Report #5778 check_circle

  • Creation Date: Feb. 12, 2020, 5:21 p.m.
  • Last Update: Feb. 12, 2020, 6:38 p.m.
  • File: CXREHTBZNFUSUKN.exe
  • Results:
Binary
DLL
False cancel
Size
471.85KB
trid
61.7% Win64 Executable
14.6% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
9cdfea608c1d72a0cc93262d2e21ea80
sha1
5ad4b6dcf2aec96a6f417f94cd2bc8c429cf4a4b
crc32
0xe8f64d2f
sha224
5994bcef2bc57efcbcf3e09f588d7b4a2186c33bfb11746681f9ea34
sha256
fbb0b1f4a6ce682b78d05fa672336d91d07663235a87823e1340fe853d8233e4
sha384
b52984eee3661b78d2bdfe759b3a3391070d4713d26ad5630c009f73abf1d646546459f9a62466d136f512a24a866ae0
sha512
dc6c527767c6aa60bc1e02b7f26e99b01a0feeec42669a04288c583638c44409738d72e2a175e3ba2b56aec477296749414843a38e7f7b84d96ae631510b22b7
ssdeep
1536:0PFkMLB9uRx2Ur4H444h4Yvh5iTkGzcSYiy+u6OUu3yUyJCbItwc3F7/d:GFk8/U4H444hhiwGzcGy+u0Sc3pd
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
MinGW_1, domain, Browsers, url, contentis_base64, HasOverlay, spyeye, Misc_Suspicious_Strings, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
https://s3.amazonaws.com/f.cl.ly/items/0P001d0l1S0c312B0I2r/gtalkbustera.zip
https://s3.amazonaws.com/f.cl.ly/items/3A3U0H2P3v0I2v0x3F2S/7z.zip
http://fakbrasil.com.br/calices/2901/
/C c:\gtools\dblsx1.exe e c:\gtools\gtalkbustera.zip -p102030 -oc:\gtools\ *.* -r
c:\gtools\gtalkbustera.zip
C:\progra~1\intern~1\iexplore.exe
cmd.exe
c:\gtools\gtalkbustera.exe
__imp__Sleep@4
__imp___acmdln
J_imp___acmdln
Untitled2.cpp
main.cpp
c:\gtools\dblsx1.exe
__imp__ShellExecuteA@24
__imp____set_app_type
7_imp___iob
__imp__LoadLibraryA@4
__imp___lock
__imp___unlock
__imp__fwrite
__imp___fmode
__imp__memcpy
__imp__exit
__imp___iob
__imp__remove
__imp__free
__imp__abort
__imp__signal
__imp___onexit
_imp___iob
_imp___onexit
__imp___cexit
J_imp___fmode
__imp__LoadIconA@8
__imp____lconv_init
__imp____dllonexit
C:\crossdev\gccmaster\build-tdm64\gcc\x86_64-w64-mingw32\32\libgcc
C:\crossdev\gccmaster\build-tdm64\gcc\x86_64-w64-mingw32\32\libgcc
__imp__fprintf
__ValidateImageBase.part.0
___mingwthr_run_key_dtors.part.0
8__builtin_fwrite
_LoadLibraryA@4
__write_memory
__builtin_va_list
!free
process.h
addr_imp
pseudo-reloc-list.c
pseudo-reloc-list.c
minwindef.h
minwindef.h
minwindef.h
minwindef.h
minwindef.h
minwindef.h
minwindef.h
BaseOfData
BaseOfData
Next
dwReason
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
lpReserved
reserved
lpreserved
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
IMAGE_FILE_HEADER
IMAGE_FILE_HEADER
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH

Foremost
Matches
0.exe, 440 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: https://s3.amazonaws.com/f.cl.ly/items/3a3u0h2p3v0i2v0x3f2s/7z.zip, https://s3.amazonaws.com/f.cl.ly/items/0p001d0l1s0c312b0i2r/gtalkbustera.zip, http://fakbrasil.com.br/calices/2901/
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: https://s3.amazonaws.com/f.cl.ly/items/0P001d0l1S0c312B0I2r/gtalkbustera.zip, https://s3.amazonaws.com/f.cl.ly/items/3A3U0H2P3v0I2v0x3F2S/7z.zip, msvcrt.dll, SHELL32.DLL, USER32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious: c:\gtools\gtalkbustera.zip
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 377344
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 1484
Suspicious: False cancel
Pointer
Pointer: 451072
Suspicious: False cancel
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 528375
Suspicous: False cancel

