Report #6529 check_circle

  • Creation Date: Feb. 17, 2020, 3:58 p.m.
  • Last Update: Feb. 18, 2020, 3:09 a.m.
  • File: f.exe
  • Results:
Binary
DLL
False cancel
Size
4.26MB
trid
49.2% Win32 EXE PECompact compressed
34.6% Win32 EXE PECompact compressed
5.4% Win32 Dynamic Link Library
3.7% Win32 Executable
1.7% Win16/32 Executable Delphi generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
9c996b881159291858267766957467e2
sha1
6db169f98d520bbbc57e77dec96ae7f2d6c4dcf0
crc32
0x797bbb44
sha224
c63cfc732609ea22dc2dfc12b548dcd4f3cc07226558a65501678bff
sha256
5a7c4d5d9819292db4b36c0b25a4d0f46dc2c7dbc5a3dae9bda149372a5b7112
sha384
57f4abb07f51a8b6ca5eab052b9e64491f496d004dd100f7f4446391ab4cbc26da8daf18724b6484200cd5c1c6de0e39
sha512
e730ae96bb867bb8a38e50f1f0e77e6ad3d1294067a8d08280005832d84ed59ac7d18a850ccdeb8a028f934d09157fabad393e133d47abb156a831daefab48c0
ssdeep
98304:Z7HHc0Ii21yuLXW8zHFZ6HcZR9jjKbVcmjuIvyeHsODhl:Z7HHc0Ii21yuzlLFFR9jjKbVcmj8O
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IsWindowsGUI, PECompact_V2X_Bitsum_Technologies_additional, PECompact_2x_Jeremy_Collake, contentis_base64, PECompact_2xx_BitSum_Technologies, PECompact_v20, PECompact_v2xx_additional, PECompact_20x_Heuristic_Mode_Jeremy_Collake, PeCompact_253_DLL_BitSum_Technologies, pecompact2, PeCompact_2xx_BitSum_Technologies, PECompact_V2X_Bitsum_Technologies, PECompact_v20_additional, PeCompact_v208_Bitsum_Technologiessignature_by_loveboom, PECompactv2xx, IsPE32, PeCompact_253_DLL_BitSum_Technologies_additional, PECompact2xxBitSumTechnologies, PECompact_v2xx, PECompactV2XBitsumTechnologies, IsPacked

Suspicious
True check_circle

Strings
List
Th.HN
P.TH
e.BI
I9rv.Rw
E.th
R.eS
_.ae
rb.no
u.Sv
d.Np
8.PH
t.fK
g7.nf
q.uA
j.aZ
ZE.NZ
Pz.pY
F.zA
q.Bv
1.MZ
w.DJ
s.LU
wt)gqE4.hn
wt)gqE4.hn
07.Kp
e`V.si
z.cr
s.Cn*{
r$Vs.Cw
>DhK.gS
wsock32.dll
winspool.drv
ta.gwn
msimg32.dll
comctl32.dll
%Aws%
version.dll
%Agh%
%Agh%
%Agh%
%Agh%
ntdll.dll
%ght%
u{7.eT
zrMhw\Vu.PH
![_0|
He>8n
1aDIt[
,NW-H
&Pc&oM
ltC):
64~grat
\Ob:COP~
ofDR{%O
UE4OQHFtHI~
{als)Acf
|iOYPg|T
rE:w
,NOw
GTO(
CI:o
Rd|T
eE:w
NfDU#
KU! in
Rd$yvs
nuW've
Rd$yvs
|3|>oo%A1
rtk{owN
ou%tvuS
w}~cUT%gUu
G%AkT\T7rB
n%6F_kUs
$nhp%nlL6
gn%ndPL|3l>
%AkT?O7r
gm%AkTE{6r,
"%n28H
`R4%E
%AcN|4
pR%AcN@~
pR%AcN@~
<f%AwcDItn-D%=)
<M%AwcDItn-D%=)
rG?]f%AkT)
%gdm%||T
gl_(vn%AKv%
%gdm%||T
fl%AcN&{
%gdm%||T
%nzO)tvr>
%gdm%||T
^NfmeQ:I%s*
G?]e%AkT)
|RA%AcN|T
rG?]e%AkT)
C]`%AkT!
|RA%AcN|T
Pg$@%EO\

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, oleaut32.dll, msimg32.dll, user32.dll, comctl32.dll, advapi32.dll, gdi32.dll, wsock32.dll, version.dll, ole32.dll, shell32.dll, ntdll.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2722304
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 4530398
Suspicous: False cancel

