Report #5553 check_circle

Binary
DLL
False cancel
Size
661.00KB
trid
81.0% Generic CIL Executable
7.2% Win32 Dynamic Link Library
4.9% Win32 Executable
2.2% OS/2 Executable
2.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
e5dc914237fbb4e5da5cde1bb99dc8ee
sha1
e1e84a58b375d1d6516e494b6c8213afece670d7
crc32
0x35cd5ea8
sha224
d2262926e551cdf7819dfc9a39a4224d5a1614bfe9625efddcb522dc
sha256
5358f5e39e69be6e06d00aa37e7441b8ddce91bc94e9371548e40766b86eb1b9
sha384
6693fa9727f926fdac4ae46fcfcf57d1597de33b44cf75b593e06a021f2b055504f479a72bfa37574733e3a97f7e310f
sha512
d3b1899e5f3d1b05a2316b076767201ae45ca850f663930f7df079359ba028a1e9db853ff6f64046e74f16a6bb0b649cc1a65e4392f658711bac7fdb906d1d17
ssdeep
6144:ZCR/JtfdfcqkaBVDIVeTF6VFIIdViuuTTHQUYsTAXJPRXbbO9tgsTin60acuZFWy:Zvage4VZWZ6Rb2gsk6
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_Studio_NET, HasDebugData, IsConsole, NET_executable_, domain, IsPE32

Suspicious
True check_circle

Strings
List
c:\Users\usuario\source\repos\ConsoleApp5\ConsoleApp5\obj\Release\ConsoleApp1.pdb
System.IO
System.Net
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
System.Security.Cryptography
System.IO.Compression.FileSystem
System.IO.Compression
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
ConsoleApp1.exe
ConsoleApp1.exe
ConsoleApp1.exe
button83
button83
Delete
Next
System.Windows.Forms
mscoree.dll
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
DebuggableAttribute
DebuggingModes
ExtractToDirectory
nCmdShow
GetTempPath
Ivan Medvedev
Sleep
CryptoStreamMode
CreateDecryptor
CryptoStream
ICryptoTransform
<PrivateImplementationDetails>{E5CD0814-F20C-43ED-8E80-24F60456816D}
Random
random
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
Crypt
$$method0x600000e-1
_CorExeMain
<GWOu>b__0
IEnumerable`1
set_AutoScaleMode
get_Controls
set_ClientSize
button135
button134
button133
button145
button144
button143
button154
button147
button153
button152
button136
button137
button138
button139
button140
button141
button142
button146
button144
button145
button146
button148
button149
button150
button151
button143
button150
button147
button160
button108
button107
button106
button105
button104
button157
button158
button159
button161
button148
button162
button163
button164
button165
button166
button167
button168
button169
button109
button110
button111
button112
button149
button131
button155

Foremost
Matches
0.exe, 661 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: user32.dll, mscoree.dll, kernel32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 682462
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, mscoree.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-04-26 13:05:24
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 1

pushpopmath
.text: 23

garbagebytes
.text: 1

programcontrolflowchange
.text: 1

cpuinstructionsresultscomparison
.text: 1987

AVclass
moderate
1
VirusTotal
md5
e5dc914237fbb4e5da5cde1bb99dc8ee
sha1
e1e84a58b375d1d6516e494b6c8213afece670d7
SCANS (DETECTION RATE = 30.00%)
AVG
update: 20190426
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=85)
update: 20190426
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190425
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20190426
version: 11.40.30725
detected: False cancel

Avast
update: 20190426
version: 18.4.3895.0
detected: False cancel

Avira
result: TR/Dropper.Gen
update: 20190426
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190426
version: 6.2.0.1
detected: False cancel

DrWeb
result: Trojan.DownLoader27.54092
update: 20190426
version: 7.0.34.11020
detected: True check_circle

GData
result: Gen:Variant.Johnnie.129970
update: 20190426
version: A:25.21690B:25.14941
detected: True check_circle

Panda
update: 20190426
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190426
version: 4.0.0
detected: False cancel

Zoner
update: 20190426
version: 1.0
detected: False cancel

ClamAV
update: 20190426
version: 0.101.2.0
detected: False cancel

Comodo
update: 20190426
version: 30775
detected: False cancel

F-Prot
update: 20190426
version: 4.7.1.166
detected: False cancel

McAfee
result: GenericRXHL-PL!E5DC914237FB
update: 20190426
version: 6.0.6.653
detected: True check_circle

