Report #7733 check_circle

  • Creation Date: Feb. 28, 2020, 12:27 p.m.
  • Last Update: Feb. 28, 2020, 12:47 p.m.
  • File: 0311conversawhatsapp.exe
  • Results:
Binary
DLL
False cancel
Size
2.24MB
trid
58.3% Inno Setup installer
22.0% Win32 EXE PECompact compressed
7.5% Win32 Executable Delphi generic
5.3% DOS Borland compiled Executable
2.3% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
6c8d3dc860f651ac609a6f0300c59cc4
sha1
1ce5f170df28abbe391395c8e84ec7cd1240c13a
crc32
0x6a1e0341
sha224
20272391d9651918ad45f4bc666acd6bc97b6c6cb712152e2a2e1bd3
sha256
d374e8c8cd516642fc9118c70652beed349686f15c17a0b1449f4618e676264a
sha384
7dda6bb218ffa37eac40d589b04b7fa26cd2249dc860d644b547fc9fd3a917d93955b143de9671e19074d1ae9d6a2342
sha512
877b875ba86a0839bd98135776f90ea6d6786f63366e2e9a7abcbbc8b05a54c80e50f1ece36189425d24dfadf9a8a4e7b86f44ff741997c131a07d6472b18e46
ssdeep
49152:6JvMtg6zSNpVV6yZ9Qv5BQ/H/zu1wfzPTPvTx/d:6dMtgumpVVR9YBazuyf3D
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, IP, CookieTools, Borland_Delphi_30_, network_dropper, CRC32_poly_Constant, BASE64_table, escalate_priv, Delphi_DecodeDate, RIPEMD160_Constants, borland_delphi, Delphi_FormShow, network_dns, network_tcp_listen, CRC32_table, Microsoft_Visual_Cpp_v50v60_MFC, win_token, IsPE32, win_files_operation, win_hook, RijnDael_AES_CHAR, contentis_base64, network_tcp_socket, screenshot, Borland_Delphi_v40_v50, keylogger, win_mutex, Borland_Delphi_40_additional, Borland_Delphi_40, network_ssl, Delphi_Random, IsWindowsGUI, network_udp_sock, Delphi_Copy, anti_dbg, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, SHA1_Constants, win_registry, Delphi_CompareCall, RijnDael_AES_LONG, Delphi_StrToInt, Borland_Delphi_30_additional, Borland_Delphi_v30

Suspicious
True check_circle

Strings
List
the appropriate version of this product at http://www.componentace.com
Web site: http://www.componentace.com
t.Ht
Font.Style
Font.Name
Font.Style
Font.Name
Font.Name
Font.Style
ttp://45.63.0.235/irmao_marron_11_1.000
ttp://45.63.0.235/irmao_marron_11_1.000
ttp://45.63.13.8/flay/index.php
Invalid compressed size, rfs.size = %d, count = %d
feel free to contact us at support@componentace.com
%s.Seek not implemented$Operation not allowed on sorted list Too many rows or columns deleted$%s not in a class registration group
ssleay32.dll
t.hK
127.0.0.1
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" publicKeyToken="6595b64144ccf1df" language="*" processorArchitecture="*"/>
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
\Software\Borland\C++Builder
SSL status: "%s"
\Software\Borland\Delphi
SSL_set_connect_state
P.rsrc
Options.dat
Options.dat
Options.dat
SOFTWARE\Borland\Delphi\RTL
Delphi%.8X
Software\Borland\Locales
Software\Borland\Delphi\Locales
winspool.drv
\Software\Borland\BDS
comctl32.dll
comctl32.dll
comctl32.dll
libeay32.dll
msimg32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
\netcat.dat
Software\Borland\Database Engine
version.dll
Sf2.dll
uxtheme.dll
vcltest3.dll
0.0.0.1
ThirdPanels
Urlmon.dll
Network is down.
RdPS
Host is down.
javanet.exe
Hashed list of file names is invalid
Username
Username
Username
Username
Username
The compression scheme is
Host field is empty
Password for "%s"
Socket Error # %d
SSLv2_server_method
SSLv3_server_method
SSL_set_shutdown
SSL_shutdown
""fD**~T
+IdTCPServer
Could not load SSL library.
ControlOfs%.8X%.8X
WndProcPtr%.8X%.8X
Cannot connect to database '%s'ZAn error occurred while attempting to initialize the Borland Database Engine (error $%.4x)
Calculated
fkCalculated
Bad address.
TRecordsetReasonEvent
Socks server did not respond.$Invalid socks authentication method.%Authentication error to socks server.
Connected.
JumpID("","%s")
psJobCompleted
Missing %s property(CommandText does not return a result set{Error creating object. Please verify that the Microsoft Data Access Components 2.1 (or later) have been properly installed=Events are not supported with server side TableDirect cursors'Unsupported field type (%s) in field %s;A connection component is required for async ExecuteOptions5Cannot perform a requery after connection has changed
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
\DRIVERS\%s\DB OPEN
Array index out of range : %dVThe DecisionCube Capacity is low. Please deactivate dimensions or change the data set.QQuery could not be run. Check that the query, SQL text, and Database are correct.,Operation not allowed on sorted string list.&String list does not allow duplicates.6The maximum allowed summaries of %d has been exceeded.
- Dock zone has no control
Connect timed out.
Command not supported.
\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Connection refused.
Already connected.
Mode has not been set.
Too many open files.
TEventReason
TEventReason
TEventReason
TEventReason

