Report #7091 cancel

  • Creation Date: Feb. 20, 2020, 4:38 p.m.
  • Last Update: Feb. 20, 2020, 6:21 p.m.
  • File: UyRArhwH.exe
  • Results:
Binary
DLL
False cancel
Size
2.61MB
trid
52.1% Win32 EXE PECompact compressed
36.7% Win32 EXE PECompact compressed
3.9% Win32 Executable
1.8% Win16/32 Executable Delphi generic
1.7% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
9ccbc61226b0f01af8a5b9d74f3dd656
sha1
74c2054b38633201b752d62bbc0fe58120ad6861
crc32
0x958907ae
sha224
7a7b885551e31df700e9938f0deb6b1efcbc7ee6e0c1f91f1301af24
sha256
f38ad5e65a90a70e3f6bb1192844247882e926b9766e3a088c3751ca3c20b566
sha384
6fd7d34ebea9cf6ac598f68fb5bf92fa1a4816f31e4ac32c1a1f482f672729602f58b7b31fc5026d44c13094d3186d9e
sha512
0425564e9201ccc9394174644f03031a528f1e278507ccadf3903f6f05bc5c8d831ade7c654d6a6a284bb4a6f4264fceb26a3009c94958497cf9acd93cea86e5
ssdeep
49152:QkdQ0BcSPlgFzyTlnP0R8XiGgezPEQ5MmpyyIRdBFCyutqI1pdyrmTkAjC:a+SJylZXiGFX5dZ2dBF9uoIFy1n
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, PECompact_2x_Jeremy_Collake, PECompact_v20_additional, PECompact_v20, PECompact_V2X_Bitsum_Technologies_additional, PECompact_20x_Heuristic_Mode_Jeremy_Collake, HasOverlay, PECompact_v2xx_additional, PECompactv2xx, IsPE32, PeCompact_v208_Bitsum_Technologiessignature_by_loveboom, PECompact2xxBitSumTechnologies, PECompact_v2xx, PeCompact_2xx_BitSum_Technologies, IP, contentis_base64, IsPacked, PeCompact_253_DLL_BitSum_Technologies_additional, IsWindowsGUI, PECompactV2XBitsumTechnologies, HasDigitalSignature, PECompact_2xx_BitSum_Technologies, PeCompact_253_DLL_BitSum_Technologies, pecompact2, url, PECompact_V2X_Bitsum_Technologies

Suspicious
True check_circle

Strings
List
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
Jhttp://repositorio.icpbrasil.gov.br/lcr/ACSOLUTI/ac-soluti-multipla-v1.crl0
;https://ccd.acsoluti.com.br/docs/dpc-ac-soluti-multipla.pdf0
9http://ccd2.acsoluti.com.br/lcr/ac-soluti-multipla-v1.crl0P
8http://ccd.acsoluti.com.br/lcr/ac-soluti-multipla-v1.crl0?
comerciallarbelle@outlook.com
8http://ccd.acsoluti.com.br/lcr/ac-soluti-multipla-v1.p7b0
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
A.ms
t.gS
G.de
Ea.NO
l.sV
9.yT
J.iR
D.bh
bW.im
Y.fO
N.BB
f.bD
mO-.vU
gg)F5Iw.eg
http://www.usertrust.com1
http://www.usertrust.com1
1.NL
-QJ.rw
-.KP
http://ocsp.usertrust.com0
'bw.NO
b.kh
wsock32.dll
winspool.drv
c.abi
O.rey
olepro32.dll
comctl32.dll
netapi32.dll
i.egun
nG.oyi\P
version.dll
1.0.0.0
1.0.0.0
ntdll.dll
oleacc.dll
winmm.dll
mpr.dll
HfD.u,
NAg|?
I:_HE
I:~c_a
'"%/
%/eh
?f)kpOR
a.tr#
dI:t
aFh>
Ha&o
GT&o
op,E
WGau/
abH+e
CrW{a
N%ed16[&
name="Microsoft.Windows.Common-Controls"
~i?%n"8
l%g8.RH
w%i2E}r
)s%9ANH
&\%3e
s%0F-t
#[%E1O
<Rt`k%g&i
(nm%gpS|a
-u(H>%eIK.Y
Vo::c%s<
5M%oh
%4FeH
ro%p}
{R(A%*n
<%tn;
%i\)n
/%El^.
d%p(tE
%arG{
Ns%i#
k}hA%i
Y?%he
%n|`I
lF.t%E
U%|slM
E-t%-p
%LER$l
=%eM`o
#k%lAYd
iI%eIh"
uAon0%o
RofDe
oor%G
fDgI
%dtGt