Sections
Allowed: .text, .data, .rdata, .bss, .idata, .crt, .tls, .rsrc, /4, /19, /31, /45, /57, /70, /81, /92
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 2.24
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5312
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: msvcrt.dll, shell32.dll, user32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-01-29 01:55:08
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.debug_info: 2
.debug_frame: 1

nopsequence
.text: 31

pushpopmath
.rsrc: 1
.debug_info: 3
.debug_frame: 1

garbagebytes
.debug_frame: 1

programcontrolflowchange
.debug_frame: 1

cpuinstructionsresultscomparison
.debug_info: 10
.debug_abbrev: 12

AVclass
None
1
VirusTotal
md5
9cdfea608c1d72a0cc93262d2e21ea80
sha1
5ad4b6dcf2aec96a6f417f94cd2bc8c429cf4a4b
SCANS (DETECTION RATE = 56.72%)
AVG
result: Win32:Malware-gen
update: 20180215
version: 18.1.3800.0
detected: True check_circle

CMC
update: 20180215
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20180215
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180212
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 0052538d1 )
update: 20180215
version: 10.40.26220
detected: True check_circle

ALYac
result: Gen:Trojan.Downloader.D8Y@amchY!ei
update: 20180215
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180215
version: 18.1.3800.0
detected: True check_circle

Avira
result: TR/Dldr.Agent.pzcdd
update: 20180215
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180208
version: 1.0.0.2
detected: False cancel

Cyren
update: 20180215
version: 5.4.30.7
detected: False cancel

DrWeb
update: 20180215
version: 7.0.28.2020
detected: False cancel

GData
result: Gen:Trojan.Downloader.D8Y@amchY!ei
update: 20180215
version: A:25.16037B:25.11588
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20180214
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20180215
version: 3.12.28.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180215
version: 64616
detected: True check_circle

Zoner
update: 20180215
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180215
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180215
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180215
version: 28528
detected: True check_circle

F-Prot
update: 20180215
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Agent
update: 20180215
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXDX-TJ!9CDFEA608C1D
update: 20180215
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180215
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20180215
version: 4.98.0
detected: True check_circle

Yandex
update: 20180214
version: 5.5.1.3
detected: False cancel

Zillya
update: 20180214
version: 2.0.0.3491
detected: False cancel

Arcabit
result: Trojan.Downloader.EA9DBC
update: 20180215
version: 1.0.0.830
detected: True check_circle

Cylance
result: Unsafe
update: 20180215
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20180214
version: 1.2.0
detected: False cancel

Tencent
result: Win32.Trojan-downloader.Agent.Hyah
update: 20180215
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Z.Downloader.483176.A
update: 20180215
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Adware.Gen
update: 20180215
version: 1.0.0.207
detected: True check_circle

eGambit
update: 20180215
version: v4.3.4
detected: False cancel

Ad-Aware
result: Gen:Trojan.Downloader.D8Y@amchY!ei
update: 20180215
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Gen.Troj.Downloader!c
update: 20180215
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Trojan.Downloader.D8Y@amchY!ei (B)
update: 20180215
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Trojan.Downloader.D8Y@amchY!ei
update: 20180215
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Agent.DUV!tr.dldr
update: 20180215
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: TrojanDownloader.Banload.bnvd
update: 20180215
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180215
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180215
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20180215
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180215
version: 2018-02-15.02
detected: False cancel

AhnLab-V3
update: 20180215
version: 3.11.3.19504
detected: False cancel

Antiy-AVL
update: 20180215
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20180215
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20180215
version: 1.1.14500.5
detected: False cancel

Qihoo-360
result: Win32/Trojan.Downloader.b64
update: 20180215
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180213
version: 6.8.0.5.2403
detected: False cancel

ZoneAlarm
update: 20180215
version: 1.0
detected: False cancel

Cybereason
result: malicious.08c1d7
update: 20180205
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Agent.DUV
update: 20180215
version: 16908
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0OB118
update: 20180215
version: 9.862.0.1074
detected: True check_circle

BitDefender
result: Gen:Trojan.Downloader.D8Y@amchY!ei
update: 20180215
version: 7.2
detected: True check_circle

CrowdStrike
update: 20170201
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan-Downloader ( 0052538d1 )
update: 20180215
version: 10.40.26219
detected: True check_circle

SentinelOne
update: 20180115
version: 1.0.12.202
detected: False cancel

Avast-Mobile
update: 20180215
version: 180215-00
detected: False cancel

Malwarebytes
update: 20180215
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180215
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.IGENERIC
update: 20180215
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dwn.exlsoy
update: 20180215
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Gen:Trojan.Downloader.D8Y@amchY!ei
update: 20180215
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180215
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Worm.gz
update: 20180215
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0OB118
update: 20180215
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
fbb0b1f4a6ce682b78d05fa672336d91d07663235a87823e1340fe853d8233e4
scan_id
fbb0b1f4a6ce682b78d05fa672336d91d07663235a87823e1340fe853d8233e4-1518698834
resource
9cdfea608c1d72a0cc93262d2e21ea80
positives
38
scan_date
2018-02-15 12:47:14
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 78.71%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 97.53%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 83.96%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 94.41%
suspicious: False cancel

Add to Collection
Download