Report #5927 check_circle

  • Creation Date: Feb. 12, 2020, 6:18 p.m.
  • Last Update: Feb. 13, 2020, 5:23 a.m.
  • File: XQLBKZMXDTXEVKM.exe
  • Results:
Binary
DLL
False cancel
Size
471.85KB
trid
61.7% Win64 Executable
14.6% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
264bf883e74b69ff1f7f0176fef51e74
sha1
3dddb37d93f62afd2a1ff5617fa2f606dbdd9b56
crc32
0x5ea834b
sha224
a4b346e087fe4cdc8098bd00b29a4ba4e86fd9c44bd4b59d1d17d7db
sha256
8f40cf972815296af67d0e00f16f759cbd7926ed120f1c4be592332138960586
sha384
dc22712f6d22d42e56881042ee12fc4a78aab0e87c686f82503883b69f5ea73a739c005dd149bfe79d7a1c28e81a1fd4
sha512
01813c92b4816d49cb4f8d731575dfee13d3510a32f140a36e5587840bcf14e13796bdac5dd58ccba84a24138b5d638c587c7418ac6fb788d0ec0680e0b5971e
ssdeep
1536:ZPFkMLB9uRx2Ur4H444h4Yvh5iTkGzcSYiy+u6OUu3yUyJCbItwc3F7/d:RFk8/U4H444hhiwGzcGy+u0Sc3pd
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
MinGW_1, domain, Browsers, url, contentis_base64, HasOverlay, spyeye, Misc_Suspicious_Strings, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
https://s3.amazonaws.com/f.cl.ly/items/0P001d0l1S0c312B0I2r/gtalkbustera.zip
https://s3.amazonaws.com/f.cl.ly/items/3A3U0H2P3v0I2v0x3F2S/7z.zip
http://fakbrasil.com.br/calices/2901/
/C c:\gtools\dblsx1.exe e c:\gtools\gtalkbustera.zip -p102030 -oc:\gtools\ *.* -r
c:\gtools\gtalkbustera.zip
C:\progra~1\intern~1\iexplore.exe
cmd.exe
c:\gtools\gtalkbustera.exe
__imp__Sleep@4
__imp___acmdln
J_imp___acmdln
Untitled2.cpp
main.cpp
c:\gtools\dblsx1.exe
__imp__ShellExecuteA@24
__imp____set_app_type
7_imp___iob
__imp__LoadLibraryA@4
__imp___lock
__imp___unlock
__imp__fwrite
__imp___fmode
__imp__memcpy
__imp__exit
__imp___iob
__imp__remove
__imp__free
__imp__abort
__imp__signal
__imp___onexit
_imp___iob
_imp___onexit
__imp___cexit
J_imp___fmode
__imp__LoadIconA@8
__imp____lconv_init
__imp____dllonexit
C:\crossdev\gccmaster\build-tdm64\gcc\x86_64-w64-mingw32\32\libgcc
C:\crossdev\gccmaster\build-tdm64\gcc\x86_64-w64-mingw32\32\libgcc
__imp__fprintf
__ValidateImageBase.part.0
___mingwthr_run_key_dtors.part.0
8__builtin_fwrite
_LoadLibraryA@4
__write_memory
__builtin_va_list
!free
process.h
addr_imp
pseudo-reloc-list.c
pseudo-reloc-list.c
minwindef.h
minwindef.h
minwindef.h
minwindef.h
minwindef.h
minwindef.h
minwindef.h
BaseOfData
BaseOfData
Next
dwReason
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
signed char
lpReserved
reserved
lpreserved
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
winnt.h
IMAGE_FILE_HEADER
IMAGE_FILE_HEADER
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH
VT_DISPATCH

Foremost
Matches
0.exe, 440 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: https://s3.amazonaws.com/f.cl.ly/items/3a3u0h2p3v0i2v0x3f2s/7z.zip, https://s3.amazonaws.com/f.cl.ly/items/0p001d0l1s0c312b0i2r/gtalkbustera.zip, http://fakbrasil.com.br/calices/2901/
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: https://s3.amazonaws.com/f.cl.ly/items/0P001d0l1S0c312B0I2r/gtalkbustera.zip, https://s3.amazonaws.com/f.cl.ly/items/3A3U0H2P3v0I2v0x3F2S/7z.zip, msvcrt.dll, SHELL32.DLL, USER32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious: c:\gtools\gtalkbustera.zip
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 377344
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 1484
Suspicious: False cancel
Pointer
Pointer: 451072
Suspicious: False cancel
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 528539
Suspicous: False cancel

