Report #6528 check_circle

  • Creation Date: Feb. 17, 2020, 3:58 p.m.
  • Last Update: Feb. 18, 2020, 3:05 a.m.
  • File: eZNt9lq.exe
  • Results:
Binary
DLL
False cancel
Size
522.50KB
trid
28.0% Win64 Executable
27.5% UPX compressed Win32 Executable
27.0% Win32 EXE Yoda's Crypter
6.6% Win32 Dynamic Link Library
4.5% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
a7d86ea7506b3e8c06fb1abded4d23a3
sha1
a4d46a9f61bf74c1e52f5b2215df2e9a68682bbe
crc32
0x774b7182
sha224
fa2253abf6929d4699d4f5babb6a418bae938a7ccd4340d95e3f5a04
sha256
7d2a604cebbbf71cbb292ebb1635f1498d7358d4fe7561966eb2a7f97df26cc2
sha384
6d93e12be2f4b73e427567e377a0473cb9e69b2f1d8c30f1db96583cd93925c04dd00f2bbc139312739dc1bef3158285
sha512
37b96f412dbffa254d5be61b76e59238049866945c77062fdbb0c24c7251ff41577a0c1d91828883a949bd06402d5e05b0a8d1add858be9ef195cb597a9dce74
ssdeep
12288:mozGdX0M4ornOmZIzfMwHHQmRROXK9T6dmyRX9HK2gflxv:m4GHnhIzOaJ6dm0K2Slxv
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, UPX_wwwupxsourceforgenet, screenshot, UPX_wwwupxsourceforgenet_additional, url, HasRichSignature, contentis_base64, yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h, UPX, UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser, UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay, CRC32_poly_Constant, IP, IsPE32, PackerUPX_CompresorGratuito_wwwupxsourceforgenet, IsWindowsGUI, UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay_additional, IsPacked

Suspicious
True check_circle

Strings
List
http://www.autoitscript.com/autoit3/
nFT.Hu
f.PA
x.rO
Y.pA
QRA.Sb
?C1.ai`m
Q_Q.gH
(Ke8.Sy(LC
A.vE.
WSOCK32.dll
COMCTL32.dll
iK.saw
USERENV.dll
VERSION.dll
WININET.dll
WINMM.dll
UxTheme.dll
0.0.0.30
MPR.dll
3.3.14.2
+i.tl
aN\(W
Rd_*o
__based
name="Microsoft.Windows.Common-Controls"
rb+%e2rP
AwE3%d`E
NdWI%%&)T
%eROI1
]*H%n
%osI/
NMfD
WtU%F
lc%ep
FtpOpenFileW
<requestedPrivileges>
publicKeyToken="6595b64144ccf1df"
B.vyz
GetProcAddress
ExitProcess
SSHPR
VirtualAlloc
X.tG?rB
[+-]
VirtualProtect
LoadLibraryA
7fcE
1aLt
;0'7
$#:;
>-~=
GetDC
E_S_<
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
1999-2015 Jonathan Bennett & AutoIt Team
<!-- Identify the application security requirements. -->
level="requireAdministrator"
<requestedExecutionLevel
IcmpSendEcho
D.Mz.
K.GF<
Va}oeTtp
TPNNNN;6
1eicXX////aaadd
version="6.0.0.0"
-f@hti5-
eS9q4uN=f
H}AU3!EA06M
^WccaX/344aadff
utt?s;999rqqpovrrroonm?
2Vaaa3333aaddd
p.578PbOML
IPHLPAPI.DLL
6iFaTVkB/
It(htHjl
/sAYE7(q-"
m5dU$ONv
S=?#m[An3
Ra86\7Y
4Gt1Ht(@t
oxWvAcWindow7:nw
\i*POaA4C
[a(Wr5OZH
lTim9^)Wa
3htt|xr
8U(8pan
),jigvgra`n&0
oolhelp32S:pho
1[eh\D?S
3omi+4_o
/fngPi1L0cP
language="*"
-ggcX///44aaddd
type="win32"
G5AddrsS[z

