Report #6875 check_circle

  • Creation Date: Feb. 19, 2020, 3:54 p.m.
  • Last Update: Feb. 19, 2020, 8:30 p.m.
  • File: Pedido_OrЗamento.exe
  • Results:
Binary
DLL
False cancel
Size
2.40MB
trid
76.7% Win32 EXE PECompact compressed
8.3% Win32 Executable
3.8% Win16/32 Executable Delphi generic
3.7% OS/2 Executable
3.6% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
168f730848fde2ade7ae2312c1514ab0
sha1
fd3e6a564564d0c9be7c93e6c1407198b28fbaba
crc32
0xb3405039
sha224
ad0486250ac97141959dd978b89aa23e8a3144bb17c4b21a5a248fd4
sha256
099f0947738e65544a0ed658ec7530a36b631c0400c631bb9099e7f70c92a102
sha384
d0795a5351c94d75764e4d900cb0834417723f6dc9e536e62632af6b48a9fd0e6eb5b31374fdb586a609e683d8901312
sha512
90306f5596fdd441689df18126c350bfff0a9054d065a178bc860b36de2138f524f0f5e79b8a605cd8e6a0847756ceec8ad24179bc3175ab733a5d4864b961c7
ssdeep
24576:7QWTw7voJe1ya2UDWK1Uv34dndByS+Qm2dpygUiVEp0PFy7rOD2rTDHldWEH1:BMGT14dwSL73yUorODOTDHldWEV
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, borland_delphi, anti_dbg, Borland, screenshot, win_hook, win_files_operation, keylogger, contentis_base64, CRC32_table, win_registry, Microsoft_Visual_Cpp_v50v60_MFC, Delphi_CompareCall, CRC32_poly_Constant, Delphi_Random, IsPE32, IsWindowsGUI, IP, Delphi_FormShow

Suspicious
True check_circle

Strings
List
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
t.Ht
Winapi.Windows
Winapi.Windows
Winapi.Windows
h.NL
h.sL
EMS.Services
EMS.Services
System.Zip
System.Zip
System.Zip
System.Zip
System.Zip
System.Zip
System.Zip
System.Zip
System.Zip
System.Zip
System.Zip
System.Zip
G:\lib\lib_Berlim_32\System.SysUtils.pas
G:\lib\lib_Berlim_32\System.SysUtils.pas
G:\lib\lib_Berlim_32\System.SysUtils.pas
System.JSON.Builders
sSystem.JSON.Builders
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
E:\lib\lib_Berlim_32\System.Variants.pas
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
TComparer<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>2
IComparer<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
TComparer<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>h
TComparison<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
TList<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>.TEnumerator5
TList<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>.TEnumerator,
.TList`1.Pack$233$0$Intf<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
.TList`1.Pack$231$0$Intf<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
@TList`1.Pack$231$ActRec<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
@TList`1.Pack$233$ActRec<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
@TList`1.Pack$233$ActRec<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
TEnumerable<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>'
IEnumerable<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
TEnumerable<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>(
TEnumerator<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
TEnumerator<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>(
TDictionary<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>9
@TList`1.Pack$231$ActRec<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>H
TArray<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
TList<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>
TList<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>.arrayofT
TList<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>.TEmptyFunc
TList<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>&
TCollectionNotifyEvent<System.Zip.TPair<System.Zip.TZipCompression,System.Generics.Collections.TPair<System.Zip.TStreamConstructor,System.Zip.TStreamConstructor>>>

Foremost
Matches
0.exe, 2 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: user32.dll, comctl32.dll, Msctf.dll, uxtheme.dll, ole32.dll, PSAPI.dll, imm32.dll, kernel32.dll, oleaut32.dll, NTDLL.DLL, msvcrt.dll, netapi32.dll, advapi32.dll, DWMAPI.DLL, wtsapi32.dll, windowscodecs.dll, gdi32.dll, version.dll, Shcore.dll, shell32.dll, msimg32.dll
hasFiles: True check_circle
Suspicious: System.Zip
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 364544
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 2152336
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, comctl32.dll, msctf.dll, uxtheme.dll, ole32.dll, psapi.dll, imm32.dll, kernel32.dll, oleaut32.dll, ntdll.dll, msvcrt.dll, netapi32.dll, advapi32.dll, dwmapi.dll, wtsapi32.dll, windowscodecs.dll, gdi32.dll, version.dll, shcore.dll, shell32.dll, msimg32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-10-04 10:42:50
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 10
.text: 124
.itext: 6

