Report #5617 check_circle

  • Creation Date: Feb. 11, 2020, 5:45 p.m.
  • Last Update: Feb. 11, 2020, 7:37 p.m.
  • File: StartTrigger.exename
  • Results:
Binary
DLL
False cancel
Size
96.73KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
650942b877dbfaedfc19b7eda1326810
sha1
048ac1f4111c3137770597e5678f78a4b0fdbfa3
crc32
0xfb4d6a0e
sha224
aff042e80b4c38226f0521910997a8d11454c933c7d611a86408bc95
sha256
bec6f272801b7d6d269b65b468627e8d8904d20f33564138a67a5746b118d359
sha384
84d320c52f88b2e8a957140278c80c76c21830853522f1f50647986a96273c41e64dfbfc351b0bb965240492a67473d5
sha512
c2a5dd873eb3868527b66f901eabb58566fd37e76c2f9d71f1e4ed07ba034dcea380245d41bec377f53c3ddb12c90e543e042688ea2df22498f64ce333e819f2
ssdeep
1536:BiYtALxN6zjLrGi9mm9hUl+WFqPW49CdWxCkz2++3hDI:BTbZmmEl++8X8+CkfuI
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, IP, url, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, HasDebugData, HasOverlay, win_files_operation, IsPE32, IsWindowsGUI, Big_Numbers1

Suspicious
True check_circle

Strings
List
%http://s.symcb.com/universal-root.crl0
https://d.symcb.com/rpa0
http://sw.symcb.com/sw.crl0`
https://d.symcb.com/cps0%
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
https://d.symcb.com/cps0%
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
https://d.symcb.com/rpa0)
http://sw1.symcb.com/sw.crt0
http://s.symcb.com/pca3-g5.crl0
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></asmv1:assembly>
C:\bamboo-build\LAUN-WCC167-JOB1\BuildOutput\bin\Release\Avira.SystrayStartTrigger.pdb
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Avira.Systray.exe
Avira.OE.NativeCore.dll
http://s.symcd.com0_
http://sw.symcd.com0'
http://s.symcd.com06
MSVCP120.dll
MSVCR120.dll
Global\Avira.TrayIconShown.
http://ts-ocsp.ws.symantec.com0;
2019 Avira Operations GmbH & Co. KG and its Licensors
:TS(w1
B62F3AB0132FAVCSE
|A%n8
Avira.ExternalCommunicationTaskPipe
Avira.SystrayStartTrigger
Avira.SystrayStartTrigger
Avira.SystrayStartTrigger
_wcsicmp
_crt_debugger_hook
Avira
Avira
Avira
Avira
Avira
Avira
Avira
Avira
Avira
Avira
Avira
Avira
Avira
Avira
_Thrd_sleep
.?AVNamedPipe@@
IsProcessorFeaturePresent
CreateEventW
RunAsInvoker
IsDebuggerPresent
CreateProcessW
QueryPerformanceCounter
GetModuleFileNameW
CreateFileW
WriteFile
?GetLanguage@OeProductInfo@NativeCore@OE@Avira@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
ReadFile
_wcmdln
Avira Operations GmbH & Co. KG1'0%
\\.\pipe\%1
Global\Avira.SystrayStartTrigger.SingleInstance.
Avira Operations GmbH & Co. KG0
Avira Operations GmbH & Co. KG
system
"CommandLineParameters":"/connectToHost
.?AV?$_LaunchPad@V?$_Bind@$0A@XV<lambda_cebd22acd50140f5c52b604ceb5e0dce>@@$$$V@std@@@std@@
.?AV?$_LaunchPad@V?$_Bind@$0A@XV<lambda_be21f6a0d1b826c856ed2c3b52c4c827>@@$$$V@std@@@std@@
.?AV?$_Ref_count_obj@VNamedPipe@@@std@@
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
1.2.135.51949
1.2.135.51949
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
.?AVINamedPipe@@
Microsoft Code Verification Root0
Tettnang1'0%
??_7_Facet_base@std@@6B@
__crtTerminateProcess
_purecall
?_BADOFF@std@@3_JB
_time64
AVCS4F3A4200C37O
__COMPAT_LAYER
_commode
Baden-Wuerttemberg1
Baden-Wuerttemberg1
__CxxFrameHandler3
1#1(121C1H1R1c1h1r1
=%=I=P=a=
102A2O2V2e2
_initterm
.?AV?$_Iosb@H@std@@
4,40444L4P4d4h4
.?AVios_base@std@@
"Path":"

