Report #5555 check_circle

Binary
DLL
False cancel
Size
773.00KB
trid
81.0% Generic CIL Executable
7.2% Win32 Dynamic Link Library
4.9% Win32 Executable
2.2% OS/2 Executable
2.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
ded9a97c67411dea09a10a65b20f501d
sha1
5a1168a70a6823788953f0a73e61b5e2a6f5d99d
crc32
0xe3a03b96
sha224
885add793f70d1a951a4594e03cb18ff381a2576674d2029f25643c4
sha256
cb03a3c2b8062320de4981bffca5b13f4dbc53f979e22185dd3b65bfdf19798a
sha384
2b16ba96f3ae51273dc0866100f56221bdd05c17da4116d810804232560513a3a0078e0dc1f781a20c48054369b3f24c
sha512
88639a61d585efc8df7c859967260b121a220b919796a4de5a560f7dee9fb6cc3471a73437fccc743537505cb1ede2ced216e356ddefa5354906466ad2044a94
ssdeep
6144:3aTiKbqJPYl/p87DBFUwciidzxvLHOKwcdL2i4uB1RtxGxjIuKv1RO8tfbhPU:M7/YT2RR12+B1RtxVv
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, HasDebugData, IsConsole, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional

Suspicious
True check_circle

Strings
List
c:\Users\usuario\source\repos\ConsoleApp5\ConsoleApp5\obj\Release\ConsoleApp1.pdb
System.IO
System.Net
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
System.Security.Cryptography
System.IO.Compression.FileSystem
System.IO.Compression
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
ConsoleApp1.exe
ConsoleApp1.exe
ConsoleApp1.exe
button83
button83
Delete
Next
System.Windows.Forms
mscoree.dll
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
DebuggableAttribute
DebuggingModes
ExtractToDirectory
nCmdShow
Ivan Medvedev
Sleep
CryptoStreamMode
CreateDecryptor
CryptoStream
ICryptoTransform
<PrivateImplementationDetails>{271EBFCE-E780-40E1-9047-84F5B8EC2842}
Random
random
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
Crypt
//Microsoft//
$$method0x6000011-1
_CorExeMain
IEnumerable`1
set_AutoScaleMode
get_Controls
set_ClientSize
button119
button183
button182
button181
button180
button179
button178
button177
button176
button175
button173
button174
button185
button172
button171
button170
button168
button167
button166
button165
button164
button163
button162
button184
button188
button186
button187
button208
button207
button206
button205
button204
button203
button202
button201
button200
button199
button198
button197
button196
button195
button194
button193
button192
button191
button190
button189
button160
button161
button157
button159
button158
button133
button132

Foremost
Matches
0.exe, 773 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: user32.dll, mscoree.dll, kernel32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 796750
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, mscoree.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-04-30 00:40:51
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushpopmath
.text: 17

cpuinstructionsresultscomparison
.text: 1954

AVclass
clipbanker
1
VirusTotal
md5
ded9a97c67411dea09a10a65b20f501d
sha1
5a1168a70a6823788953f0a73e61b5e2a6f5d99d
SCANS (DETECTION RATE = 62.86%)
AVG
result: Win32:Trojan-gen
update: 20190524
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20190524
version: 2018.9.12.1
detected: True check_circle

APEX
update: 20190522
version: 5.20
detected: False cancel

Bkav
update: 20190524
version: 1.3.0.10239
detected: False cancel

K7GW
result: Trojan ( 0053b6df1 )
update: 20190524
version: 11.45.31017
detected: True check_circle

ALYac
result: Gen:Variant.Razy.506459
update: 20190524
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Trojan-gen
update: 20190524
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Dropper.Gen
update: 20190524
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.MUWR-4689
update: 20190524
version: 6.2.0.1
detected: True check_circle

DrWeb
result: Trojan.DownLoader27.54092
update: 20190524
version: 7.0.34.11020
detected: True check_circle

GData
result: Gen:Variant.Razy.506459
update: 20190524
version: A:25.22091B:25.15157
detected: True check_circle

Panda
result: Trj/CI.A
update: 20190524
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20190524
version: 4.0.0
detected: False cancel

Zoner
update: 20190524
version: 1.0
detected: False cancel

ClamAV
update: 20190524
version: 0.101.2.0
detected: False cancel

Comodo
result: Malware@#xofbxk1which
update: 20190524
version: 30915
detected: True check_circle

