Report #5616 check_circle

  • Creation Date: Feb. 11, 2020, 5:45 p.m.
  • Last Update: Feb. 11, 2020, 7:33 p.m.
  • File: Opera.exe
  • Results:
Binary
DLL
False cancel
Size
5.96MB
trid
81.0% Generic CIL Executable
7.2% Win32 Dynamic Link Library
4.9% Win32 Executable
2.2% OS/2 Executable
2.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
c113313000478fa365a1e8c34bd1ae0b
sha1
5d90622639ff350616a2cd82584a16d6701f83f6
crc32
0xb554636
sha224
8afaeb29cc9e76d0a3c9d510c0fee904a280e29f2411e6d683cc3224
sha256
5f843b4f383e94bc32dfe346a4eb18580d8a51286d520a89cab36567d3574c53
sha384
68781a2f96fe9cbf2f0a0b11cc084895f87e6cf1b91cb09dcf440d71831ec3a804580d652f9629d89321ce796025b5f1
sha512
cbcddec0be003b04ab11782a5155d05658e0f87dfa5b119d1298c9f8faea39323595d65fe5c8d8add08c1b716f2e71abbc7f1cf17b5afed89636226cfd7c6330
ssdeep
98304:/FXa/uT52uAmUQ9ih+5ChLU9aLP64rB41bJFXa/uT52uAmUQ9ih+5ChLU9aLP64q:/XIk5WU9aLyABaXIk5WU9aLyAB
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, HasDebugData, IP, contentis_base64, IsNET_EXE, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, ppaction, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
C:\Users\USUARIO\source\repos\NovoLoaderTop\NovoLoaderTop\obj\Debug\Opera.pdb
Opera.Resources.z0608.zip
z0608.zip
M.scA
M.scA
O.id
O.id
H.CI
i.Gh
H.CI
i.Gh
Yc.IE
Yc.IE
Ra.MG
Ra.MG
Opera.Properties
System.IO
a.ws
a.ws
System.Management
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
-.NR
-.NR
U.Gi
U.Gi
M.Pn
i.vN
hJ.eE
r.Kw
o.Tv
mR.dm
hJ.eE
i.vN
4.cL
o.Tv
mR.dm
R.TK
4.cL
r.Kw
b.UG
b.UG
R.TK
M.Pn
iE.QA
iE.QA
_.cn
_.cn
r.tv
r.tv
m.gn
m.gn
sqlite3.dll
sqlite3.dll
sqlite3.dll
sqlite3.dll
awv.gw
awv.gw
System.Security.Cryptography
K8x.My
C.dZ
1.LT
k.tJ
K8x.My
1.LT
1.Gq
k.tJ
1.Gq
C.dZ
4.LA
4.LA
)]KT.fi
)]KT.fi
q.im
q.im
System.IO.Compression.FileSystem
`L.tw'
`L.tw'
Opera.Properties.Resources
System.IO.Compression
Opera.Properties.Resources.resources
msvcr100.dll
msvcr100.dll
msvcr100.dll
msvcr100.dll
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
16.0.0.0
16.1.0.0
GoogleUpdate.exe
GoogleUpdate.exe
GoogleUpdate.exe
GoogleUpdate.exe
Opera.exe
Opera.exe
Opera.exe
.<UO.ES/Sr
.<UO.ES/Sr
??N.Ua

Foremost
Matches
36.zip, 2 MB, 6929.zip, 2 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: msvcr100.dll, mscoree.dll, jli.dll, sqlite3.dll
hasFiles: True check_circle
Suspicious: z0608.zip, Opera.Resources.z0608.zip, Bu1.dB
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6258094
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match., The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious: msvcr100.dll, jli.dll, sqlite3.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2084-03-17 09:15:33
Future: True check_circle

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 3270

pushpopmath
.text: 1747

ss register
.text: 52

garbagebytes
.text: 1220

hookdetection
.text: 98

software breakpoint
.text: 136

fakeconditionaljumps
.text: 102

programcontrolflowchange
.text: 1124

cpuinstructionsresultscomparison
.text: 13

AVclass
None
1
VirusTotal
md5
c113313000478fa365a1e8c34bd1ae0b
sha1
5d90622639ff350616a2cd82584a16d6701f83f6
SCANS (DETECTION RATE = 15.71%)
AVG
update: 20190806
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20190806
version: 2018.9.12.1
detected: False cancel