Rising
update: 20190426
version: 25.0.0.24
detected: False cancel

Sophos
update: 20190426
version: 4.98.0
detected: False cancel

Yandex
update: 20190426
version: 5.5.1.3
detected: False cancel

Zillya
update: 20190426
version: 2.0.0.3804
detected: False cancel

Acronis
update: 20190425
version: 1.0.1.48
detected: False cancel

Alibaba
update: 20190426
version: 0.4.0.6
detected: False cancel

Arcabit
result: Trojan.Johnnie.D1FBB2
update: 20190426
version: 1.0.0.845
detected: True check_circle

Babable
update: 20190424
version: 9107201
detected: False cancel

Cylance
update: 20190426
version: 2.3.1.101
detected: False cancel

Endgame
result: malicious (moderate confidence)
update: 20190403
version: 3.0.9
detected: True check_circle

FireEye
result: Gen:Variant.Johnnie.129970
update: 20190426
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190426
version: 2019-04-26.02
detected: False cancel

Tencent
update: 20190426
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190426
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190426
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190426
version: v4.3.6
detected: False cancel

Ad-Aware
result: Gen:Variant.Johnnie.129970
update: 20190426
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20190426
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Variant.Johnnie.129970 (B)
update: 20190426
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Trojan.TR/Dropper.Gen
update: 20190426
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Banload.IA!tr
update: 20190426
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190313
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190426
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190426
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190426
version: 1.0
detected: False cancel

Symantec
update: 20190426
version: 1.9.0.0
detected: False cancel

Trapmine
result: malicious.moderate.ml.score
update: 20190325
version: 3.1.52.760
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Banload.C2721948
update: 20190426
version: 3.15.0.23609
detected: True check_circle

Antiy-AVL
update: 20190426
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20190426
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20190426
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20190426
version: 1.1.15900.4
detected: False cancel

Qihoo-360
update: 20190426
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20190421
version: 6.8.0.5.4174
detected: False cancel

Trustlook
update: 20190426
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190426
version: 1.0
detected: False cancel

Cybereason
result: malicious.237fbb
update: 20190417
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.PDK
update: 20190426
version: 19260
detected: True check_circle

TrendMicro
update: 20190426
version: 10.0.0.1040
detected: False cancel

BitDefender
result: Gen:Variant.Johnnie.129970
update: 20190426
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_80% (D)
update: 20190212
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20190426
version: 11.40.30727
detected: False cancel

SentinelOne
result: DFI - Malicious PE
update: 20190420
version: 1.0.25.316
detected: True check_circle

Avast-Mobile
update: 20190426
version: 190426-00
detected: False cancel

Malwarebytes
update: 20190426
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190426
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190426
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190426
version: 1.0.134.24788
detected: False cancel

MicroWorld-eScan
result: Gen:Variant.Johnnie.129970
update: 20190426
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190423
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: GenericRXHL-PL!E5DC914237FB
update: 20190426
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20190426
version: 10.0.0.1040
detected: False cancel

total
70
sha256
5358f5e39e69be6e06d00aa37e7441b8ddce91bc94e9371548e40766b86eb1b9
scan_id
5358f5e39e69be6e06d00aa37e7441b8ddce91bc94e9371548e40766b86eb1b9-1556304653
resource
e5dc914237fbb4e5da5cde1bb99dc8ee
permalink
https://www.virustotal.com/file/5358f5e39e69be6e06d00aa37e7441b8ddce91bc94e9371548e40766b86eb1b9/analysis/1556304653/
positives
21
scan_date
2019-04-26 18:50:53
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\System32\MUI\0416\mscorees.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\System32\MUI\0416\mscorees.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\System32\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\System32\mscorrc.dll.DLL
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\System32\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\system\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Monitor\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\System32\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\System32\wbem\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\System32\WindowsPowerShell\v1.0\mscorrc.dll
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\malware.exe.config
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v4.0.40305
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v4.0.40305
11/2/2020 - 13:45:42.762Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/2/2020 - 13:45:42.762Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/2/2020 - 13:45:42.778Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
11/2/2020 - 13:45:42.778Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\dwmapi.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\ole32.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\ole32.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\CRYPTBASE.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
11/2/2020 - 13:45:42.840Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
11/2/2020 - 13:45:42.840Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
11/2/2020 - 13:45:42.840Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/2/2020 - 13:45:42.840Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 70.17%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 85.63%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 36.40%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.97%
suspicious: False cancel

Back
Add to Collection
Download