Report #6830 check_circle

  • Creation Date: Feb. 19, 2020, 3:03 p.m.
  • Last Update: Feb. 19, 2020, 5:01 p.m.
  • File: ondriveexplorer.exe
  • Results:
Binary
DLL
False cancel
Size
5.14MB
trid
100.0% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
a97ab5b7ba4ea3e2d1a52531a8db9e25
sha1
907124b20b633f60e46d8dcac94d63222de3b532
crc32
0x8e96a318
sha224
177dab2b0b313bc05d9f140773e7bfdf40d3e743e33cbcbf282a51c7
sha256
40fa321dd7b9195a234952d0da809dfca670b4493071db31f441254b42103b6c
sha384
df187255c46e6ee3db43d6b0fe6212dbcc2184b7c5290ad0b651fe5e9052438cfddb83ea92d80e5e2cf2023d0d23d4c5
sha512
6933e11036faa4c134a330d0ae233ae07f056288a4ac31cfeeca33cbca5ccd18b50fee1c541067ef444b4b1221accd973835b21f541a956a2054949c3b273b7d
ssdeep
98304:KUc+/s8+1YItttttttttttbF1ypWl7F/1qCNOL3iADnrZKisCStQinmfxVKY:KN+/s8+1Htttttttttttjy27SviADnrV
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, HasModified_DOS_Message, url, IP, FSG_v110_Eng_dulekxt_Borland_Delphi_40_50, contentis_base64, IsPacked, HasOverlay, network_ssl, IsPE32, IsWindowsGUI, possible_includes_base64_packed_functions

Suspicious
True check_circle

Strings
List
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
2"http://ns.adobe.com/xap/1.0/
2"http://ns.adobe.com/xap/1.0/
2"http://ns.adobe.com/xap/1.0/
2"http://ns.adobe.com/xap/1.0/
2"http://ns.adobe.com/xap/1.0/
2"http://ns.adobe.com/xap/1.0/
2"http://ns.adobe.com/xap/1.0/
2"http://ns.adobe.com/xap/1.0/
2"http://ns.adobe.com/xap/1.0/
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:xmp="http://ns.adobe.com/xap/1.0/">
xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
xmlns:dc="http://purl.org/dc/elements/1.1/">
G.afl
Vcl.Graphics
Winapi.Windows
I.sC
e.ht
t.cO
g.RS
s.tC
a.bI
C.SA
DC.al
A.cH
BA.tg
Font.Name
Font.Name
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
Font.Style
Font.Style
Font.Style
Font.Style
Font.Style
Font.Name
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
Font.Name
Font.Style
Font.Style
Font.Name
Font.Name
Font.Style
Font.Style
Font.Name
Font.Name
Font.Style
Font.Style
Font.Name
Font.Style
Font.Style
Font.Name
Font.Name
Font.Name
Font.Style
Font.Style
Font.Name
Font.Style
Font.Style
Font.Name
Font.Name
Font.Style
Font.Style
Font.Name
Font.Style
Font.Name
Font.Name

Foremost
Matches
734.jpg, 110 KB, 955.jpg, 106 KB, 1171.jpg, 78 KB, 1329.jpg, 85 KB, 1501.jpg, 108 KB, 1727.jpg, 165 KB, 2062.jpg, 56 KB, 2177.jpg, 47 KB, 2274.jpg, 58 KB, 2393.jpg, 55 KB, 2505.jpg, 36 KB, 2582.jpg, 38 KB, 2662.jpg, 36 KB, 2739.jpg, 38 KB, 2816.jpg, 56 KB, 2934.jpg, 52 KB, 3040.jpg, 59 KB, 3161.jpg, 42 KB, 3248.jpg, 50 KB, 3350.jpg, 44 KB, 3442.jpg, 20 KB, 3483.jpg, 31 KB, 3547.jpg, 18 KB, 3585.jpg, 34 KB, 3653.jpg, 16 KB, 3686.jpg, 15 KB, 3718.jpg, 27 KB, 3775.jpg, 98 KB, 0.exe, 2 MB, 24.png, 43 KB, 419.png, 16 KB, 453.png, 18 KB, 491.png, 18 KB, 530.png, 68 KB, 668.png, 30 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://www.w3.org/1999/02/22-rdf-syntax-ns#
hasURLs: True check_circle
Suspicious: http://purl.org/dc/elements/1.1/, http://ns.adobe.com/tiff/1.0/, http://ns.adobe.com/xap/1.0/
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: user32.dll, comctl32.dll, advapi32.dll, kernel32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2405888
Suspicious: False cancel
Image
Address: 320077824
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 5435148
Suspicous: False cancel

