Report #69 cancel

  • Creation Date: May 8, 2019, 3:50 p.m.
  • Last Update: May 8, 2019, 5:17 p.m.
  • File: 9k2vBbHr.exe
  • Results:
Binary
DLL
False cancel
Size
418.52KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
dc5532e5ea9ac29014118b397d3f387b
sha1
a6bed53af015148e2f4f7c3d507b83a7b4c1e153
crc32
0x802964f3
sha224
6104800ad56b505bcbbc41028a620fb0d0776904455fbdf3dacdcf71
sha256
90b13f3aa9d4bfe5859218aef13c0da5816ba6a877ea7545e1d4c72b0271b433
sha384
883a7bda9f1cfbc4b7286ed36de61fc58be065252f3be21e2f7ceef71b3b56540ca49ef5b26130ebfee77b15dabc0557
sha512
63db9059d1dd896cfab2b48cecbac6b63b8f10c1fb22bf2d7300c51aa792521528c98acaf2a0fa01da51ff8f3ac046c660fbdb361f84276aec4ff8544341067e
ssdeep
12288:fM9Ay2i6ZZQV02Rm5O2/PDqW/WBdrisxnTO7TsLYOs:fM9Api6ZZQW2aUd2sBO7ThOs
Community
Google
1
HashLib
0
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, HasDigitalSignature, url, IP, contentis_base64, HasOverlay, Microsoft_Visual_Cpp_8, CRC32_table, win_registry, IsConsole, CRC32_poly_Constant, win_files_operation, IsPE32, HasRichSignature, Big_Numbers0

Suspicious
1

Heuristics
IPs
hasIPs: 1
Allowed: 2.8.131.11, 1, anantes-650-1-198-11.w2-8.abo.wanadoo.fr.
Suspicious
hasAllowed: 1
hasSuspicious: 0

URLs
Allowed
hasURLs: 1
Suspicious: http://s2.symcb.com0, http://www.symauth.com/rpa00, http://sv.symcb.com/sv.crt0, http://crl.thawte.com/thawtetimestampingca.crl0, http://sv.symcd.com0&, http://www.symauth.com/cps0(, http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(, http://sv.symcb.com/sv.crl0f, http://ocsp.thawte.com0, https://d.symcb.com/cps0%, http://s1.symcb.com/pca3-g5.crl0, http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<, https://d.symcb.com/rpa0, http://ts-ocsp.ws.symantec.com07
hasAllowed: 0
hasSuspicious: 1

Files
Allowed: WUSER32.DLL, nKERNEL32.DLL, mscoree.dll, ADVAPI32.dll, SHELL32.dll, OLEAUT32.dll, USER32.dll, VERSION.dll, msimsg.dll, ole32.dll, msi.dll, KERNEL32.dll
hasFiles: 1
Suspicious: jaureglist.xml, rt.jar, jusched.log
hasAllowed: 1
hasSuspicious: 1

Binary
Sizes
RVA
RVA: 16
Suspicious: 0
Code
Size: 161280
Suspicious: 0
Image
Address: 4194304
Suspicious: 0
Stack
Stack: 4096
Suspicious: 0
Headers
Headers: 1024
Suspicious: 0
Suspicious: 0

Symbols
Number
Number: 0
Suspicious: 1
Pointer
Pointer: 0
Suspicious: 1
Directories
Number: 16
Suspicious: 0

Checksum
Value: 438290
Suspicous: 0

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: 1
hasSections: 1
hasSuspicious: 0

Versions
OS
Version: 5
Suspicious: 0
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 10.0
Suspicious: 0
Subsystem
Version: 5.1
Suspicious: 0
Suspicious: 0

EntryPoint
Address: 160529
Suspicious: 0

Anomalies
Anomalies
hasAnomalies: 0

Libraries
Allowed: mscoree.dll, advapi32.dll, shell32.dll, oleaut32.dll, user32.dll, version.dll, msimsg.dll, ole32.dll, msi.dll, kernel32.dll
hasLibs: 1
Suspicious: wuser32.dll, nkernel32.dll
hasAllowed: 1
hasSuspicious: 1

Timestamp
Past: 0
Valid: 1
Value: 2017-03-15 06:43:13
Future: 0

Compilation
Packed: 0
Missing: 0
Packers
Compiled: 1
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: 0
Fuzzing: 1

