Report #67 cancel

  • Creation Date: May 8, 2019, 3:50 p.m.
  • Last Update: May 8, 2019, 5:14 p.m.
  • File: GUP.exe
  • Results:
Binary
DLL
False cancel
Size
566.67KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
45c01734ed56c52797156620a5f8b414
sha1
fc37ac7523cf3b4020ec46d6a47bc26957e3c054
crc32
0x4380a086
sha224
9afc05e35caf193a0a22151c43bcf54cb5051c498309ba549e5fbdef
sha256
20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503
sha384
af9b93a9c682ec5ee56a357181a76d9370104ad3b4579b4eb58c7231deae93dcb045c401537e8c3deefb189f3b13b758
sha512
4bd34101fff667a19d4884ef7f1b952dc236918138e1571aba8d5a0d691f914260a0233d6906168ed5c70f19e15f7328b1f82eb6247a1fe71395f6d4798ccf75
ssdeep
12288:yQzp+UgiYxD3VzhEQWazpuRhP1a8W+sJK9glugNMY5UDzTLaQFOVEL:yQw3VcazpWEz+sJySpNM3TLaQIVEL
Community
Google
1
HashLib
0
YARA
Matches
VC8_Microsoft_Corporation, domain, Check_OutputDebugStringA_iat, HasDigitalSignature, IP, url, CRC32b_poly_Constant, contentis_base64, Microsoft_Visual_Cpp_8, CRC32_table, HasDebugData, HasOverlay, maldoc_find_kernel32_base_method_1, CRC32_poly_Constant, win_files_operation, IsPE32, anti_dbg, IsWindowsGUI, HasRichSignature

Suspicious
1

Heuristics
IPs
hasIPs: 0
Allowed
Suspicious
hasAllowed: 0
hasSuspicious: 0

URLs
Allowed
hasURLs: 1
Suspicious: http://crl3.digicert.com/digicertassuredidrootca.crl0:, http://cacerts.digicert.com/digicertsha2highassurancecodesigningca.crt0, http://crl4.digicert.com/sha2-ha-cs-g1.crl0l, http://cacerts.digicert.com/digicerthighassuranceevrootca.crt0, http://ocsp.digicert.com0a, http://crl4.digicert.com/digicertassuredidrootca.crl0, http://cacerts.digicert.com/digicertassuredidca-1.crt0, https://notepad-plus-plus.org/0, http://ocsp.digicert.com0i, http://crl4.digicert.com/digicertassuredidca-1.crl0w, http://crl3.digicert.com/sha2-ha-cs-g1.crl00, http://crl4.digicert.com/digicerthighassuranceevrootca.crl0@, http://ocsp.digicert.com0r, http://cacerts.digicert.com/digicertassuredidrootca.crt0, http://ocsp.digicert.com0c, http://crl3.digicert.com/digicerthighassuranceevrootca.crl0o, https://www.digicert.com/cps0, http://www.digicert.com/ssl-cps-repository.htm0, http://crl3.digicert.com/digicertassuredidca-1.crl08
hasAllowed: 0
hasSuspicious: 1

Files
Allowed: mscoree.dll, combase.dll, advapi32.dll, Hkernel32.dll, SHELL32.dll, libcurl.dll, USER32.dll, SHLWAPI.dll, COMCTL32.dll, KERNEL32.dll
hasFiles: 1
Suspicious: nativeLang.xml, gupOptions.xml, gup.xml
hasAllowed: 1
hasSuspicious: 1

Binary
Sizes
RVA
RVA: 16
Suspicious: 0
Code
Size: 158208
Suspicious: 0
Image
Address: 4194304
Suspicious: 0
Stack
Stack: 4096
Suspicious: 0
Headers
Headers: 1024
Suspicious: 0
Suspicious: 0

Symbols
Number
Number: 0
Suspicious: 1
Pointer
Pointer: 0
Suspicious: 1
Directories
Number: 16
Suspicious: 0

Checksum
Value: 627251
Suspicous: 0

Sections
Allowed: .text, .rdata, .data, .gfids, .tls, .rsrc, .reloc
Suspicious
hasAllowed: 1
hasSections: 1
hasSuspicious: 0

Versions
OS
Version: 5
Suspicious: 0
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 14.0
Suspicious: 0
Subsystem
Version: 5.1
Suspicious: 0
Suspicious: 0

EntryPoint
Address: 190674
Suspicious: 0

Anomalies
Anomalies
hasAnomalies: 0

Libraries
Allowed: mscoree.dll, combase.dll, advapi32.dll, shell32.dll, user32.dll, shlwapi.dll, comctl32.dll, kernel32.dll
hasLibs: 1
Suspicious: hkernel32.dll, libcurl.dll
hasAllowed: 1
hasSuspicious: 1

