Report #733 check_circle

  • Creation Date: Oct. 19, 2019, 2:57 a.m.
  • Last Update: Oct. 19, 2019, 9:34 a.m.
  • File: 040
  • Results:
Binary
DLL
False cancel
Size
376.22KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
55ab9a17e27426f0329f37b34d8a6054
sha1
81e263f5d8c0631faa5f5f7ce383556a8fe9ba5a
crc32
0x5fb0ab4d
sha224
8156cd1ab20dc760677cb3142fadef3b72e87de514b9bfdbc3722e8b
sha256
5baf3b28abd3837e47ba0b0239ee6515098f205109dba4a54477163b11998dab
sha384
6495e1268078aec73fdb7ac5708ba82c99a978cd8b047113efaf0a3ff21b6f56057a0678704efcfd044f881b1d606da3
sha512
351c32ce6fc166f0e1a89392b966102640378086b36307a1dbe93116b3a3c5044960554a80b02257450a28781d4f2b7a276b110565ae347b2a3fdfbe6c7c1c48
ssdeep
6144:4lCqqIZ25g7J78zn2YR+dvN3AjfBeQAOZBd2AhWBI3ut3Uy6TRLmb8A:4lxtI5uQb2YRcv9Qndh+2utEyQFm5
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, HasDebugData, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, IsPacked, HasOverlay, maldoc_find_kernel32_base_method_1, win_files_operation, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
t.SV
z.IL
.e.Ps
{I2.sM
wA5-D
0&oPMD
re-f
PcD&o
fr-be
fr-ca
fr-ch
operator ""
ogi>s4Vk%1i
E6p%s
Main Returned.
no space on device
no such process
resource deadlock would occur
no such device or address
operation in progress
too many links
value too large
file too large
too many files open
device or resource busy
too many files open in system
no such device
operation canceled
operation not permitted
mscoree.dll
IsProcessorFeaturePresent
GetProcAddress
ExitProcess
SShU
identifier removed
CreateEventW
;K.gL
operation would block
IsDebuggerPresent
executable format error
Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
TerminateProcess
WriteProcessMemory
too many symbolic link levels
permission denied
VirtualProtect
GetModuleFileNameW
LoadLibraryExW
FindFirstFileExW
FindNextFileW
CreateFileW
FreeLibrary
GetModuleHandleA
QueryPerformanceCounter
GetModuleHandleW
WriteFile
LC_CTYPE
ReadFile
host unreachable
LC_COLLATE
LC_NUMERIC
LC_MONETARY
network reset
network down
broken pipe
BLC_ALL
LC_TIME
not a socket
B{@[I:t
Sleep
api-ms-win-security-systemfunctions-l1-1-0
5!5%5)5-5155595=5A5E5I5M5Q5U5Y5]5a5e5i5
GetCPInfo
fr-LU
fr-CA
fr-CH
GetProcessHeap
3#3+31373A3M3Y3c3
1&272<2A2b2g2t2
network unreachable
.?AVbad_cast@std@@
8%8,818B8I8N8_8f8k8|8
:!:':-:3:8:>:D:J:O:U:[:a:f:l:r:x:}:
.rdata$zETW9
.rdata$zETW1
.rdata$zETW2
.rdata$zETW0
D8(Ht5F
api-ms-win-core-file-l2-1-1
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-winrt-l1-1-0
_nextafter
.?AV?$_Iosb@H@std@@
__vectorcall
.?AVios_base@std@@
!!!2aaaZiiichhhchhhchhhchhhchhhchhhchhhchhhchhhchhhchhhchhhchhhciiiciiichhhchhhchhhchhhchhhciiib\\\W
1 1$1(1,10141@1D1H1L1P1T1X1\1`1p1t102H2x2
\1d1h1l1p1t1x1|1
pr-china
.?AVfacet@locale@std@@

Foremost
Matches
0.exe, 281 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll, kernel32.dll, ADVAPI32.dll, USER32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 95232
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .gfids, .tls, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 14.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 66411
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll, kernel32.dll, advapi32.dll, user32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-07-23 03:34:52
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 2

pushret
.rdata: 6

pushpopmath
.text: 2
.gfids: 1
.rdata: 11
.reloc: 8

sizeofimage
.text: 2

garbagebytes
.rdata: 4

hookdetection
.rdata: 1
.reloc: 1

stealthimport
.text: 1

peb ntglobalflag
.text: 1

isdebbugerpresent
.text: 2

software breakpoint
.reloc: 5

fakeconditionaljumps
.text: 11

programcontrolflowchange
.rdata: 4

cpuinstructionsresultscomparison
.rdata: 1

AVclass
cutwail
1
VirusTotal
md5
55ab9a17e27426f0329f37b34d8a6054
sha1
81e263f5d8c0631faa5f5f7ce383556a8fe9ba5a
SCANS (DETECTION RATE = 82.61%)
AVG
result: Win32:Malware-gen
update: 20191018
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20191019
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20191015
version: 5.74
detected: True check_circle

