Report #6530 check_circle

  • Creation Date: Feb. 17, 2020, 3:58 p.m.
  • Last Update: Feb. 18, 2020, 3:14 a.m.
  • File: FA.4302376634520466.exe
  • Results:
Binary
DLL
False cancel
Size
225.50KB
trid
94.3% Win32 Executable Borland Delphi 7
2.0% Win32 Executable Delphi generic
1.8% Windows screen saver
0.6% Win32 Executable
0.2% Win16/32 Executable Delphi generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
4f72df4f9ea77d489a9dcbcffe2143b8
sha1
30bb85e546226775926c41ce1e2eaad844b6a621
crc32
0xb0c1f299
sha224
c4912ec70d200d09230f8a010a92cb3d6b4e8a7861054bb412e69b09
sha256
66228af5759bc2d13724f1a7142bd30c8852cf0d2fbe458f9b53f6f305097cfb
sha384
1438bf2b655098cbf270039fa3af5542ba6a66bf683f66afb4a67062f8e0f7be20d2f694d6e4a44381724da9a9e6db61
sha512
7b115cbcb85f93fc9acdc79d165f04de585b096e1846c6dc424e446f6d0a1f54f13846b15d9b4d69e62075b7c8cfdaed3cb5c4e7cc435d398860afd7b770255c
ssdeep
3072:9bsqaPDmlUnG8zraAsuWMTr4tUGbawsf6bMkeOI2PsJhoKxb5Szovx5IK5rl5iYY:6PkHUTx5etQnIDE+5lX3G4DbdQm
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Delphi_Copy, Borland, contentis_base64, IsWindowsGUI, win_files_operation, keylogger, win_registry, Microsoft_Visual_Cpp_v50v60_MFC, Delphi_CompareCall, borland_delphi, Delphi_Random, IsPE32, Delphi_DecodeDate, IsPacked

Suspicious
True check_circle

Strings
List
t.Ht
%s.Seek not implemented$Operation not allowed on sorted list
P.rsrc
SOFTWARE\Borland\Delphi\RTL
Software\Borland\Locales
Software\Borland\Delphi\Locales
G]T%en
Apartment
TofD
Division by zero
August September
Too many open files
Assertion failed
%s (%s, line %d)
Privileged instruction(Exception %s in module %s at %p.
I/O error %d
List count out of bounds (%d)
Cannot assign a %s to a %s
ESafecallException
%COMPUTERNAME%
No argument for format '%s'"Variant method calls not supported
Invalid variant operation%Invalid variant operation (%s%.8x)
TPersistent
TPersistent
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Application Error1Format '%s' invalid or incompatible with argument
GetProcAddress
GetProcAddress
TInterfacedObject
System Error. Code: %d.
EPrivilege
Invalid class typecast0Access violation at address %p. %s of address %p
ExitProcess
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
List index out of bounds (%d)
Cannot open file "%s". %s
Cannot create file "%s". %s
FPUMaskValue
IInterface
IStringsAdapter
GetDiskFreeSpaceA
CreateEventA
Invalid property value List capacity out of bounds (%d)
This program must be run under Win32
sActiveX
CoCreateInstance
VirtualAlloc
CoCreateInstanceEx
SysUtils
SysUtils
SysUtils
Variant or safe array is locked
RegQueryValueExA
MoveFileA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
FindFirstFileA
DeleteFileA
CreateFileA
CreateDirectoryA
GetModuleHandleA
WriteFile
GetModuleHandleA
QueryPerformanceCounter
OleInitialize
RegOpenKeyExA
SetFilePointer
WriteFile
FreeLibrary
FindFirstFileA
GetModuleFileNameA
ReadFile
TIMAGE%String list does not allow duplicates
External exception %x
GetTickCount
Sleep
Sleep
send
2!4%4)4-4145494=4A4E4I4M4Q4U4Y4]4a4e4i4m4q4u4I6
05191=1A1E1I1M1Q1U1Y1]1a1e1i1m1q1u1y1
6"6-63686C6I6N6Y6_6d6o6u6z6
GetCPInfo
2)222A2U2c2o2w2}2
13171;1?1C1G1K1O1S1W1[1_1c1g1k1o1s1w1{1
414H4_4!5E5
2.2C2O2W2a2f2k2p2u2{2
8+878D8P8c8o8y8
=s+&68om:"-
9A:N:a:v:}:
t%HtIHtm
6/ri""W/
Interface not supported
5,54585<5@5D5H5L5P5T5h5
282@2D2H2L2P2T2X2\2`2t2
20262H2`2l2t2
10181<1@1D1H1L1P1T1X1h1
)0TeLSvC
ERangeErrordb@