Disassembly
hasTricks
1
Tricks
pushret
.data: 1
.rsrc: 6
.text: 2
.rdata: 8

pushpopmath
.rsrc: 5
.text: 4
.rdata: 13
.reloc: 14

garbagebytes
.data: 1
.rsrc: 1
.text: 2
.rdata: 3

hookdetection
.rdata: 1

stealthimport
.text: 3

software breakpoint
.text: 8
.rdata: 1
.reloc: 7

fakeconditionaljumps
.text: 2

programcontrolflowchange
.data: 1
.rsrc: 1
.text: 2
.rdata: 3

cpuinstructionsresultscomparison
.rdata: 4

AVclass
None
1
VirusTotal
md5
dc5532e5ea9ac29014118b397d3f387b
sha1
a6bed53af015148e2f4f7c3d507b83a7b4c1e153
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20190319
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190319
version: 1.1.0.977
detected: False cancel

MAX
update: 20190319
version: 2018.9.12.1
detected: False cancel

Bkav
update: 20190318
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20190319
version: 11.34.30329
detected: False cancel

ALYac
update: 20190319
version: 1.1.1.5
detected: False cancel

Avast
update: 20190319
version: 18.4.3895.0
detected: False cancel

Avira
update: 20190319
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190319
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190319
version: 7.0.34.11020
detected: False cancel

GData
update: 20190319
version: A:25.21178B:25.14641
detected: False cancel

Panda
update: 20190319
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190319
version: 4.0.0
detected: False cancel

Zoner
update: 20190318
version: 1.0
detected: False cancel

ClamAV
update: 20190319
version: 0.101.1.0
detected: False cancel

Comodo
update: 20190319
version: 30593
detected: False cancel

Ikarus
update: 20190319
version: 0.1.5.2
detected: False cancel

McAfee
update: 20190319
version: 6.0.6.653
detected: False cancel

Rising
update: 20190319
version: 25.0.0.24
detected: False cancel

Sophos
update: 20190319
version: 4.98.0
detected: False cancel

Yandex
update: 20190318
version: 5.5.1.3
detected: False cancel

Zillya
update: 20190319
version: 2.0.0.3777
detected: False cancel

Acronis
update: 20190319
version: 1.0.1.40
detected: False cancel

Alibaba
update: 20190306
version: 0.2.0.3
detected: False cancel

Arcabit
update: 20190319
version: 1.0.0.844
detected: False cancel

Babable
update: 20180918
version: 9107201
detected: False cancel

Endgame
update: 20190215
version: 3.0.3
detected: False cancel

TACHYON
update: 20190319
version: 2019-03-19.02
detected: False cancel

Tencent
update: 20190319
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190319
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20190319
version: v4.3.6
detected: False cancel

Ad-Aware
update: 20190319
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190319
version: 4.2
detected: False cancel

Emsisoft
update: 20190319
version: 2018.4.0.1029
detected: False cancel

F-Secure
update: 20190319
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20190319
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190313
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190319
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190319
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190319
version: 1.0
detected: False cancel

Trapmine
update: 20190301
version: 3.1.48.748
detected: False cancel

AhnLab-V3
update: 20190319
version: 3.15.0.23609
detected: False cancel

Antiy-AVL
update: 20190319
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20190319
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20190319
version: 1.1.15700.9
detected: False cancel

Qihoo-360
update: 20190319
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20190319
version: 6.8.0.5.4089
detected: False cancel

Trustlook
update: 20190319
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190319
version: 1.0
detected: False cancel

Cybereason
update: 20190109
version: 1.2.27
detected: False cancel

ESET-NOD32
update: 20190319
version: 19053
detected: False cancel

BitDefender
update: 20190319
version: 7.2
detected: False cancel

CrowdStrike
update: 20190212
version: 1.0
detected: False cancel

K7AntiVirus
update: 20190319
version: 11.34.30331
detected: False cancel

SentinelOne
update: 20190317
version: 1.0.24.302
detected: False cancel

Avast-Mobile
update: 20190319
version: 190319-00
detected: False cancel

Malwarebytes
update: 20190319
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190318
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190319
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190319
version: 1.0.134.24576
detected: False cancel

MicroWorld-eScan
update: 20190319
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20190314
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190319
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20190319
version: 10.0.0.1040
detected: False cancel

total
65
sha256
90b13f3aa9d4bfe5859218aef13c0da5816ba6a877ea7545e1d4c72b0271b433
scan_id
90b13f3aa9d4bfe5859218aef13c0da5816ba6a877ea7545e1d4c72b0271b433-1553022073
resource
dc5532e5ea9ac29014118b397d3f387b
positives
0
scan_date
2019-03-19 19:01:13
verbose_msg
Scan finished, information embedded
response_code
1
Results
Random Forest
detected: TBD
confidence: TBD