Sections
Allowed: .text, .data, .rdata, .bss, .idata, .crt, .tls, .rsrc, /4, /19, /31, /45, /57, /70, /81, /92
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 2.24
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5312
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: msvcrt.dll, shell32.dll, user32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-01-29 01:57:52
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.debug_info: 2
.debug_frame: 1

nopsequence
.text: 31

pushpopmath
.rsrc: 1
.debug_info: 3
.debug_frame: 1

garbagebytes
.debug_frame: 1

programcontrolflowchange
.debug_frame: 1

cpuinstructionsresultscomparison
.debug_info: 10
.debug_abbrev: 12

AVclass
None
1
VirusTotal
md5
264bf883e74b69ff1f7f0176fef51e74
sha1
3dddb37d93f62afd2a1ff5617fa2f606dbdd9b56
SCANS (DETECTION RATE = 55.88%)
AVG
result: Win32:Malware-gen
update: 20180215
version: 18.1.3800.0
detected: True check_circle

CMC
update: 20180215
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=84)
update: 20180215
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180212
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 0052538d1 )
update: 20180215
version: 10.40.26220
detected: True check_circle

ALYac
result: Gen:Trojan.Downloader.D8Y@a4TB@oci
update: 20180215
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180215
version: 18.1.3800.0
detected: True check_circle

Avira
result: TR/Dldr.Agent.pzcdd
update: 20180215
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180208
version: 1.0.0.2
detected: False cancel

Cyren
update: 20180215
version: 5.4.30.7
detected: False cancel

DrWeb
update: 20180215
version: 7.0.28.2020
detected: False cancel

GData
result: Gen:Trojan.Downloader.D8Y@a4TB@oci
update: 20180215
version: A:25.16037B:25.11588
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20180214
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20180215
version: 3.12.28.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180215
version: 64616
detected: True check_circle

Zoner
update: 20180215
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180215
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180215
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180215
version: 28528
detected: True check_circle

F-Prot
update: 20180215
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Agent
update: 20180215
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXDX-TJ!264BF883E74B
update: 20180215
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180215
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20180215
version: 4.98.0
detected: True check_circle

Yandex
update: 20180214
version: 5.5.1.3
detected: False cancel

Zillya
result: Downloader.Agent.Win32.348669
update: 20180214
version: 2.0.0.3491
detected: True check_circle

Arcabit
result: Trojan.Downloader.E06AAA
update: 20180215
version: 1.0.0.830
detected: True check_circle

Cylance
result: Unsafe
update: 20180215
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20180214
version: 1.2.0
detected: False cancel

Tencent
result: Win32.Trojan-downloader.Agent.Hpsd
update: 20180215
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Z.Downloader.483176
update: 20180215
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Adware.Gen
update: 20180215
version: 1.0.0.207
detected: True check_circle

eGambit
update: 20180215
version: v4.3.4
detected: False cancel

Ad-Aware
result: Gen:Trojan.Downloader.D8Y@a4TB@oci
update: 20180215
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Gen.Troj.Downloader!c
update: 20180215
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Trojan.Downloader.D8Y@a4TB@oci (B)
update: 20180215
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180215
version: 11.0.19100.45
detected: False cancel

Fortinet
result: W32/Agent.DUV!tr.dldr
update: 20180215
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: TrojanDownloader.Banload.bnvd
update: 20180215
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180215
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180215
version: 1.0
detected: True check_circle

Symantec
result: Downloader
update: 20180215
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180215
version: 2018-02-15.02
detected: False cancel

AhnLab-V3
update: 20180215
version: 3.11.3.19504
detected: False cancel

Antiy-AVL
update: 20180215
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20180215
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20180215
version: 1.1.14500.5
detected: False cancel

Qihoo-360
result: Win32/Trojan.Downloader.83e
update: 20180215
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180213
version: 6.8.0.5.2403
detected: False cancel

ZoneAlarm
update: 20180215
version: 1.0
detected: False cancel

Cybereason
result: malicious.3e74b6
update: 20180205
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Agent.DUV
update: 20180215
version: 16908
detected: True check_circle

TrendMicro
result: TROJ_GEN.R011C0OAU18
update: 20180215
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180205
detected: False cancel

BitDefender
result: Gen:Trojan.Downloader.D8Y@a4TB@oci
update: 20180215
version: 7.2
detected: True check_circle

CrowdStrike
update: 20170201
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan-Downloader ( 0052538d1 )
update: 20180215
version: 10.40.26219
detected: True check_circle

SentinelOne
update: 20180115
version: 1.0.12.202
detected: False cancel

Avast-Mobile
update: 20180215
version: 180215-00
detected: False cancel

Malwarebytes
update: 20180215
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180215
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.IGENERIC
update: 20180215
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dwn.exlsoy
update: 20180215
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Gen:Trojan.Downloader.D8Y@a4TB@oci
update: 20180215
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180215
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Worm.gz
update: 20180215
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R011C0OAU18
update: 20180215
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
8f40cf972815296af67d0e00f16f759cbd7926ed120f1c4be592332138960586
scan_id
8f40cf972815296af67d0e00f16f759cbd7926ed120f1c4be592332138960586-1518698838
resource
264bf883e74b69ff1f7f0176fef51e74
positives
38
scan_date
2018-02-15 12:47:18
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 78.71%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 97.53%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 83.96%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 94.41%
suspicious: False cancel

Add to Collection
Download