Report #5611 check_circle

  • Creation Date: Feb. 11, 2020, 4:38 p.m.
  • Last Update: Feb. 11, 2020, 7:10 p.m.
  • File: index.html.exe
  • Results:
Binary
DLL
False cancel
Size
2.54MB
trid
76.7% Win32 EXE PECompact compressed
8.3% Win32 Executable
3.8% Win16/32 Executable Delphi generic
3.7% OS/2 Executable
3.6% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
8c89d43aaf63cc3cee86e9f9d74ddc2c
sha1
4978f0e8e0a9627c80805c1d6e03de4c9d0224d5
crc32
0xfe4930b7
sha224
d823aba2d012cfdea2585ac2afdf9ef0669b6de5bd0fa6aa9d18a849
sha256
0b47edf49559799bdc16770769a3543ecf2aca8e716c873df4bdf7fc7e181301
sha384
75559afc108d5da80945c72843551d3c8d30db992a1bab20f1d80e05477901fedd6d33a4ee9de00f6c21dc957151f374
sha512
a664481316ccfb62faa219b63e5cf28b298c59368c19f05c15826c00c85698839824250c695909e1738ec5547c1e0a33127dc09ac2b1e1e555854f4274789a16
ssdeep
49152:HsywcGFQVH9tRSS20AoU1YtI0mLT006vNv:MybGKVji1107l
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, IP, Borland_Delphi_30_, CRC32_poly_Constant, borland_delphi, Delphi_FormShow, CRC32_table, Microsoft_Visual_Cpp_v50v60_MFC, win_files_operation, IsPE32, win_hook, screenshot, Borland_Delphi_v40_v50, keylogger, contentis_base64, Borland_Delphi_40_additional, Borland_Delphi_40, Delphi_Random, IsWindowsGUI, anti_dbg, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, win_registry, Delphi_CompareCall, Borland_Delphi_30_additional, Borland_Delphi_v30, Big_Numbers3

Suspicious
True check_circle

Strings
List
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
t.Ht
Winapi.Windows
Winapi.Windows
Winapi.Windows
Uh.bE
Font.Name
Font.Style
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
%s.Seek not implemented$Operation not allowed on sorted list
ITComparer<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>2
ITComparer<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
IIComparer<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
KTComparison<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
FTArray<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
X@TList`1.Pack$224$ActRec<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
X@TList`1.Pack$226$ActRec<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
X@TList`1.Pack$226$ActRec<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
X@TList`1.Pack$224$ActRec<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
ETList<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>&
ETList<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
NTList<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>.arrayofT
KTEnumerator<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>(
KTEnumerator<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
QTList<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>.TEnumerator5
X.TList`1.Pack$224$0$Intf<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
X.TList`1.Pack$226$0$Intf<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
VTCollectionNotifyEvent<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
QTList<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>.TEnumerator
ITDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TPairEnumeratorp
ITDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TPairEnumerator;
PTList<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>.TEmptyFunc
RTDelegatedComparer<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>8
RTDelegatedComparer<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
Item3TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>
KTEnumerable<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>'
KIEnumerable<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>
3TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>
DTDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TItemArray
JTDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TValueCollection;
JTDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TValueCollection<
JTDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TValueEnumerator<
JTDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TValueEnumerator;
KTEnumerable<Vcl.Themes.TPair<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>>h{V
?TObjectDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>
?TDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TItem
?TObjectDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>M
9TDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>l
9TDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>9
HTDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TKeyEnumerator
HTDictionary<Winapi.Windows.HWND,Vcl.Themes.TSysStyleHook>.TKeyEnumerator;
Login%Cannot remove shell notification icon"%s requires Windows Vista or later

Foremost
Matches
0.exe, 2 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: user32.dll, Msctf.dll, kernel32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, oleaut32.dll, wininet.dll, msvcrt.dll, netapi32.dll, advapi32.dll, Shcore.dll, DWMAPI.DLL, SHFolder.dll, msimg32.dll, wtsapi32.dll, windowscodecs.dll, gdi32.dll, version.dll, shell32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 370176
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 2296936
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, msctf.dll, kernel32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, oleaut32.dll, wininet.dll, msvcrt.dll, netapi32.dll, advapi32.dll, shcore.dll, dwmapi.dll, shfolder.dll, msimg32.dll, wtsapi32.dll, windowscodecs.dll, gdi32.dll, version.dll, shell32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-08-01 12:18:46
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.0, Borland Delphi v6.0 - v7.0