Foremost
Matches
0.exe, 87 KB, 122.png, 7 KB, 137.png, 3 KB, 145.png, 2 KB, 151.png, 1 KB, 155.png, 1 KB, 157.png, 953 B, 159.png, 807 B, 161.png, 526 B
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://crl.microsoft.com/pki/crl/products/microsoftcodeverifroot.crl0, http://www.w3.org/2001/xmlschema-instance
hasURLs: True check_circle
Suspicious: http://s.symcb.com/universal-root.crl0, http://s.symcd.com0_, http://sw.symcd.com0, https://d.symcb.com/rpa0), http://s.symcd.com06, http://sw1.symcb.com/sw.crt0, http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(, https://d.symcb.com/cps0%, https://d.symcb.com/rpa0@, http://ts-ocsp.ws.symantec.com0;, https://d.symcb.com/rpa0., https://d.symcb.com/rpa0, http://sw.symcb.com/sw.crl0, http://s.symcb.com/pca3-g5.crl0, http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: MSVCR120.dll, SHELL32.dll, Avira.OE.NativeCore.dll, MSVCP120.dll, USER32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 45056
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 160463
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 12.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 40701
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: msvcr120.dll, shell32.dll, msvcp120.dll, user32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: avira.oe.nativecore.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-07-25 07:04:05
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 6
.text: 1

pushpopmath
.data: 1
.rsrc: 4
.reloc: 3

garbagebytes
.rsrc: 3
.text: 1

hookdetection
.reloc: 1

software breakpoint
.rsrc: 1
.reloc: 1

programcontrolflowchange
.rsrc: 3
.text: 1

cpuinstructionsresultscomparison
.rsrc: 3

AVclass
None
1
VirusTotal
md5
650942b877dbfaedfc19b7eda1326810
sha1
048ac1f4111c3137770597e5678f78a4b0fdbfa3
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20190827
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20190827
version: 2018.9.12.1
detected: False cancel

APEX
update: 20190827
version: 5.56
detected: False cancel

Bkav
update: 20190826
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190827
version: 11.63.31832
detected: False cancel

ALYac
update: 20190827
version: 1.1.1.5
detected: False cancel

Avast
update: 20190827
version: 18.4.3895.0
detected: False cancel

Avira
update: 20190827
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190827
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190827
version: 7.0.41.7240
detected: False cancel

GData
update: 20190827
version: A:25.23203B:26.15881
detected: False cancel

Panda
update: 20190826
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190826
version: 4.0.0
detected: False cancel

Zoner
update: 20190826
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20190826
version: 0.101.4.0
detected: False cancel

Comodo
update: 20190827
version: 31382
detected: False cancel

F-Prot
update: 20190827
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20190826
version: 0.1.5.2
detected: False cancel

McAfee
update: 20190827
version: 6.0.6.653
detected: False cancel

Rising
update: 20190827
version: 25.0.0.24
detected: False cancel

Sophos
update: 20190827
version: 4.98.0
detected: False cancel

Yandex
update: 20190822
version: 5.5.2.24
detected: False cancel

Zillya
update: 20190820
version: 2.0.0.3882
detected: False cancel

Acronis
update: 20190822
version: 1.0.1.51
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20190827
version: 1.0.0.856
detected: False cancel

Cylance
update: 20190827
version: 2.3.1.101
detected: False cancel

Endgame
update: 20190819
version: 3.0.14
detected: False cancel

FireEye
update: 20190827
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20190827
version: 2019-08-27.01
detected: False cancel

Tencent
update: 20190827
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190826
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190827
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190827
version: v4.3.6
detected: False cancel

Ad-Aware
update: 20190827
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190827
version: 4.2
detected: False cancel

Emsisoft
update: 20190827
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20190826
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20190827
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190717
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190827
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190827
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190827
version: 1.0
detected: False cancel

Symantec
update: 20190826
version: 1.10.0.0
detected: False cancel

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
update: 20190827
version: 3.16.1.25089
detected: False cancel

Antiy-AVL
update: 20190827
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20190827
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20190827
version: 1.1.16200.1
detected: False cancel

Qihoo-360
update: 20190827
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20190827
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20190827
version: 19921
detected: False cancel

TrendMicro
update: 20190827
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20190827
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20190827
version: 11.63.31831
detected: False cancel

SentinelOne
update: 20190807
version: 1.0.31.22
detected: False cancel

Avast-Mobile
update: 20190826
version: 190826-00
detected: False cancel

Malwarebytes
update: 20190827
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190826
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190826
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190827
version: 1.0.134.24859
detected: False cancel

MicroWorld-eScan
update: 20190827
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20190823
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190827
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20190827
version: 10.0.0.1040
detected: False cancel

total
69
sha256
bec6f272801b7d6d269b65b468627e8d8904d20f33564138a67a5746b118d359
scan_id
bec6f272801b7d6d269b65b468627e8d8904d20f33564138a67a5746b118d359-1566882569
resource
650942b877dbfaedfc19b7eda1326810
positives
0
scan_date
2019-08-27 05:09:29
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 98.34%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 98.31%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 73.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 51.58%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download