Timestamp
Past: 0
Valid: 1
Value: 2018-11-10 23:36:14
Future: 0

Compilation
Packed: 0
Missing: 0
Packers
Compiled: 1
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: 0
Fuzzing: 0

Disassembly
hasTricks
1
Tricks
ldr
.text: 1

pushret
.rdata: 16

pushpopmath
.text: 9
.rdata: 33
.reloc: 15

sizeofimage
.text: 1

garbagebytes
.rdata: 7

hookdetection
.rdata: 1
.reloc: 2

stealthimport
.text: 1
.rdata: 1

peb ntglobalflag
.text: 1

isdebbugerpresent
.text: 1

software breakpoint
.text: 3
.rdata: 1
.reloc: 4

programcontrolflowchange
.rdata: 7

cpuinstructionsresultscomparison
.rdata: 8

AVclass
None
1
VirusTotal
md5
45c01734ed56c52797156620a5f8b414
sha1
fc37ac7523cf3b4020ec46d6a47bc26957e3c054
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20190508
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20190508
version: 2018.9.12.1
detected: False cancel

Bkav
update: 20190508
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190508
version: 11.42.30841
detected: False cancel

ALYac
update: 20190508
version: 1.1.1.5
detected: False cancel

Avast
update: 20190508
version: 18.4.3895.0
detected: False cancel

Avira
update: 20190508
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190508
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190508
version: 7.0.34.11020
detected: False cancel

GData
update: 20190508
version: A:25.21855B:25.15032
detected: False cancel

Panda
update: 20190508
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190504
version: 4.0.0
detected: False cancel

Zoner
update: 20190507
version: 1.0
detected: False cancel

ClamAV
update: 20190508
version: 0.101.2.0
detected: False cancel

Comodo
update: 20190508
version: 30834
detected: False cancel

F-Prot
update: 20190508
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20190508
version: 0.1.5.2
detected: False cancel

McAfee
update: 20190503
version: 6.0.6.653
detected: False cancel

Rising
update: 20190508
version: 25.0.0.24
detected: False cancel

Sophos
update: 20190508
version: 4.98.0
detected: False cancel

Yandex
update: 20190501
version: 5.5.1.3
detected: False cancel

Zillya
update: 20190506
version: 2.0.0.3808
detected: False cancel

Acronis
update: 20190504
version: 1.0.1.48
detected: False cancel

Alibaba
update: 20190426
version: 0.4.0.6
detected: False cancel

Arcabit
update: 20190508
version: 1.0.0.845
detected: False cancel

Babable
update: 20190424
version: 9107201
detected: False cancel

Cylance
update: 20190508
version: 2.3.1.101
detected: False cancel

Endgame
update: 20190403
version: 3.0.9
detected: False cancel

FireEye
update: 20190508
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20190508
version: 2019-05-08.03
detected: False cancel

Tencent
update: 20190508
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190508
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190508
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190508
version: v4.3.6
detected: False cancel

Ad-Aware
update: 20190508
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190508
version: 4.2
detected: False cancel

Emsisoft
update: 20190508
version: 2018.4.0.1029
detected: False cancel

F-Secure
update: 20190508
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20190508
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190313
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190508
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190508
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190508
version: 1.0
detected: False cancel

Symantec
update: 20190508
version: 1.9.0.0
detected: False cancel

Trapmine
update: 20190325
version: 3.1.52.760
detected: False cancel

AhnLab-V3
update: 20190508
version: 3.15.1.23978
detected: False cancel

Antiy-AVL
update: 20190508
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20190508
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20190507
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20190508
version: 1.1.15900.4
detected: False cancel

Qihoo-360
update: 20190508
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20190506
version: 6.8.0.5.4206
detected: False cancel

Trustlook
update: 20190508
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190508
version: 1.0
detected: False cancel

Cybereason
update: 20190417
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20190508
version: 19321
detected: False cancel

TrendMicro
update: 20190508
version: 10.0.0.1040
detected: False cancel

BitDefender
update: 20190508
version: 7.2
detected: False cancel

CrowdStrike
update: 20190212
version: 1.0
detected: False cancel

K7AntiVirus
update: 20190508
version: 11.42.30839
detected: False cancel

SentinelOne
update: 20190508
version: 1.0.26.322
detected: False cancel

Avast-Mobile
update: 20190508
version: 190508-00
detected: False cancel

Malwarebytes
update: 20190508
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190508
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190507
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190508
version: 1.0.134.24788
detected: False cancel

MicroWorld-eScan
update: 20190508
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20190507
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190508
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20190508
version: 10.0.0.1040
detected: False cancel

total
72
sha256
20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503
scan_id
20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503-1557319904
resource
45c01734ed56c52797156620a5f8b414
positives
0
scan_date
2019-05-08 12:51:44
verbose_msg
Scan finished, information embedded
response_code
1
Results
Random Forest
detected: TBD
confidence: TBD