Foremost
Matches
0.exe, 522 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 0.0.0.30, 0, Unknown, 3.3.14.2, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.autoitscript.com/autoit3/
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: ADVAPI32.dll, VERSION.dll, OLEAUT32.dll, SHELL32.dll, UxTheme.dll, PSAPI.DLL, COMDLG32.dll, ole32.dll, IPHLPAPI.DLL, WSOCK32.dll, USER32.dll, USERENV.dll, WININET.dll, COMCTL32.dll, GDI32.dll, WINMM.dll, KERNEL32.DLL, MPR.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 184320
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .rsrc
Suspicious: upx0, upx1
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: True check_circle

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 12.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1067488
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, version.dll, oleaut32.dll, shell32.dll, uxtheme.dll, psapi.dll, comdlg32.dll, ole32.dll, wsock32.dll, user32.dll, userenv.dll, wininet.dll, comctl32.dll, gdi32.dll, winmm.dll, kernel32.dll, mpr.dll
hasLibs: True check_circle
Suspicious: iphlpapi.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-07-18 07:50:53
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: UPX -> www.upx.sourceforge.net
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 439
.rsrc: 95

pushpopmath
none: 274
.rsrc: 48

ss register
none: 2

garbagebytes
none: 185
.rsrc: 31

hookdetection
none: 3
.rsrc: 1

software breakpoint
none: 14
.rsrc: 2

fakeconditionaljumps
none: 8
.rsrc: 2

programcontrolflowchange
none: 177
.rsrc: 29

cpuinstructionsresultscomparison
none: 24
.rsrc: 12

AVclass
None
1
VirusTotal
md5
a7d86ea7506b3e8c06fb1abded4d23a3
sha1
a4d46a9f61bf74c1e52f5b2215df2e9a68682bbe
SCANS (DETECTION RATE = 63.24%)
AVG
result: Win32:Malware-gen
update: 20180623
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180623
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180623
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.eHeur.Malware14
update: 20180623
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Spyware ( 004e27611 )
update: 20180623
version: 10.50.27554
detected: True check_circle

ALYac
result: Trojan.GenericKD.12030823
update: 20180623
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180623
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Spy.Banker.svfgb
update: 20180622
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180622
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.TUMU-2877
update: 20180623
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180623
version: 7.0.33.6080
detected: False cancel

GData
result: Trojan.GenericKD.12030823
update: 20180623
version: A:25.17548B:25.12557
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180622
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20180622
version: 3.12.32.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180623
version: 67602
detected: True check_circle

Zoner
update: 20180622
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180623
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180623
version: 0.99.2.0
detected: False cancel

Comodo
result: .UnclassifiedMalware
update: 20180623
version: 29225
detected: True check_circle

F-Prot
update: 20180623
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Spy.Agent
update: 20180622
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic PWS.y
update: 20180623
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Banker!8.8D (CLOUD)
update: 20180623
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180623
version: 4.98.0
detected: True check_circle

Yandex
update: 20180622
version: 5.5.1.3
detected: False cancel

Zillya
result: Trojan.Banker.Win32.119419
update: 20180622
version: 2.0.0.3580
detected: True check_circle

Arcabit
result: Trojan.Generic.DB79367
update: 20180623
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180623
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20180612
version: 2.1.3
detected: False cancel

TACHYON
update: 20180623
version: 2018-06-23.02
detected: False cancel

Tencent
result: Win32.Trojan.Spy.Lpbk
update: 20180623
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180623
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180623
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180623
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.12030823
update: 20180623
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Uds.Dangerousobject.Multi!c
update: 20180622
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.12030823 (B)
update: 20180623
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.12030823
update: 20180622
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banker.ACYQ!tr.spy
update: 20180623
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180601
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20180623
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180623
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20180623
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20180622
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
result: Malware/Win32.Generic.C2327887
update: 20180622
version: 3.12.1.21240
detected: True check_circle

Antiy-AVL
update: 20180623
version: 3.0.0.1
detected: False cancel

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20180623
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Dynamer!ac
update: 20180623
version: 1.1.14901.4
detected: True check_circle

Qihoo-360
update: 20180623
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20180622
version: 6.8.0.5.3191
detected: False cancel

ZoneAlarm
result: UDS:DangerousObject.Multi.Generic
update: 20180623
version: 1.0
detected: True check_circle

Cybereason
result: malicious.7506b3
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Spy.Banker.ACYQ
update: 20180623
version: 17598
detected: True check_circle

TrendMicro
result: TROJ_GEN.R029C0PDG18
update: 20180623
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.GenericKD.12030823
update: 20180623
version: 7.2
detected: True check_circle