Sections
Allowed: data, bss, .rsrc, .crt, .ctors
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 7512064
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: user32.dll, comctl32.dll, advapi32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-02-05 23:10:26
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
bandra
1
VirusTotal
md5
a97ab5b7ba4ea3e2d1a52531a8db9e25
sha1
907124b20b633f60e46d8dcac94d63222de3b532
SCANS (DETECTION RATE = 77.94%)
AVG
result: Win32:Malware-gen
update: 20180723
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180723
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=85)
update: 20180723
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180723
version: 1.3.0.9466
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20180723
version: 10.54.27833
detected: True check_circle

ALYac
result: Gen:Variant.Razy.130976
update: 20180723
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180723
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/ATRAPS.Gen
update: 20180723
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9914
update: 20180723
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/LdPinch.N.gen!Eldorado
update: 20180723
version: 6.0.0.4
detected: True check_circle

DrWeb
result: Trojan.Siggen7.10958
update: 20180723
version: 7.0.33.6080
detected: True check_circle

GData
result: Gen:Variant.Razy.130976
update: 20180723
version: A:25.17860B:25.12791
detected: True check_circle

Panda
result: Trj/Genetic.gen
update: 20180722
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanBanker.Bandra
update: 20180720
version: 3.12.32.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180723
version: 68318
detected: True check_circle

Zoner
update: 20180723
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180723
version: 1.6.0.52
detected: True check_circle

ClamAV
update: 20180723
version: 0.100.1.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180723
version: 29396
detected: True check_circle

F-Prot
result: W32/LdPinch.N.gen!Eldorado
update: 20180723
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.ATRAPS
update: 20180723
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericR-JSC!A97AB5B7BA4E
update: 20180723
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Dynamer!8.3A0 (CLOUD)
update: 20180723
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Basine-C
update: 20180723
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.PWS.Bandra!
update: 20180720
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.Black.Win32.49639
update: 20180720
version: 2.0.0.3599
detected: True check_circle

Arcabit
result: Trojan.Razy.D1FFA0
update: 20180723
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180723
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180711
version: 3.0.0
detected: True check_circle

TACHYON
update: 20180723
version: 2018-07-23.02
detected: False cancel

Tencent
result: Win32.Trojan.Generic.Lnoc
update: 20180723
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180723
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Bandra
update: 20180723
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20180723
detected: False cancel

Ad-Aware
result: Gen:Variant.Razy.130976
update: 20180723
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Uds.Dangerousobject.Multi!c
update: 20180723
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Razy.130976 (B)
update: 20180723
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Gen:Variant.Razy.130976
update: 20180723
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Generic.AC.3CDD71!tr
update: 20180723
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180717
version: 6.3.5.26121
detected: True check_circle

Jiangmin
result: Trojan.Banker.Bandra.aa
update: 20180723
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180723
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180723
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20180723
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Generic.C1774523
update: 20180723
version: 3.13.1.21452
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.AGeneric
update: 20180723
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20180723
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanSpy:Win32/Banker
update: 20180723
version: 1.1.15100.1
detected: True check_circle

Qihoo-360
result: Win32/Trojan.eb0
update: 20180723
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180723
version: 6.8.0.5.3439
detected: False cancel

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20180723
version: 1.0
detected: True check_circle

Cybereason
result: malicious.7ba4ea
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Packed.Obsidium.AL
update: 20180723
version: 17760
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0PBG18
update: 20180723
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Gen:Variant.Razy.130976
update: 20180723
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (D)
update: 20180530
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20180723
version: 10.54.27834
detected: True check_circle