Foremost
Matches
0.exe, 225 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: user32.dll, kernel32.dll, advapi32.dll, ole32.dll, oleaut32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 134656
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 95108
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll, advapi32.dll, ole32.dll, oleaut32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1992-06-19 19:22:17
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 20
.rsrc: 53

pushpopmath
none: 3
.rsrc: 21
.reloc: 11

ss register
.rsrc: 1

garbagebytes
none: 20
.rsrc: 20

hookdetection
none: 2

software breakpoint
none: 4
.rsrc: 4
.reloc: 2

programcontrolflowchange
none: 20
.rsrc: 20

cpuinstructionsresultscomparison
none: 2
.rsrc: 1

AVclass
banload
1
VirusTotal
md5
4f72df4f9ea77d489a9dcbcffe2143b8
sha1
30bb85e546226775926c41ce1e2eaad844b6a621
SCANS (DETECTION RATE = 63.24%)
AVG
result: Win32:Malware-gen
update: 20181020
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20181020
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=97)
update: 20181020
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20181019
version: 1.3.0.9898
detected: False cancel

K7GW
result: Trojan-Downloader ( 0051cdd21 )
update: 20181020
version: 11.8.28768
detected: True check_circle

ALYac
result: Gen:Variant.Symmi.84431
update: 20181020
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20181020
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1020368
update: 20181019
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20181019
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/GenBl.4F72DF4F!Olympus
update: 20181020
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20181020
version: 7.0.33.6080
detected: False cancel

GData
result: Gen:Variant.Symmi.84431
update: 20181020
version: A:25.19012B:25.13485
detected: True check_circle

Panda
result: Trj/CI.A
update: 20181019
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.Delf
update: 20181019
version: 3.33.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20181020
version: 70378
detected: True check_circle

Zoner
update: 20181019
version: 1.0
detected: False cancel

ClamAV
update: 20181019
version: 0.100.2.0
detected: False cancel

F-Prot
update: 20181020
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20181019
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic Downloader.x
update: 20181020
version: 6.0.6.653
detected: True check_circle

Rising
update: 20181020
version: 25.0.0.24
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20181020
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!6IP3QMzu9AA
update: 20181018
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.86724
update: 20181019
version: 2.0.0.3672
detected: True check_circle

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
result: Trojan.Symmi.D149CF
update: 20181020
version: 1.0.0.833
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20181020
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180730
version: 3.0.1
detected: True check_circle

TACHYON
update: 20181020
version: 2018-10-20.01
detected: False cancel

Tencent
result: Win32.Trojan.Ursu.Pgde
update: 20181020
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20181019
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20181020
version: 1.0.0.403
detected: False cancel

eGambit
update: 20181020
detected: False cancel

Ad-Aware
result: Gen:Variant.Symmi.84431
update: 20181020
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20181020
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Variant.Symmi.84431 (B)
update: 20181020
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Gen:Variant.Symmi.84431
update: 20181020
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banload.WLY!tr.dldr
update: 20181020
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180717
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20181020
version: 16.0.100
detected: False cancel

Kingsoft
update: 20181020
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20181020
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20181020
version: 1.7.0.0
detected: True check_circle

AhnLab-V3
update: 20181019
version: 3.13.1.21616
detected: False cancel

Antiy-AVL
result: Trojan/Win32.TSGeneric
update: 20181019
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20181020
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Tiggre!rfn
update: 20181020
version: 1.1.15400.4
detected: True check_circle

Qihoo-360
update: 20181020
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20181018
version: 6.8.0.5.3772
detected: False cancel

Trustlook
update: 20181020
version: 1.0
detected: False cancel

ZoneAlarm
result: UDS:DangerousObject.Multi.Generic
update: 20181020
version: 1.0
detected: True check_circle

Cybereason
result: malicious.f9ea77
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.YCM
update: 20181020
version: 18244
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0OIK18
update: 20181020
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Gen:Variant.Symmi.84431
update: 20181020
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (D)
update: 20180723
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 0051cdd21 )
update: 20181019
version: 11.8.28766
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20181011
version: 1.0.19.245
detected: True check_circle