Foremost
Matches
0.exe, 2 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious: http://ccd2.acsoluti.com.br/lcr/ac-soluti-multipla-v1.crl0p, http://www.usertrust.com1, http://ccd.acsoluti.com.br/lcr/ac-soluti-multipla-v1.p7b0, http://crl.usertrust.com/utn-userfirst-object.crl05, https://ccd.acsoluti.com.br/docs/dpc-ac-soluti-multipla.pdf0, http://repositorio.icpbrasil.gov.br/lcr/acsoluti/ac-soluti-multipla-v1.crl0, http://ocsp.usertrust.com0, http://ccd.acsoluti.com.br/lcr/ac-soluti-multipla-v1.crl0?
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: netapi32.dll, oleaut32.dll, msvcrt.dll, oleacc.dll, user32.dll, comdlg32.dll, version.dll, mpr.dll, comctl32.dll, advapi32.dll, gdi32.dll, gdiplus.dll, wsock32.dll, kernel32.dll, winmm.dll, olepro32.dll, ntdll.dll, ole32.dll, shell32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2209280
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 2746723
Suspicous: False cancel

Sections
Allowed: .text, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4096
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: netapi32.dll, oleaut32.dll, msvcrt.dll, oleacc.dll, user32.dll, comdlg32.dll, version.dll, mpr.dll, comctl32.dll, advapi32.dll, gdi32.dll, gdiplus.dll, wsock32.dll, kernel32.dll, winmm.dll, olepro32.dll, ntdll.dll, ole32.dll, shell32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-06-23 03:05:08
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: PECompact 2.x -> Jeremy Collake, PECompact v2.0, PeCompact 2.53 DLL --> BitSum Technologies, PECompact 2.0x Heuristic Mode -> Jeremy Collake
Compiled: False cancel
Compilers
MainPacker: PECompact 2.xx --> BitSum Technologies

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 17
.text: 1371

pushpopmath
.rsrc: 5
.text: 736

ss register
.text: 24

garbagebytes
.rsrc: 9
.text: 488

hookdetection
.text: 56

software breakpoint
.text: 40

fakeconditionaljumps
.text: 37

programcontrolflowchange
.rsrc: 9
.text: 453

cpuinstructionsresultscomparison
.rsrc: 42
.text: 3

AVclass
delf
1
VirusTotal
md5
9ccbc61226b0f01af8a5b9d74f3dd656
sha1
74c2054b38633201b752d62bbc0fe58120ad6861
SCANS (DETECTION RATE = 57.35%)
AVG
result: Win32:Malware-gen
update: 20181013
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20181012
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=86)
update: 20181013
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20181011
version: 1.3.0.9898
detected: False cancel

K7GW
result: Unwanted-Program ( 00511cac1 )
update: 20181012
version: 11.7.28695
detected: True check_circle

ALYac
result: Trojan.GenericKD.5502000
update: 20181013
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20181013
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1028101
update: 20181012
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20181012
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/GenBl.9CCBC612!Olympus
update: 20181013
version: 6.0.0.4
detected: True check_circle

DrWeb
result: Trojan.PWS.Banker1.24002
update: 20181013
version: 7.0.33.6080
detected: True check_circle