Sections
Allowed: .text, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1901408
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: kernel32.dll, oleaut32.dll, msimg32.dll, user32.dll, comctl32.dll, advapi32.dll, gdi32.dll, wsock32.dll, version.dll, ole32.dll, shell32.dll, ntdll.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-04-25 13:49:19
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: PECompact 2.x -> Jeremy Collake, PECompact v2.0, PeCompact 2.53 DLL --> BitSum Technologies, PECompact 2.0x Heuristic Mode -> Jeremy Collake
Compiled: False cancel
Compilers
MainPacker: PECompact 2.xx --> BitSum Technologies

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 1
.text: 1507

pushpopmath
.rsrc: 1
.text: 1476

ss register
.text: 34

garbagebytes
.text: 505

hookdetection
.text: 64

software breakpoint
.text: 42

fakeconditionaljumps
.text: 20

programcontrolflowchange
.text: 486

cpuinstructionsresultscomparison
.rsrc: 8
.text: 97

AVclass
skeeyah
1
VirusTotal
md5
9c996b881159291858267766957467e2
sha1
6db169f98d520bbbc57e77dec96ae7f2d6c4dcf0
SCANS (DETECTION RATE = 60.29%)
AVG
result: Win32:Malware-gen
update: 20180616
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180615
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=89)
update: 20180616
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180615
version: 1.3.0.9466
detected: False cancel

K7GW
result: Spyware ( 004f91bf1 )
update: 20180615
version: 10.49.27482
detected: True check_circle

ALYac
result: Trojan.GenericKD.40126127
update: 20180616
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180616
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Crypt.PEC2X.Gen
update: 20180615
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180615
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.GWFL-6855
update: 20180616
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180616
version: 7.0.28.2020
detected: False cancel

GData
result: Trojan.GenericKD.40126127
update: 20180616
version: A:25.17457B:25.12503
detected: True check_circle

Panda
update: 20180615
version: 4.6.4.2
detected: False cancel

VBA32
result: TScope.Malware-Cryptor.SB
update: 20180615
version: 3.12.32.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180616
version: 67028
detected: True check_circle

Zoner
update: 20180615
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180616
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180615
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180615
version: 29183
detected: True check_circle

F-Prot
update: 20180616
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Generic
update: 20180615
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!9C996B881159
update: 20180616
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180616
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20180615
version: 4.98.0
detected: True check_circle

Yandex
result: TrojanSpy.Banker!h2S+vrXRgPg
update: 20180615
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180615
version: 2.0.0.3575
detected: False cancel

Arcabit
update: 20180616
version: 1.0.0.831
detected: False cancel

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180616
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180612
version: 2.1.3
detected: True check_circle

TACHYON
update: 20180616
version: 2018-06-16.01
detected: False cancel

Tencent
result: Win32.Trojan-spy.Banker.Hwmr
update: 20180616
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180615
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180616
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180616
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.40126127
update: 20180616
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Gen.Variant.Symmi!c
update: 20180616
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.40126127 (B)
update: 20180616
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.40126127
update: 20180616
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banker.ADGI!tr.spy
update: 20180616
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180601
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20180615
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180616
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180616
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20180615
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
result: Malware/Win32.Generic.C1926735
update: 20180615
version: 3.12.1.20996
detected: True check_circle

Antiy-AVL
update: 20180616
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan-Banker.Win32.BestaFera.ajxq
update: 20180616
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Skeeyah.A!rfn
update: 20180616
version: 1.1.14901.4
detected: True check_circle

Qihoo-360
update: 20180616
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20180613
version: 6.8.0.5.3112
detected: False cancel

ZoneAlarm
result: Trojan-Banker.Win32.BestaFera.ajxq
update: 20180616
version: 1.0
detected: True check_circle

Cybereason
update: 20180225
version: 1.2.27
detected: False cancel

ESET-NOD32
result: a variant of Win32/Spy.Zumanek.BS
update: 20180616
version: 17560
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0WBG18
update: 20180616
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.GenericKD.40126127
update: 20180616
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (D)
update: 20180530
version: 1.0
detected: True check_circle

K7AntiVirus
result: Spyware ( 004f91bf1 )
update: 20180615
version: 10.49.27481
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180614
version: 180614-06
detected: False cancel