SentinelOne
update: 20180701
version: 1.0.17.227
detected: False cancel

Avast-Mobile
update: 20180723
version: 180723-00
detected: False cancel

Malwarebytes
update: 20180723
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180722
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanSpy.Banker
update: 20180723
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Bandra.elmkoc
update: 20180723
version: 1.0.116.23366
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Razy.130976
update: 20180723
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180722
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: GenericR-JSC!A97AB5B7BA4E
update: 20180723
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0PBG18
update: 20180723
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
40fa321dd7b9195a234952d0da809dfca670b4493071db31f441254b42103b6c
scan_id
40fa321dd7b9195a234952d0da809dfca670b4493071db31f441254b42103b6c-1532341866
resource
a97ab5b7ba4ea3e2d1a52531a8db9e25
positives
53
scan_date
2018-07-23 10:31:06
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/2/2020 - 16:45:44.340Open1480C:\malware.exeC:\wsock32.dll
19/2/2020 - 16:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
19/2/2020 - 16:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/2/2020 - 16:45:44.622Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 16:45:44.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Obsidium\{7996E268-2E45773B-75A57AB4-2449A90A}.11924041074243746681
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.622Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Users\Behemot\.obs32\{7996E268-2E45773B-75A57AB4-2449A90A}.11924041074243746681
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Unknown1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Unknown1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Unknown1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Unknown1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Unknown1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Unknown1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\wtsapi32.dll
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\WINSTA.dll
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\winsta.dll
19/2/2020 - 16:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\winsta.dll
19/2/2020 - 16:45:44.684Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
19/2/2020 - 16:45:44.684Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/2/2020 - 16:45:44.684Open1480C:\malware.exeC:\security.dll
19/2/2020 - 16:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\security.dll
19/2/2020 - 16:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\security.dll
19/2/2020 - 16:45:44.684Open1480C:\malware.exeC:\SECUR32.DLL
19/2/2020 - 16:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/2/2020 - 16:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\olepro32.dll
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\olepro32.dll
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\olepro32.dll
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\ntmarta.dll
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\malware.exe.Local
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
19/2/2020 - 16:45:44.700Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88\comctl32.dll.mui
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
19/2/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
19/2/2020 - 16:45:44.700Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\malware.exe.Local
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 16:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 16:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 16:45:44.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 16:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/2/2020 - 16:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/2/2020 - 16:45:44.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/2/2020 - 16:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
19/2/2020 - 16:45:44.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
19/2/2020 - 16:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 16:45:44.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 16:45:44.731Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 16:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 16:45:44.731Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 16:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 16:45:44.731Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 16:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
19/2/2020 - 16:45:47.825Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
19/2/2020 - 16:45:47.872Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
19/2/2020 - 16:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
19/2/2020 - 16:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
19/2/2020 - 16:45:48.200Open1480C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
19/2/2020 - 16:45:48.762Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
19/2/2020 - 16:45:48.809Unknown1480C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
19/2/2020 - 16:45:48.809Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
19/2/2020 - 16:45:48.809Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
19/2/2020 - 16:45:48.809Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
19/2/2020 - 16:45:48.809Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
19/2/2020 - 16:45:49.59Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
19/2/2020 - 16:45:49.59Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
19/2/2020 - 16:45:49.481Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
19/2/2020 - 16:45:49.481Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
19/2/2020 - 16:45:49.481Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
19/2/2020 - 16:45:49.481Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
19/2/2020 - 16:45:49.809Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
19/2/2020 - 16:45:49.809Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
19/2/2020 - 16:45:50.137Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/2/2020 - 16:45:50.137Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/2/2020 - 16:45:50.137Open1480C:\malware.exeC:\DNSAPI.dll
19/2/2020 - 16:45:50.137Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/2/2020 - 16:45:50.137Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/2/2020 - 16:45:50.137Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
19/2/2020 - 16:45:50.137Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
19/2/2020 - 16:45:50.372Open1480C:\malware.exeC:\IPHLPAPI.DLL
19/2/2020 - 16:45:50.372Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/2/2020 - 16:45:50.372Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/2/2020 - 16:45:50.372Open1480C:\malware.exeC:\WINNSI.DLL
19/2/2020 - 16:45:50.372Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
19/2/2020 - 16:45:50.372Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
19/2/2020 - 16:45:50.418Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/2/2020 - 16:45:50.418Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/2/2020 - 16:45:50.512Open1480C:\malware.exeC:\rasadhlp.dll
