262
resource
dc5532e5ea9ac29014118b397d3f387b
permalink
https://www.virustotal.com/file/90b13f3aa9d4bfe5859218aef13c0da5816ba6a877ea7545e1d4c72b0271b433/analysis/1580633262/
positives
0
scan_date
2020-02-02 08:47:42
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 64.31%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 86.64%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 70.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 52.45%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.92%
suspicious: False cancel

Back
Add to Collection
Download