CrowdStrike
update: 20180530
version: 1.0
detected: False cancel

K7AntiVirus
result: Spyware ( 004e27611 )
update: 20180622
version: 10.50.27554
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180618
version: 1.0.17.225
detected: True check_circle

Avast-Mobile
update: 20180622
version: 180622-02
detected: False cancel

Malwarebytes
update: 20180623
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180623
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.IGENERIC
update: 20180622
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banker.erhebc
update: 20180623
version: 1.0.116.23366
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.12030823
update: 20180623
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180623
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Spyware.hc
update: 20180623
version: v2017.2786
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R029C0PDG18
update: 20180623
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
7d2a604cebbbf71cbb292ebb1635f1498d7358d4fe7561966eb2a7f97df26cc2
scan_id
7d2a604cebbbf71cbb292ebb1635f1498d7358d4fe7561966eb2a7f97df26cc2-1529735949
resource
a7d86ea7506b3e8c06fb1abded4d23a3
positives
43
scan_date
2018-06-23 06:39:09
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
18/2/2020 - 2:45:44.90Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 2:45:44.90Unknown1480C:\malware.exeC:\malware.exe
18/2/2020 - 2:45:44.90Open1480C:\malware.exeC:\Monitor\winmgmts:\localhost\root\CIMV2
18/2/2020 - 2:45:44.90Open1480C:\malware.exeC:\Monitor\winmgmts:\localhost\root\CIMV2
18/2/2020 - 2:45:44.90Open1480C:\malware.exeC:\Monitor\winmgmts:\localhost\root\CIMV2
18/2/2020 - 2:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
18/2/2020 - 2:45:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
18/2/2020 - 2:45:44.418Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
18/2/2020 - 2:45:44.418Open1480C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
18/2/2020 - 2:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
18/2/2020 - 2:45:45.28Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
18/2/2020 - 2:45:45.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
18/2/2020 - 2:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
18/2/2020 - 2:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
18/2/2020 - 2:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
18/2/2020 - 2:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
18/2/2020 - 2:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
18/2/2020 - 2:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
18/2/2020 - 2:45:45.731Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
18/2/2020 - 2:45:45.731Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
18/2/2020 - 2:45:45.731Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
18/2/2020 - 2:45:45.731Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
18/2/2020 - 2:45:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
18/2/2020 - 2:45:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
18/2/2020 - 2:45:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 2:45:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 2:45:46.106Open1480C:\malware.exeC:\DNSAPI.dll
18/2/2020 - 2:45:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 2:45:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 2:45:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
18/2/2020 - 2:45:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
18/2/2020 - 2:45:46.184Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/2/2020 - 2:45:46.184Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/2/2020 - 2:45:46.278Open1480C:\malware.exeC:\rasadhlp.dll
18/2/2020 - 2:45:46.278Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 2:45:46.278Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\CRYPTSP.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\RpcRtRemote.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/2/2020 - 2:45:46.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/2/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/2/2020 - 2:45:46.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/2/2020 - 2:45:46.575Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
18/2/2020 - 2:45:46.575Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
18/2/2020 - 2:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
18/2/2020 - 2:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
18/2/2020 - 2:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
18/2/2020 - 2:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
18/2/2020 - 2:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
18/2/2020 - 2:45:47.668Open1480C:\malware.exeC:\SXS.DLL
18/2/2020 - 2:45:47.668Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
18/2/2020 - 2:45:47.668Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
18/2/2020 - 2:45:47.668Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
18/2/2020 - 2:45:47.668Open1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:47.668Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
18/2/2020 - 2:45:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\pt-BR\wmiutils.dll.mui
18/2/2020 - 2:45:48.497Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\pt\wmiutils.dll.mui
18/2/2020 - 2:45:48.497Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\en-US\wmiutils.dll.mui
18/2/2020 - 2:45:48.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\en-US\wmiutils.dll.muiwmiutils.dll.mui
18/2/2020 - 2:45:53.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 2:45:53.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 2:45:53.637Unknown1480C:\malware.exeC:\Windows
18/2/2020 - 2:45:53.637Unknown1480C:\malware.exeC:\Monitor
18/2/2020 - 2:45:53.637Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

Process
Trace

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
18/2/2020 - 2:45:44.90Write1480C:\malware.exe\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGERPendingFileRenameOperations

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 98.65%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 89.30%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 63.19%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 96.57%
suspicious: False cancel

Add to Collection
Download