Bkav
update: 20191018
version: 1.3.0.10239
detected: False cancel

K7GW
result: Trojan ( 005574bb1 )
update: 20191010
version: 11.72.32236
detected: True check_circle

ALYac
result: Trojan.Autoruns.GenericKDS.31118114
update: 20191018
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20191018
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.bthxm
update: 20191019
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20191019
version: 6.2.2.2
detected: False cancel

DrWeb
result: Trojan.DownLoad3.46154
update: 20191019
version: 7.0.41.7240
detected: True check_circle

GData
result: Trojan.Autoruns.GenericKDS.31118114
update: 20191019
version: A:25.23718B:26.16340
detected: True check_circle

Panda
result: Trj/CI.A
update: 20191018
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.TrojanPSW.Stealer
update: 20191018
version: 4.2.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20191015
version: 78610
detected: True check_circle

Zoner
update: 20191019
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20191018
version: 0.102.0.0
detected: False cancel

Comodo
result: Malware@#77pfo4fmj9oh
update: 20191019
version: 31619
detected: True check_circle

F-Prot
update: 20191019
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Win32.Krypt
update: 20191018
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!55AB9A17E274
update: 20191019
version: 6.0.6.653
detected: True check_circle

Rising
result: Ransom.Filecoder!1.B41F (CLASSIC)
update: 20191019
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20191018
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Cutwail!WQ5pzIL50gU
update: 20191018
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Autoruns.Win32.20
update: 20191018
version: 2.0.0.3929
detected: True check_circle

Acronis
result: suspicious
update: 20191018
version: 1.1.1.58
detected: True check_circle

Alibaba
result: Trojan:Win32/Cutwail.5c570b60
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Autoruns.GenericS.D1DAD322
update: 20191018
version: 1.0.0.859
detected: True check_circle

Cylance
result: Unsafe
update: 20191019
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190918
version: 3.0.15
detected: True check_circle

FireEye
result: Generic.mg.55ab9a17e27426f0
update: 20191019
version: 29.7.0.0
detected: True check_circle

TACHYON
result: Trojan/W32.Cutwail.385247
update: 20191019
version: 2019-10-19.01
detected: True check_circle

Tencent
update: 20191019
version: 1.0.0.1
detected: False cancel

ViRobot
result: Trojan.Win32.Z.Autoruns.385247
update: 20191018
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.Gen
update: 20191019
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_99%
update: 20191019
version: v5.0.6
detected: True check_circle

Ad-Aware
result: Trojan.Autoruns.GenericKDS.31118114
update: 20191018
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Cutwail.4!c
update: 20191018
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.Autoruns.GenericKDS.31118114 (B)
update: 20191019
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Kryptik.bthxm
update: 20191019
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/GenKryptik.CGBM!tr
update: 20191019
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190904
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: AdWare.Hpdefender.azq
update: 20191019
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20191019
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20191019
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20191018
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
result: Spyware/Win32.Bebloh.C2632255
update: 20191018
version: 3.16.3.25410
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Cutwail
update: 20191018
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.Win32.Cutwail.xar
update: 20191019
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDropper:Win32/Cutwail
update: 20191018
version: 1.1.16500.1
detected: True check_circle

Qihoo-360
result: Win32/Trojan.63d
update: 20191019
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan.Win32.Cutwail.xar
update: 20191018
version: 1.0
detected: True check_circle

Cybereason
result: malicious.7e2742
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/GenKryptik.CGBM
update: 20191019
version: 20205
detected: True check_circle

TrendMicro
result: TSPY_CUTWAIL.YNBM
update: 20191019
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.Autoruns.GenericKDS.31118114
update: 20191019
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005574bb1 )
update: 20191018
version: 11.73.32315
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20191012
version: 191012-04
detected: False cancel

Malwarebytes
update: 20191019
version: 2.1.1.1115
detected: False cancel

CAT-QuickHeal
result: Trojan.Cutwail
update: 20191018
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Cutwail.ffqzzc
update: 20191019
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Trojan.Autoruns.GenericKDS.31118114
update: 20191019
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
result: Trojan.Agent/Gen-Injector
update: 20191019
version: 5.6.0.1032
detected: True check_circle

McAfee-GW-Edition
result: BehavesLike.Win32.Trojan.fc
update: 20191018
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TSPY_CUTWAIL.YNBM
update: 20191019
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
5baf3b28abd3837e47ba0b0239ee6515098f205109dba4a54477163b11998dab
scan_id
5baf3b28abd3837e47ba0b0239ee6515098f205109dba4a54477163b11998dab-1571448898
resource
55ab9a17e27426f0329f37b34d8a6054
positives
57
scan_date
2019-10-19 01:34:58
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Machine Crashed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel
Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle
SVC (Kernel=Linear, NFS-BRMalware)
confidence: 95.40%
suspicious: False cancel
Random Forest (100 estimators, NFS-BRMalware)
confidence: 66.00%
suspicious: False cancel
Add to Collection
Download