Report #5905 check_circle

  • Creation Date: Feb. 12, 2020, 6:16 p.m.
  • Last Update: Feb. 13, 2020, 3:39 a.m.
  • File: RM9Q61RLP9FL1FAV.exe
  • Results:
Binary
DLL
False cancel
Size
227.35KB
trid
61.7% Win64 Executable
14.6% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
0bc090e08de5d7eba9a6eed787127a03
sha1
1d7a4fd83aa5c700fd445ebb18e76668007ad95f
crc32
0x961449b5
sha224
4b5b9b087250d3b9ab16f909c27913b1fd0343b8bb01ef0cae566f24
sha256
1bf0c250f89a5f0aaab24e53c31ab15a7258f32faf6ef090c639bad4d557cbce
sha384
821f86e82f4342c28047ef4e1bd263dd98a8edc396e1f44d90228dd06743e8e7c5a7e462c1a153d1a0d942194dd14b46
sha512
df763496cafa7db5f4e29155bd561c173d08bdd18f9ad2f6496c9aff47855e9dd4f4fb71cf1098f1df4cbe18b6e9d9e2d997c34bc631565ec9a1ad4fb2776944
ssdeep
6144:5k1Dd0+MhoMnXLomlHGGjGGtGGxGgG0GyGUGjGG3GGoGGQGhGGsGG4GGEGGgGGT+:5k1FMuMnXU/PL
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
MinGW_1, domain, Browsers, url, contentis_base64, HasOverlay, spyeye, Misc_Suspicious_Strings, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
https://s3.amazonaws.com/f.cl.ly/items/3n0c2h122g0o3x100l28/putgornicka.zip
http://fakbrasil.com.br/calices/2901/
/C c:\ftools\lmbls1.exe e c:\ftools\putgornicka.zip -p102030 -oc:\ftools\ *.* -r
c:\ftools\putgornicka.zip
_.mil
C:\progra~1\intern~1\iexplore.exe
cmd.exe
c:\ftools\putgornicka.exe
c:\ftools\lmbls1.exe
__imp__Sleep@4
__imp___acmdln
J_imp___acmdln
Untitled2.cpp
main.cpp
__imp__ShellExecuteA@24
__imp____set_app_type
7_imp___iob
__imp__LoadLibraryA@4
__imp___lock
__imp___unlock
__imp__exit
__imp___iob
_imp___onexit
__imp___cexit
__imp__free
_imp___iob
__imp__abort
__imp__signal
__imp__remove
__imp___fmode
__imp___onexit
J_imp___fmode
__imp__fwrite
__imp__memcpy
__imp__LoadIconA@8
__imp____lconv_init
__imp____dllonexit
C:\crossdev\gccmaster\build-tdm64\gcc\x86_64-w64-mingw32\32\libgcc
C:\crossdev\gccmaster\build-tdm64\gcc\x86_64-w64-mingw32\32\libgcc
__imp__fprintf
__ValidateImageBase.part.0
is.c
___mingwthr_run_key_dtors.part.0
8__builtin_fwrite
_LoadLibraryA@4
__write_memory
__builtin_va_list
!free
process.h
addr_imp
pseudo-reloc-list.c
pseudo-reloc-list.c
Rd9i
?EC%1e
minwindef.h
minwindef.h
minwindef.h
minwindef.h
minwindef.h
minwindef.h
minwindef.h
BaseOfData
BaseOfData
Next
dwReason
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
lpreserved
lpReserved
reserved
%tEXtdate:create
%tEXtdate:modify
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
IMAGE_FILE_HEADER
IMAGE_FILE_HEADER
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH

Foremost
Matches
0.exe, 196 KB, 29.png, 36 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://fakbrasil.com.br/calices/2901/, https://s3.amazonaws.com/f.cl.ly/items/3n0c2h122g0o3x100l28/putgornicka.zip
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: https://s3.amazonaws.com/f.cl.ly/items/3n0c2h122g0o3x100l28/putgornicka.zip, USER32.dll, msvcrt.dll, SHELL32.DLL, KERNEL32.dll
hasFiles: True check_circle
Suspicious: c:\ftools\putgornicka.zip
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 126976
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 1484
Suspicious: False cancel
Pointer
Pointer: 200704
Suspicious: False cancel
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 238440
Suspicous: False cancel

Sections
Allowed: .text, .data, .rdata, .bss, .idata, .crt, .tls, .rsrc, /4, /19, /31, /45, /57, /70, /81, /92
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 2.24
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5312
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: user32.dll, msvcrt.dll, shell32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-01-29 18:52:20
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 24
.debug_info: 2
.debug_frame: 1

nopsequence
.rsrc: 2
.text: 30

pushpopmath
.rsrc: 15
.debug_info: 3
.debug_frame: 1

ss register
.rsrc: 1

garbagebytes
.rsrc: 8
.debug_frame: 1

software breakpoint
.rsrc: 3

programcontrolflowchange
.rsrc: 8
.debug_frame: 1

cpuinstructionsresultscomparison
.rsrc: 2
.debug_info: 9
.debug_abbrev: 12

AVclass
None
1
VirusTotal
md5
0bc090e08de5d7eba9a6eed787127a03
sha1
1d7a4fd83aa5c700fd445ebb18e76668007ad95f
SCANS (DETECTION RATE = 55.88%)
AVG
result: Win32:Malware-gen
update: 20180216
version: 18.1.3800.0
detected: True check_circle