19/2/2020 - 16:45:50.512Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
19/2/2020 - 16:45:50.512Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\CRYPTSP.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\RpcRtRemote.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/2/2020 - 16:45:50.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/2/2020 - 16:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/2/2020 - 16:45:50.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/2/2020 - 16:45:50.809Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
19/2/2020 - 16:45:50.809Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
19/2/2020 - 16:45:51.231Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
19/2/2020 - 16:45:51.231Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
19/2/2020 - 16:45:51.231Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
19/2/2020 - 16:45:51.231Open1480C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
19/2/2020 - 16:45:51.231Open1480C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
19/2/2020 - 16:45:51.653Open1480C:\malware.exeC:\SXS.DLL
19/2/2020 - 16:45:51.653Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
19/2/2020 - 16:45:51.653Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
19/2/2020 - 16:45:51.653Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:51.653Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:53.434Open1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.434Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:53.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\EUDCNZA
19/2/2020 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\BAOEIAZC
19/2/2020 - 16:45:55.403Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\BAOEIAZC
19/2/2020 - 16:45:55.918Open1480C:\malware.exeC:\Program Files (x86)
19/2/2020 - 16:45:55.918Unknown1480C:\malware.exeC:\Program Files (x86)
19/2/2020 - 16:45:55.918Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\bb.gpc
19/2/2020 - 16:45:55.918Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\cef.gpc
19/2/2020 - 16:45:55.918Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\uni.gpc
19/2/2020 - 16:45:55.918Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\abn.gpc
19/2/2020 - 16:45:55.918Open1480C:\malware.exeC:\Program Files (x86)\Scpad\scpIBCfg.bin
19/2/2020 - 16:45:55.918Open1480C:\malware.exeC:\Program Files (x86)\diebold\warsaw\core.exe
19/2/2020 - 16:45:55.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Aplicativo Itau\itauaplicativo.exe
19/2/2020 - 16:45:56.575Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:56.575Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:57.887Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:58.356Open1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.356Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:45:58.637Unknown1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
19/2/2020 - 16:45:58.637Open1480C:\malware.exeC:\IdnDL.dll
19/2/2020 - 16:45:58.637Open1480C:\malware.exeC:\Windows\SysWOW64\idndl.dll
19/2/2020 - 16:45:58.637Open1480C:\malware.exeC:\Windows\SysWOW64\idndl.dll
19/2/2020 - 16:45:58.637Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:45:58.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/2/2020 - 16:46:3.325Open1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dll
19/2/2020 - 16:46:3.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.325Open1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dll
19/2/2020 - 16:46:3.325Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.372Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.418Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.465Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.559Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.606Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.653Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.700Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.747Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.793Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.840Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:3.934Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.497Open1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dll
19/2/2020 - 16:46:4.497Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.497Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.497Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.497Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.497Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.497Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.497Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.497Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.497Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
19/2/2020 - 16:46:4.512Open1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.512Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
19/2/2020 - 16:46:4.887Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 16:46:4.887Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 16:46:5.231Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 16:46:5.231Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 16:46:5.684Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/2/2020 - 16:46:5.684Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/2/2020 - 16:46:5.684Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/2/2020 - 16:46:5.684Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/2/2020 - 16:45:44.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
19/2/2020 - 16:45:44.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
19/2/2020 - 16:45:44.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
19/2/2020 - 16:45:54.231Write1480C:\malware.exeHKCU\Software\Microsoft\Internet Explorer\MainUse FormSuggest
19/2/2020 - 16:45:54.231Write1480C:\malware.exeHKCU\Software\Microsoft\Internet Explorer\MainFormSuggest Passwords
19/2/2020 - 16:45:54.231Write1480C:\malware.exeHKCU\Software\Microsoft\Internet Explorer\MainFormSuggest PW Ask
19/2/2020 - 16:45:54.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\RunHD373DID

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: True check_circle

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code www.clinicadaspatas.com.br.
computer localhost arrow_forward computer gateway:50273 code www.clinicadaspatas.com.br.

Response
computer gateway:DNS arrow_forward computer localhost code www.clinicadaspatas.com.br. reply_all 108.167.188.154


TCP
Info
108.167.188.154:80 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 108.167.188.154:80

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send POST www.clinicadaspatas.com.br attach_file /Adapter/teste/romano/master.php

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 90.69%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 84.52%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 68.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 41.39%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 75.82%
suspicious: False cancel

Add to Collection
Download