pushpopmath
.data: 5
.rsrc: 2
.text: 46
.reloc: 154
.didata: 1

garbagebytes
.data: 5
.text: 71
.itext: 6

hookdetection
.data: 1
.text: 1
.reloc: 11

software breakpoint
.text: 5
.reloc: 53

fakeconditionaljumps
.text: 1

programcontrolflowchange
.data: 5
.text: 70
.itext: 6

cpuinstructionsresultscomparison
.data: 7
.rsrc: 5
.text: 16
.reloc: 2

AVclass
delf
1
VirusTotal
md5
168f730848fde2ade7ae2312c1514ab0
sha1
fd3e6a564564d0c9be7c93e6c1407198b28fbaba
SCANS (DETECTION RATE = 61.11%)
AVG
result: Win32:Malware-gen
update: 20200114
version: 18.4.3895.0
detected: True check_circle

CMC
result: P2P-Worm.Win32.SpyBot!O
update: 20190321
version: 1.1.0.977
detected: True check_circle

MAX
result: malware (ai score=99)
update: 20200114
version: 2019.9.16.1
detected: True check_circle

APEX
update: 20200113
version: 5.105
detected: False cancel

Bkav
update: 20200114
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan-Downloader ( 005189791 )
update: 20200114
version: 11.86.33044
detected: True check_circle

ALYac
result: Trojan.GenericKD.6075750
update: 20200114
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20200114
version: 18.4.3895.0
detected: True check_circle

Avira
result: DR/Delphi.Gen7
update: 20200114
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20200114
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20200114
version: 7.0.44.12030
detected: False cancel

GData
result: Trojan.GenericKD.6075750
update: 20200114
version: A:25.24572B:26.17359
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200114
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20200114
version: 4.3.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200114
version: 80784
detected: True check_circle

Zoner
update: 20200114
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20200114
version: 0.102.1.0
detected: False cancel

Comodo
result: Malware@#203omrihk6dtn
update: 20200114
version: 31963
detected: True check_circle

F-Prot
update: 20200114
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Delf
update: 20200114
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!168F730848FD
update: 20200114
version: 6.0.6.653
detected: True check_circle

Rising
result: Downloader.Delf!8.16F (CLOUD)
update: 20200114
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200114
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Delf!tyk09j9CiNY
update: 20200114
version: 5.5.2.24
detected: True check_circle

Zillya
result: Downloader.Delf.Win32.55694
update: 20200113
version: 2.0.0.3996
detected: True check_circle

Acronis
update: 20200113
version: 1.1.1.58
detected: False cancel

Alibaba
result: TrojanDownloader:Win32/Generic.3b28e418
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D5CB566
update: 20200114
version: 1.0.0.869
detected: True check_circle

Cylance
result: Unsafe
update: 20200114
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20190918
version: 3.0.15
detected: False cancel

FireEye
result: Generic.mg.168f730848fde2ad
update: 20200114
version: 29.7.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200114
version: 1.0
detected: True check_circle

TACHYON
update: 20200114
version: 2020-01-14.02
detected: False cancel

Tencent
result: Win32.Trojan.Generic.Dyhb
update: 20200114
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200114
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200114
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200114
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.6075750
update: 20200114
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20200114
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan-Downloader.Delf (A)
update: 20200114
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Dropper.DR/Delphi.Gen7
update: 20200114
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Delf.CET!tr.dldr
update: 20200114
version: 6.2.137.0
detected: True check_circle

Invincea
update: 20191211
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200114
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200114
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200114
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200114
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.moderate.ml.score
update: 20191216
version: 3.2.16.890
detected: True check_circle

AhnLab-V3
update: 20200114
version: 3.17.0.26111
detected: False cancel

Antiy-AVL
result: Trojan/Win32.SGeneric
update: 20200114
version: 3.0.0.1
detected: True check_circle

Kaspersky
update: 20200114
version: 15.0.1.13
detected: False cancel

Microsoft
result: Trojan:Win32/Tiggre!rfn
update: 20200114
version: 1.1.16600.7
detected: True check_circle

Qihoo-360
result: Win32/Trojan.a62
update: 20200114
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
update: 20200114
version: 1.0
detected: False cancel

Cybereason
result: malicious.848fde
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Delf.CFE
update: 20200114
version: 20671
detected: True check_circle