Malwarebytes
update: 20180616
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180615
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Skeeyah
update: 20180615
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.PEC2X.eockdz
update: 20180616
version: 1.0.106.22618
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.40126127
update: 20180616
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180616
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.rc
update: 20180615
version: v2017.2786
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0WBG18
update: 20180616
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
5a7c4d5d9819292db4b36c0b25a4d0f46dc2c7dbc5a3dae9bda149372a5b7112
scan_id
5a7c4d5d9819292db4b36c0b25a4d0f46dc2c7dbc5a3dae9bda149372a5b7112-1529112915
resource
9c996b881159291858267766957467e2
positives
41
scan_date
2018-06-16 01:35:15
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
18/2/2020 - 2:45:43.340Open1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Unknown1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Open1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Unknown1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Open1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Unknown1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Open1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Unknown1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Open1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Unknown1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.340Open1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.356Unknown1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 2:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 2:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 2:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
18/2/2020 - 2:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
18/2/2020 - 2:45:43.450Open1480C:\malware.exeC:\dwmapi.dll
18/2/2020 - 2:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
18/2/2020 - 2:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
18/2/2020 - 2:45:43.450Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
18/2/2020 - 2:45:43.450Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
18/2/2020 - 2:45:43.450Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/2/2020 - 2:45:43.450Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/2/2020 - 2:45:43.512Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\gbieh.dll
18/2/2020 - 2:45:43.512Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\gbieh.dll
18/2/2020 - 2:45:43.512Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\gbieh.dll
18/2/2020 - 2:45:43.512Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\gbiehuni.dll
18/2/2020 - 2:45:43.512Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\gbiehuni.dll
18/2/2020 - 2:45:43.512Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\gbiehuni.dll
18/2/2020 - 2:45:43.528Open1480C:\malware.exeC:\ntmarta.dll
18/2/2020 - 2:45:43.528Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
18/2/2020 - 2:45:43.528Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
18/2/2020 - 2:45:43.528Open1480C:\malware.exeC:\
18/2/2020 - 2:45:43.528Unknown1480C:\malware.exeC:\
18/2/2020 - 2:45:43.543Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
18/2/2020 - 2:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
18/2/2020 - 2:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 2:45:43.543Open1480C:\malware.exeC:\malware.exe.Local
18/2/2020 - 2:45:43.543Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 2:45:43.543Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 2:45:43.543Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 2:45:43.543Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
18/2/2020 - 2:45:43.543Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
18/2/2020 - 2:45:43.543Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
18/2/2020 - 2:45:43.606Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
18/2/2020 - 2:46:23.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\Local State
18/2/2020 - 2:46:23.903Open1480C:\malware.exeC:\srms.dat
18/2/2020 - 2:46:23.903Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
18/2/2020 - 2:46:23.950Open1480C:\malware.exeC:\Windows\SysWOW64\explorer.exe
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files (x86)\Scpad
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files (x86)\AVG
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files\AVG
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files (x86)\AVAST Software
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files\AVAST Software
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files (x86)\Avira
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files\Avira
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files (x86)\ESET
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files\ESET
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files\Kaspersky Lab
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
18/2/2020 - 2:46:23.997Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Defender
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\
18/2/2020 - 2:46:23.997Unknown1480C:\malware.exeC:\
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 2:46:24.43Open1480C:\malware.exeC:\cryptsp.dll
18/2/2020 - 2:46:24.43Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 2:46:24.43Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 2:46:24.43Open1480C:\malware.exeC:\credssp.dll
18/2/2020 - 2:46:24.43Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 2:46:24.43Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\DNSAPI.dll
18/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\IPHLPAPI.DLL
18/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\WINNSI.DLL
18/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 2:46:24.231Open1480C:\malware.exeC:\rasadhlp.dll
18/2/2020 - 2:46:24.231Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 2:46:24.231Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 2:46:25.200Open1480C:\malware.exeC:\srms.dat
18/2/2020 - 2:46:25.200Open1480C:\malware.exeC:\srms.dat
18/2/2020 - 2:46:25.215Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
18/2/2020 - 2:46:25.262Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
18/2/2020 - 2:46:25.262Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
18/2/2020 - 2:46:25.309Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
18/2/2020 - 2:46:25.309Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
18/2/2020 - 2:46:25.356Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
18/2/2020 - 2:46:25.450Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
18/2/2020 - 2:46:25.450Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
18/2/2020 - 2:46:25.450Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
18/2/2020 - 2:46:25.543Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
18/2/2020 - 2:46:25.856Open1480C:\malware.exeC:\srms.dat
18/2/2020 - 2:46:25.856Open1480C:\malware.exeC:\srms.dat
18/2/2020 - 2:46:25.856Read1480C:\malware.exeC:\srms.dat
18/2/2020 - 2:46:25.856Unknown1480C:\malware.exeC:\srms.dat

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
18/2/2020 - 2:46:25.200Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runmalware.exe

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code www.sibcnet.trgbr.com.
computer localhost arrow_forward computer gateway:DNS code www.sibcnet.trgbr.com.

Response

TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 97.78%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 89.52%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 82.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 39.55%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.25%
suspicious: True check_circle

Add to Collection
Download