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 10
.rsrc: 40
.text: 34
.itext: 6

pushpopmath
.data: 5
.rsrc: 9
.text: 58
.idata: 20
.reloc: 164

ss register
.reloc: 1

garbagebytes
.data: 4
.rsrc: 9
.text: 23
.itext: 6

hookdetection
.data: 1
.text: 2
.reloc: 13

software breakpoint
.rsrc: 4
.text: 6
.reloc: 46

fakeconditionaljumps
.rsrc: 2

programcontrolflowchange
.data: 4
.rsrc: 7
.text: 23
.itext: 6

cpuinstructionsresultscomparison
.data: 10
.rsrc: 5
.text: 21
.reloc: 4

AVclass
jacard
1
VirusTotal
md5
8c89d43aaf63cc3cee86e9f9d74ddc2c
sha1
4978f0e8e0a9627c80805c1d6e03de4c9d0224d5
SCANS (DETECTION RATE = 53.12%)
CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20191012
version: 2019.9.16.1
detected: False cancel

APEX
result: Malicious
update: 20191010
version: 5.72
detected: True check_circle

Bkav
update: 20191011
version: 1.3.0.10239
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20191010
version: 11.72.32236
detected: True check_circle

ALYac
result: Gen:Variant.Jacard.157993
update: 20191012
version: 1.1.1.5
detected: True check_circle

Avira
result: TR/Agent.ojgeo
update: 20191012
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20191012
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20191012
version: 7.0.41.7240
detected: False cancel

GData
result: Gen:Variant.Jacard.157993
update: 20191012
version: A:25.23675B:26.16268
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20191012
version: 4.6.4.2
detected: True check_circle

VBA32
result: Adware.DealPly
update: 20191011
version: 4.1.0
detected: True check_circle

VIPRE
update: 20191012
version: 78536
detected: False cancel

Zoner
update: 20191012
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20191012
version: 0.102.0.0
detected: False cancel

Comodo
update: 20191012
version: 31592
detected: False cancel

Ikarus
update: 20191012
version: 0.1.5.2
detected: False cancel

McAfee
result: Artemis!8C89D43AAF63
update: 20191012
version: 6.0.6.653
detected: True check_circle

Rising
result: Downloader.FakeAlert!8.4FF (TFE:3:OW15OH63D9T)
update: 20191012
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20191012
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!+VtBqMuaqRc
update: 20191009
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20191011
version: 2.0.0.3923
detected: False cancel

Acronis
update: 20191005
version: 1.1.1.58
detected: False cancel

Alibaba
result: Trojan:Win32/Agent.51ef6031
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
update: 20191012
version: 1.0.0.858
detected: False cancel

FireEye
result: Gen:Variant.Jacard.157993
update: 20191012
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20191011
version: 2019-10-11.01
detected: False cancel

Tencent
result: Win32.Trojan.Agent.Edef
update: 20191012
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20191012
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20191012
version: v5.0.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Jacard.157993
update: 20191012
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Agent.4!c
update: 20191012
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Jacard.157993 (B)
update: 20191012
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Agent.ojgeo
update: 20191012
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Agent.XAAVFX!tr
update: 20191012
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190904
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20191012
version: 16.0.100
detected: False cancel

Kingsoft
update: 20191012
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20191012
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20191012
version: 1.10.0.0
detected: True check_circle

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
result: Malware/Gen.Generic.C3366992
update: 20191012
version: 3.16.3.25410
detected: True check_circle

Antiy-AVL
update: 20191012
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan.Win32.Agent.xaavfx
update: 20191012
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Mamson.A!ml
update: 20191012
version: 1.1.16400.2
detected: True check_circle

Qihoo-360
result: Win32/Trojan.9c2
update: 20191012
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan.Win32.Agent.xaavfx
update: 20191012
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20191012
version: 20170
detected: False cancel

TrendMicro
result: TROJ_GEN.R004C0WHB19
update: 20191012
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Variant.Jacard.157993
update: 20191012
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_60% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20191012
version: 11.72.32258
detected: True check_circle

SentinelOne
result: DFI - Suspicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20191012
version: 191012-04
detected: False cancel