APEX
result: Malicious
update: 20190806
version: 5.48
detected: True check_circle

Bkav
update: 20190806
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190806
version: 11.59.31655
detected: False cancel

Avast
update: 20190806
version: 18.4.3895.0
detected: False cancel

Avira
result: TR/Crypt.XPACK.Gen
update: 20190806
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190806
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190806
version: 7.0.41.7240
detected: False cancel

GData
update: 20190806
version: A:25.23008B:26.15726
detected: False cancel

Panda
result: Trj/GdSda.A
update: 20190806
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20190806
version: 4.0.0
detected: False cancel

VIPRE
update: 20190806
version: 76952
detected: False cancel

Zoner
update: 20190806
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20190806
version: 0.101.3.0
detected: False cancel

Comodo
update: 20190806
version: 31284
detected: False cancel

F-Prot
update: 20190806
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20190806
version: 0.1.5.2
detected: False cancel

McAfee
update: 20190806
version: 6.0.6.653
detected: False cancel

Rising
result: Trojan.Generic@ML.100 (RDML:0s9i7Kyj8Y8Z5gO560FeWQ)
update: 20190806
version: 25.0.0.24
detected: True check_circle

Sophos
update: 20190806
version: 4.98.0
detected: False cancel

Yandex
update: 20190806
version: 5.5.2.24
detected: False cancel

Zillya
update: 20190806
version: 2.0.0.3870
detected: False cancel

Acronis
result: suspicious
update: 20190806
version: 1.0.1.51
detected: True check_circle

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20190806
version: 1.0.0.850
detected: False cancel

Cylance
update: 20190806
version: 2.3.1.101
detected: False cancel

Endgame
result: malicious (high confidence)
update: 20190802
version: 3.0.13
detected: True check_circle

FireEye
update: 20190806
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20190806
version: 2019-08-06.02
detected: False cancel

Tencent
update: 20190806
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190806
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190806
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190806
version: v4.3.6
detected: False cancel

Ad-Aware
update: 20190806
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190806
version: 4.2
detected: False cancel

Emsisoft
update: 20190806
version: 2018.12.0.1641
detected: False cancel

F-Secure
result: Trojan.TR/Crypt.XPACK.Gen
update: 20190806
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20190806
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190717
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190805
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190806
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190806
version: 1.0
detected: False cancel

Symantec
update: 20190806
version: 1.10.0.0
detected: False cancel

AhnLab-V3
update: 20190806
version: 3.15.3.24531
detected: False cancel

Antiy-AVL
update: 20190806
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20190806
version: 15.0.1.13
detected: False cancel

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20190803
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Fuery.C!cl
update: 20190806
version: 1.1.16200.1
detected: True check_circle

Qihoo-360
update: 20190806
version: 1.0.0.1120
detected: False cancel

Trustlook
update: 20190806
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190806
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20190806
version: 19811
detected: False cancel

TrendMicro
update: 20190806
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20190806
version: 7.2
detected: False cancel

CrowdStrike
result: win/malicious_confidence_60% (D)
update: 20190212
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20190806
version: 11.59.31656
detected: False cancel

SentinelOne
result: DFI - Suspicious PE
update: 20190604
version: 1.0.27.333
detected: True check_circle

Avast-Mobile
update: 20190806
version: 190806-06
detected: False cancel

Malwarebytes
update: 20190806
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190806
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190806
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190806
version: 1.0.134.24859
detected: False cancel

MicroWorld-eScan
update: 20190806
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20190802
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190806
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20190806
version: 10.0.0.1040
detected: False cancel

total
70
sha256
5f843b4f383e94bc32dfe346a4eb18580d8a51286d520a89cab36567d3574c53
scan_id
5f843b4f383e94bc32dfe346a4eb18580d8a51286d520a89cab36567d3574c53-1565127452
resource
c113313000478fa365a1e8c34bd1ae0b
positives
11
scan_date
2019-08-06 21:37:32
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 75.63%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 91.62%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 76.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 45.03%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.95%
suspicious: False cancel

Add to Collection
Download