CMC
update: 20180215
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=88)
update: 20180216
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180212
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 005255661 )
update: 20180216
version: 10.40.26228
detected: True check_circle

ALYac
result: Gen:Trojan.Downloader.o8Y@aKg!dBmi
update: 20180216
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180216
version: 18.1.3800.0
detected: True check_circle

Avira
result: TR/Crypt.cfi.qhhxp
update: 20180215
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180208
version: 1.0.0.2
detected: False cancel

Cyren
update: 20180216
version: 5.4.30.7
detected: False cancel

DrWeb
update: 20180216
version: 7.0.28.2020
detected: False cancel

GData
result: Gen:Trojan.Downloader.o8Y@aKg!dBmi
update: 20180216
version: A:25.16045B:25.11594
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20180215
version: 4.6.4.2
detected: True check_circle

VBA32
result: suspected of Trojan.Downloader.gen.s
update: 20180215
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180216
version: 64630
detected: True check_circle

Zoner
update: 20180216
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180216
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180216
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180216
version: 28532
detected: True check_circle

F-Prot
update: 20180216
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Agent
update: 20180215
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXDX-TJ!0BC090E08DE5
update: 20180216
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180216
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20180216
version: 4.98.0
detected: True check_circle

Yandex
update: 20180214
version: 5.5.1.3
detected: False cancel

Zillya
update: 20180215
version: 2.0.0.3492
detected: False cancel

Arcabit
result: Trojan.Downloader.EFB22A
update: 20180216
version: 1.0.0.830
detected: True check_circle

Cylance
result: Unsafe
update: 20180216
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20180214
version: 1.2.0
detected: False cancel

Tencent
result: Win32.Trojan-downloader.Agent.Ism
update: 20180216
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180215
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Adware.Gen
update: 20180216
version: 1.0.0.207
detected: True check_circle

eGambit
update: 20180216
version: v4.3.4
detected: False cancel

Ad-Aware
result: Gen:Trojan.Downloader.o8Y@aKg!dBmi
update: 20180216
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Gen.Troj.Downloader!c
update: 20180216
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Trojan.Downloader.o8Y@aKg!dBmi (B)
update: 20180216
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Trojan.Downloader.o8Y@aKg!dBmi
update: 20180216
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Agent.DVB!tr.dldr
update: 20180216
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: TrojanDownloader.Banload.bnvd
update: 20180216
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180216
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20180216
version: 1.0
detected: False cancel

Symantec
result: Trojan.Gen.2
update: 20180216
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180216
version: 2018-02-16.01
detected: False cancel

AhnLab-V3
update: 20180215
version: 3.11.3.19504
detected: False cancel

Antiy-AVL
update: 20180216
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20180216
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20180216
version: 1.1.14500.5
detected: False cancel

Qihoo-360
result: Win32/Trojan.Downloader.400
update: 20180216
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180213
version: 6.8.0.5.2403
detected: False cancel

ZoneAlarm
update: 20180216
version: 1.0
detected: False cancel

Cybereason
result: malicious.08de5d
update: 20180205
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Agent.DUV
update: 20180216
version: 16912
detected: True check_circle

TrendMicro
result: TROJ_GEN.R011C0OB118
update: 20180216
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180205
detected: False cancel

BitDefender
result: Gen:Trojan.Downloader.o8Y@aKg!dBmi
update: 20180216
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_70% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 005255661 )
update: 20180215
version: 10.40.26228
detected: True check_circle

SentinelOne
update: 20180115
version: 1.0.12.202
detected: False cancel

Avast-Mobile
update: 20180215
version: 180215-02
detected: False cancel

Malwarebytes
update: 20180216
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180215
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.IGENERIC
update: 20180215
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dwn.exrpkb
update: 20180216
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Gen:Trojan.Downloader.o8Y@aKg!dBmi
update: 20180216
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180216
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Worm.dm
update: 20180216
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R011C0OB118
update: 20180216
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
1bf0c250f89a5f0aaab24e53c31ab15a7258f32faf6ef090c639bad4d557cbce
scan_id
1bf0c250f89a5f0aaab24e53c31ab15a7258f32faf6ef090c639bad4d557cbce-1518747575
resource
0bc090e08de5d7eba9a6eed787127a03
positives
38
scan_date
2018-02-16 02:19:35
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 84.85%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 86.15%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 67.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 84.21%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 25.99%
suspicious: False cancel

Add to Collection
Download