Malwarebytes
update: 20191012
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20191009
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20191012
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Jacard.fvbyuw
update: 20191012
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Jacard.157993
update: 20191012
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20191011
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.AdwareDealPly.vh
update: 20191012
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R004C0WHB19
update: 20191012
version: 10.0.0.1040
detected: True check_circle

total
64
sha256
0b47edf49559799bdc16770769a3543ecf2aca8e716c873df4bdf7fc7e181301
scan_id
0b47edf49559799bdc16770769a3543ecf2aca8e716c873df4bdf7fc7e181301-1570875721
resource
8c89d43aaf63cc3cee86e9f9d74ddc2c
positives
34
scan_date
2019-10-12 10:22:01
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Unknown1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Unknown1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Unknown1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Unknown1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Unknown1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Unknown1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/2/2020 - 18:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/2/2020 - 18:45:43.325Read1480C:\malware.exeC:\malware.exe
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\dwmapi.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\wtsapi32.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\WINSTA.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\winsta.dll
11/2/2020 - 18:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\winsta.dll
11/2/2020 - 18:45:43.418Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/2/2020 - 18:45:43.418Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/2/2020 - 18:45:43.418Open1480C:\malware.exeC:\malware.exe.Local
11/2/2020 - 18:45:43.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/2/2020 - 18:45:43.418Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/2/2020 - 18:45:43.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/2/2020 - 18:45:43.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
11/2/2020 - 18:45:43.418Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
11/2/2020 - 18:45:43.418Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/2/2020 - 18:45:43.418Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/2/2020 - 18:45:54.434Open1480C:\malware.exeC:\msimg32.dll
11/2/2020 - 18:45:54.434Open1480C:\malware.exeC:\Windows\SysWOW64\msimg32.dll
11/2/2020 - 18:45:54.434Open1480C:\malware.exeC:\Windows\SysWOW64\msimg32.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 18:46:28.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Secur32.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:46:28.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:46:28.434Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:46:28.434Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/2/2020 - 18:46:28.434Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\IPHLPAPI.DLL
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\WINNSI.DLL
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:46:28.450Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:46:28.450Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\DNSAPI.dll
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 18:46:28.450Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 18:46:28.497Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/2/2020 - 18:46:28.497Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/2/2020 - 18:46:28.497Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:46:28.497Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:46:28.590Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
11/2/2020 - 18:46:28.590Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
11/2/2020 - 18:46:28.590Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
11/2/2020 - 18:46:28.590Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
11/2/2020 - 18:46:28.637Open1480C:\malware.exeC:\dhcpcsvc6.DLL
11/2/2020 - 18:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/2/2020 - 18:46:28.637Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/2/2020 - 18:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/2/2020 - 18:46:28.637Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\CRYPTSP.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\RpcRtRemote.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/2/2020 - 18:46:28.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/2/2020 - 18:46:28.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:46:28.684Unknown1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:46:28.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:46:28.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/2/2020 - 18:46:28.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:46:28.684Unknown1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:46:28.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 18:46:28.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:46:28.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:46:28.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:46:28.700Unknown1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:46:28.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/2/2020 - 18:46:28.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/2/2020 - 18:46:28.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\dhcpcsvc.DLL
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/2/2020 - 18:46:28.700Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/2/2020 - 18:46:28.747Open1480C:\malware.exeC:\rasadhlp.dll
11/2/2020 - 18:46:28.747Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/2/2020 - 18:46:28.747Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/2/2020 - 18:46:28.840Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
11/2/2020 - 18:46:28.840Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
11/2/2020 - 18:46:28.856Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/2/2020 - 18:46:28.856Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\malware.exe.Local
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:46:29.12Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
11/2/2020 - 18:46:29.12Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:46:29.12Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:46:29.997Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
11/2/2020 - 18:46:29.997Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
11/2/2020 - 18:47:11.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\syam.exe
11/2/2020 - 18:47:11.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\syam.exe
11/2/2020 - 18:47:11.278Unknown1480C:\malware.exeC:\Windows
11/2/2020 - 18:47:11.278Unknown1480C:\malware.exeC:\Monitor
11/2/2020 - 18:47:11.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/2/2020 - 18:47:11.278Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/2/2020 - 18:47:11.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/2/2020 - 18:47:11.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\syam.exe
11/2/2020 - 18:47:11.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
11/2/2020 - 18:47:11.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

Process
Trace

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
11/2/2020 - 18:46:28.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
11/2/2020 - 18:46:28.450Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
11/2/2020 - 18:46:28.450Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
11/2/2020 - 18:46:28.450Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
11/2/2020 - 18:46:28.450Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
11/2/2020 - 18:46:28.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
11/2/2020 - 18:46:28.684Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
11/2/2020 - 18:46:28.684Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
11/2/2020 - 18:46:28.700Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/2/2020 - 18:46:28.840Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
11/2/2020 - 18:46:30.153Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/2/2020 - 18:46:30.153Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/2/2020 - 18:46:30.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/2/2020 - 18:46:30.153Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.

Response
computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255


TCP
Info
computer localhost:65192 arrow_forward 31.14.131.20:80
computer localhost:65191 arrow_forward 31.14.131.20:80

UDP
Info
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:67 arrow_forward computer localhost:68
computer localhost:50273 arrow_forward computer localhost:53

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 71.18%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 88.37%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 61.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 79.47%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 28.35%
suspicious: False cancel

Add to Collection
Download