GData
result: Trojan.GenericKD.5502000
update: 20181012
version: A:25.18880B:25.13433
detected: True check_circle

Panda
result: Trj/CI.A
update: 20181012
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.Agent
update: 20181012
version: 3.33.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20181012
version: 70242
detected: True check_circle

Zoner
update: 20181012
version: 1.0
detected: False cancel

ClamAV
update: 20181012
version: 0.100.2.0
detected: False cancel

Comodo
update: 20181012
detected: False cancel

F-Prot
update: 20181013
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Win32.Agent
update: 20181012
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!9CCBC61226B0
update: 20181012
version: 6.0.6.653
detected: True check_circle

Rising
update: 20181012
version: 25.0.0.24
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20181012
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!Jrvtj/j9jJw
update: 20181012
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.Agent.Win32.807659
update: 20181012
version: 2.0.0.3667
detected: True check_circle

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
result: Trojan.Generic.D53F430
update: 20181013
version: 1.0.0.833
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20181013
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180730
version: 3.0.1
detected: True check_circle

TACHYON
update: 20181012
version: 2018-10-12.02
detected: False cancel

Tencent
result: Win32.Trojan.Agent.Hxqh
update: 20181013
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20181012
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20181013
version: 1.0.0.403
detected: False cancel

eGambit
update: 20181013
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.5502000
update: 20181012
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20181012
version: 4.2
detected: False cancel

Emsisoft
result: Trojan.GenericKD.5502000 (B)
update: 20181013
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Trojan.GenericKD.5502000
update: 20181012
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Agent.NFAEYB!tr
update: 20181013
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180717
version: 6.3.5.26121
detected: False cancel

Jiangmin
update: 20181012
version: 16.0.100
detected: False cancel

Kingsoft
update: 20181013
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20181013
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20181012
version: 1.7.0.0
detected: True check_circle

AhnLab-V3
update: 20181012
version: 3.13.1.21616
detected: False cancel

Antiy-AVL
result: Trojan/Win32.Agent
update: 20181013
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.Win32.Delf.ensh
update: 20181012
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Tiggre!rfn
update: 20181013
version: 1.1.15300.6
detected: True check_circle

Qihoo-360
result: Win32/Trojan.665
update: 20181013
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20181011
version: 6.8.0.5.3735
detected: False cancel

ZoneAlarm
result: Trojan.Win32.Delf.ensh
update: 20181013
version: 1.0
detected: True check_circle

Cybereason
result: malicious.226b0f
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Spy.Delf.QNO
update: 20181012
version: 18206
detected: True check_circle

TrendMicro
update: 20181010
version: 10.0.0.1040
detected: False cancel

BitDefender
result: Trojan.GenericKD.5502000
update: 20181013
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_60% (D)
update: 20180723
version: 1.0
detected: True check_circle

K7AntiVirus
result: Unwanted-Program ( 00511cac1 )
update: 20181012
version: 11.7.28695
detected: True check_circle

SentinelOne
update: 20181011
version: 1.0.19.245
detected: False cancel

Avast-Mobile
update: 20181012
version: 181012-00
detected: False cancel

Malwarebytes
update: 20181013
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20181012
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20181011
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Agent.eqxhjd
update: 20181012
version: 1.0.134.24036
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.5502000
update: 20181012
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20181012
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20181012
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20181010
version: 10.0.0.1040
detected: False cancel

total
68
sha256
f38ad5e65a90a70e3f6bb1192844247882e926b9766e3a088c3751ca3c20b566
scan_id
f38ad5e65a90a70e3f6bb1192844247882e926b9766e3a088c3751ca3c20b566-1539391038
resource
9ccbc61226b0f01af8a5b9d74f3dd656
positives
39
scan_date
2018-10-13 00:37:18
verbose_msg
Scan finished, information embedded
response_code
1
Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 89.52%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 83.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 56.71%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.80%
suspicious: False cancel