F-Prot
update: 20190524
version: 4.7.1.166
detected: False cancel

McAfee
result: GenericRXHN-VD!DED9A97C6741
update: 20190524
version: 6.0.6.653
detected: True check_circle

Rising
update: 20190524
version: 25.0.0.24
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20190524
version: 4.98.0
detected: True check_circle

Zillya
result: Trojan.ClipBanker.Win32.1186
update: 20190524
version: 2.0.0.3817
detected: True check_circle

Acronis
update: 20190522
version: 1.0.1.48
detected: False cancel

Alibaba
result: VirTool:Win32/Obfuscator.3951f441
update: 20190513
version: 0.3.0.4
detected: True check_circle

Arcabit
result: Trojan.Razy.D7BA5B
update: 20190524
version: 1.0.0.846
detected: True check_circle

Babable
update: 20190424
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20190524
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20190522
version: 3.0.12
detected: False cancel

FireEye
result: Gen:Variant.Razy.506459
update: 20190524
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190524
version: 2019-05-24.02
detected: False cancel

Tencent
result: Msil.Trojan-banker.Clipbanker.Wwof
update: 20190524
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190524
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190524
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190524
version: v4.3.6
detected: False cancel

Ad-Aware
result: Gen:Variant.Razy.506459
update: 20190524
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Johnnie.4!c
update: 20190524
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Razy.506459 (B)
update: 20190524
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Trojan.TR/Dropper.Gen
update: 20190524
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Banload.IA!tr
update: 20190524
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190313
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190524
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190524
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190524
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20190524
version: 1.9.0.0
detected: True check_circle

Trapmine
update: 20190522
version: 3.1.62.789
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Banload.C2721948
update: 20190524
version: 3.15.2.24252
detected: True check_circle

Antiy-AVL
result: Trojan[Banker]/MSIL.ClipBanker
update: 20190524
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-Banker.MSIL.ClipBanker.gen
update: 20190524
version: 15.0.1.13
detected: True check_circle

Microsoft
result: VirTool:Win32/Obfuscator.CAN!bit
update: 20190524
version: 1.1.15900.4
detected: True check_circle

Qihoo-360
result: Win32/Trojan.f6f
update: 20190524
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20190522
version: 6.8.0.5.4232
detected: False cancel

Trustlook
update: 20190524
version: 1.0
detected: False cancel

ZoneAlarm
result: HEUR:Trojan-Banker.MSIL.ClipBanker.gen
update: 20190524
version: 1.0
detected: True check_circle

Cybereason
result: malicious.c67411
update: 20190417
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/TrojanDownloader.Banload.IG
update: 20190524
version: 19410
detected: True check_circle

TrendMicro
result: TROJ_GEN.R011C0WE219
update: 20190524
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Gen:Variant.Razy.506459
update: 20190524
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190212
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0053b6df1 )
update: 20190524
version: 11.45.31018
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190511
version: 1.0.26.329
detected: True check_circle

Avast-Mobile
update: 20190524
version: 190524-00
detected: False cancel

Malwarebytes
update: 20190524
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190524
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Johnnie
update: 20190524
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Kryptik.fprtjl
update: 20190524
version: 1.0.134.24826
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Razy.506459
update: 20190524
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190521
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: GenericRXHN-VD!DED9A97C6741
update: 20190524
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R011C0WE219
update: 20190524
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
cb03a3c2b8062320de4981bffca5b13f4dbc53f979e22185dd3b65bfdf19798a
scan_id
cb03a3c2b8062320de4981bffca5b13f4dbc53f979e22185dd3b65bfdf19798a-1558721355
resource
ded9a97c67411dea09a10a65b20f501d
positives
44
scan_date
2019-05-24 18:09:15
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\System32\MUI\0416\mscorees.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\System32\MUI\0416\mscorees.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\System32\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\System32\mscorrc.dll.DLL
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\System32\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\system\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Monitor\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\System32\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\System32\wbem\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\System32\WindowsPowerShell\v1.0\mscorrc.dll
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\malware.exe.config
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v4.0.40305
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v4.0.40305
11/2/2020 - 13:45:42.934Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/2/2020 - 13:45:42.934Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/2/2020 - 13:45:42.950Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
11/2/2020 - 13:45:42.950Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\dwmapi.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\ole32.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\ole32.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\CRYPTBASE.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
11/2/2020 - 13:45:43.12Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
11/2/2020 - 13:45:43.12Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
11/2/2020 - 13:45:43.12Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/2/2020 - 13:45:43.12Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 69.87%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 84.50%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 58.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 73.89%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.99%
suspicious: False cancel

Add to Collection
Download