Avast-Mobile
update: 20181019
version: 181019-04
detected: False cancel

Malwarebytes
update: 20181020
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20181018
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.IGENERIC
update: 20181018
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.evuzpx
update: 20181020
version: 1.0.134.24036
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Symmi.84431
update: 20181020
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20181015
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.dc
update: 20181020
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0OIK18
update: 20181020
version: 10.0.0.1040
detected: True check_circle

total
68
sha256
66228af5759bc2d13724f1a7142bd30c8852cf0d2fbe458f9b53f6f305097cfb
scan_id
66228af5759bc2d13724f1a7142bd30c8852cf0d2fbe458f9b53f6f305097cfb-1540012184
resource
4f72df4f9ea77d489a9dcbcffe2143b8
positives
43
scan_date
2018-10-20 05:09:44
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
18/2/2020 - 2:45:53.653Open1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:53.700Open1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:53.981Open1480C:\malware.exeC:\Windows\SysWOW64\mpr.dll
18/2/2020 - 2:45:53.981Open1480C:\malware.exeC:\Windows\SysWOW64\mpr.dll
18/2/2020 - 2:45:53.981Open1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:53.981Open1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.278Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
18/2/2020 - 2:45:54.278Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\SXS.DLL
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/2/2020 - 2:45:54.387Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Users\Public
18/2/2020 - 2:45:54.387Unknown1480C:\malware.exeC:\Users\Public
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Read1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\V
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Users\Public
18/2/2020 - 2:45:54.387Unknown1480C:\malware.exeC:\Users\Public
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:45:54.387Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Users\Public\RAAHBO\76
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\RAAHBO\76
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Users\Public\RAAHBO\71
18/2/2020 - 2:45:54.387Write1480C:\malware.exeC:\Users\Public\RAAHBO\71
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:45:54.387Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 2:45:54.387Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\cryptsp.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\credssp.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\DNSAPI.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 2:45:54.465Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 2:45:54.575Open1480C:\malware.exeC:\IPHLPAPI.DLL
18/2/2020 - 2:45:54.575Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 2:45:54.575Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 2:45:54.575Open1480C:\malware.exeC:\WINNSI.DLL
18/2/2020 - 2:45:54.575Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 2:45:54.575Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 2:45:54.622Open1480C:\malware.exeC:\rasadhlp.dll
18/2/2020 - 2:45:54.622Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 2:45:54.622Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 2:45:56.997Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:45:56.997Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:45:59.293Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:45:59.293Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:1.590Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:1.590Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:3.856Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:3.856Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:6.153Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:6.153Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:8.434Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:8.434Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:10.731Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:10.731Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:13.28Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:13.28Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:15.325Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:15.325Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:17.622Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:17.622Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:19.887Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:19.887Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:22.184Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:22.184Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:24.481Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:24.481Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:26.778Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:26.778Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:29.28Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:29.28Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:31.309Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:31.309Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:33.606Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:33.606Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:35.887Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:35.887Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:38.184Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:38.184Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:40.481Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:40.481Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:42.778Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:42.778Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:45.28Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:45.28Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:47.325Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:47.325Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:49.622Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:49.622Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:51.918Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:51.918Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:54.215Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:54.215Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:56.512Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:56.512Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:58.903Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:46:58.903Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:1.200Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:1.200Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:3.497Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:3.497Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:5.793Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:5.793Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:8.90Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:8.90Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:10.387Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:10.387Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:12.684Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:12.684Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:14.981Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:14.981Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:17.278Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:17.278Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:19.575Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:19.575Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:21.872Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:21.872Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:24.168Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:24.168Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:26.465Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:26.465Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:28.762Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:28.762Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:31.12Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:31.12Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:33.309Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:33.309Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:35.606Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:35.606Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:37.887Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:37.887Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:40.184Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:40.184Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:42.481Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:42.481Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:44.778Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:44.778Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:47.28Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:47.28Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:49.325Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:49.325Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:51.622Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:51.622Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:53.918Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:53.918Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:56.215Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:56.215Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:58.512Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:47:58.512Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:0.903Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:0.903Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:3.200Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:3.200Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:5.497Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:5.497Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:7.793Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:7.793Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:10.90Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:10.90Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:12.387Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:12.387Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:14.684Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:14.684Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:16.981Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:16.981Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:19.278Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:19.278Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:21.575Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:21.575Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:23.872Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:23.872Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:26.168Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:26.168Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:28.465Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:28.465Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:30.762Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:30.762Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:33.12Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:33.12Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:35.309Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:35.309Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:37.606Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:37.606Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:39.903Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:39.903Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:42.184Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:42.184Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:44.481Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:44.481Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:46.778Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:46.778Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:49.28Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:49.28Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:51.325Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:51.325Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:53.622Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:53.622Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:55.918Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:55.918Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:58.215Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:48:58.215Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:0.512Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:0.512Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:2.903Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:2.903Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:5.200Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:5.200Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:7.497Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:7.497Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:9.856Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:9.856Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:12.153Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:12.153Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:14.403Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:14.403Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:16.700Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:16.700Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:18.981Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:18.981Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:21.278Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:21.278Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:23.528Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:23.528Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:25.918Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:25.918Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:28.200Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:28.200Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:30.481Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:30.481Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:32.856Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:32.856Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:35.106Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:35.106Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:37.403Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:37.403Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:39.653Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:39.653Unknown1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:41.950Open1480C:\malware.exeC:\Users\Public\RAAHBO
18/2/2020 - 2:49:41.950Unknown1480C:\malware.exeC:\Users\Public\RAAHBO

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code subdivisao.com.
computer localhost arrow_forward computer gateway:50273 code subdivisao.com.

Response

TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 73.49%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 98.09%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 69.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 55.60%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.80%
suspicious: True check_circle

Add to Collection
Download