TrendMicro
update: 20200114
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Trojan.GenericKD.6075750
update: 20200114
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 005189791 )
update: 20200114
version: 11.86.33043
detected: True check_circle

SentinelOne
result: DFI - Suspicious PE
update: 20191218
version: 1.12.1.57
detected: True check_circle

Avast-Mobile
update: 20200114
version: 200114-00
detected: False cancel

Malwarebytes
update: 20200114
version: 3.6.4.330
detected: False cancel

TotalDefense
update: 20200114
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200114
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Delf.etiacx
update: 20200114
version: 1.0.134.25031
detected: True check_circle

BitDefenderTheta
result: AI:Packer.900E7B6418
update: 20200113
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.6075750
update: 20200114
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20200112
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Dropper.vh
update: 20200114
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20200114
version: 10.0.0.1040
detected: False cancel

total
72
sha256
099f0947738e65544a0ed658ec7530a36b631c0400c631bb9099e7f70c92a102
scan_id
099f0947738e65544a0ed658ec7530a36b631c0400c631bb9099e7f70c92a102-1579039808
resource
168f730848fde2ade7ae2312c1514ab0
positives
44
scan_date
2020-01-14 22:10:08
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/2/2020 - 19:45:43.825Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
19/2/2020 - 19:45:43.825Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/2/2020 - 19:46:18.825Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:18.825Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:18.825Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Secur32.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:18.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:18.825Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:18.825Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/2/2020 - 19:46:18.825Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/2/2020 - 19:46:18.887Open1480C:\malware.exeC:\IPHLPAPI.DLL
19/2/2020 - 19:46:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/2/2020 - 19:46:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/2/2020 - 19:46:18.887Open1480C:\malware.exeC:\WINNSI.DLL
19/2/2020 - 19:46:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
19/2/2020 - 19:46:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
19/2/2020 - 19:46:18.887Open1480C:\malware.exeC:\DNSAPI.dll
19/2/2020 - 19:46:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/2/2020 - 19:46:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/2/2020 - 19:46:18.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
19/2/2020 - 19:46:18.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
19/2/2020 - 19:46:19.28Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
19/2/2020 - 19:46:19.28Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
19/2/2020 - 19:46:19.28Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
19/2/2020 - 19:46:19.28Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
19/2/2020 - 19:46:19.75Open1480C:\malware.exeC:\dhcpcsvc6.DLL
19/2/2020 - 19:46:19.75Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
19/2/2020 - 19:46:19.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
19/2/2020 - 19:46:19.75Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
19/2/2020 - 19:46:19.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\dhcpcsvc.DLL
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\CRYPTSP.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\RpcRtRemote.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/2/2020 - 19:46:19.122Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/2/2020 - 19:46:19.122Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/2/2020 - 19:46:19.122Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/2/2020 - 19:46:19.184Open1480C:\malware.exeC:\rasadhlp.dll
19/2/2020 - 19:46:19.184Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
19/2/2020 - 19:46:19.184Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
19/2/2020 - 19:46:19.325Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
19/2/2020 - 19:46:19.325Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
19/2/2020 - 19:46:19.325Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/2/2020 - 19:46:19.325Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\malware.exe.Local
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:19.434Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:19.434Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:19.559Open1480C:\malware.exeC:\Monitor\b
19/2/2020 - 19:46:19.559Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/2/2020 - 19:46:20.293Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
19/2/2020 - 19:46:20.293Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
19/2/2020 - 19:46:18.887Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
19/2/2020 - 19:46:18.887Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
19/2/2020 - 19:46:18.887Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
19/2/2020 - 19:46:18.887Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
19/2/2020 - 19:46:18.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
19/2/2020 - 19:46:18.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
19/2/2020 - 19:46:18.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
19/2/2020 - 19:46:18.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
19/2/2020 - 19:46:19.325Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/2/2020 - 19:46:19.325Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/2/2020 - 19:46:19.325Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/2/2020 - 19:46:19.325Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
19/2/2020 - 19:46:20.528Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/2/2020 - 19:46:20.528Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/2/2020 - 19:46:20.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/2/2020 - 19:46:20.528Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info
200.98.117.78:80 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 200.98.117.78:80

UDP
Info
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:67 arrow_forward computer localhost:68

HTTP
Info
computer localhost send GET 200.98.117.78 help_outline attach_file /sendr.php

Summary
DNS
False cancel

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 66.16%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 82.29%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 63.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 81.47%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 19.36%
suspicious: False cancel

Add to Collection
Download