Foremost
Matches
0.exe, 2 MB, 4536.png, 3 KB, 4543.png, 3 KB, 4549.png, 3 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 45.63.0.235, 1, 45.63.0.235.vultr.com., 45.63.13.8, 1, 45.63.13.8.vultr.com., 127.0.0.1, 1, localhost.
Suspicious: 0.0.0.1, 0, Unknown
hasAllowed: True check_circle
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.componentace.com
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: ssleay32.dll, MAPI32.DLL, DWMAPI.DLL, Urlmon.dll, Sf2.dll, mtxex.dll, WS2_32.DLL, user32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, IDSQL32.DLL, gdi32.dll, oleaut32.dll, idapi32.DLL, kernel32.dll, RICHED32.DLL, vcltest3.dll, libeay32.dll, version.dll, shell32.dll, msimg32.dll
hasFiles: True check_circle
Suspicious: \netcat.dat, Options.dat, ttp://45.63.13.8/flay/index.php, 2.tmp, 1.tmp
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 315904
Suspicious: False cancel
Image
Address: 9437184
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 2035888
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mapi32.dll, dwmapi.dll, urlmon.dll, mtxex.dll, ws2_32.dll, user32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, gdi32.dll, oleaut32.dll, kernel32.dll, riched32.dll, version.dll, shell32.dll, msimg32.dll
hasLibs: True check_circle
Suspicious: ssleay32.dll, sf2.dll, idsql32.dll, idapi32.dll, vcltest3.dll, libeay32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1992-06-19 19:22:17
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.0, Borland Delphi v6.0 - v7.0

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 278
.rsrc: 10

nopsequence
.idata: 1

pushpopmath
none: 47
.rsrc: 23
.idata: 8
.reloc: 59

ss register
none: 3

garbagebytes
none: 270

hookdetection
none: 6
.reloc: 2

software breakpoint
none: 15
.reloc: 33

programcontrolflowchange
none: 270

cpuinstructionsresultscomparison
none: 55
.rsrc: 29
.reloc: 3

AVclass
banload
1
VirusTotal
md5
6c8d3dc860f651ac609a6f0300c59cc4
sha1
1ce5f170df28abbe391395c8e84ec7cd1240c13a
SCANS (DETECTION RATE = 67.16%)
AVG
result: Win32:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=87)
update: 20180323
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 004d5e5c1 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
result: Trojan.GenericKD.4644381
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Dldr.Banload.791
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.SSZX-4544
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
update: 20180323
version: 7.0.28.2020
detected: False cancel

GData
result: Trojan.GenericKD.4644381
update: 20180323
version: A:25.16478B:25.11859
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.Banload
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65472
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
update: 20180323
version: 28732
detected: False cancel

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!6C8D3DC860F6
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Malware.Undefined!8.C (TFE:4:d90xVgl2UXI)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!cq5QL1Wfhbk
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180323
version: 2.0.0.3519
detected: False cancel

Arcabit
result: Trojan.Generic.D46DE1D
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan-downloader.Banload.Wrhd
update: 20180323
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180323
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.4644381
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Downloader.W32.Banload!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.4644381 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.4644381
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banload.WQS!tr.dldr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
update: 20180323
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Malware/Gen.Generic.C1243755
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.AGeneric
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Banload
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
update: 20180323
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.860f65
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.WQS
update: 20180323
version: 17106
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DBG18
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Trojan.GenericKD.4644381
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 004d5e5c1 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Downloader.Banload.26708
update: 20180322
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.dynisl
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.4644381
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.BadFile.vh
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DBG18
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
d374e8c8cd516642fc9118c70652beed349686f15c17a0b1449f4618e676264a
scan_id
d374e8c8cd516642fc9118c70652beed349686f15c17a0b1449f4618e676264a-1521828628
resource
6c8d3dc860f651ac609a6f0300c59cc4
positives
45
scan_date
2018-03-23 18:10:28
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
28/2/2020 - 11:45:43.75Read1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
28/2/2020 - 11:45:43.75Read1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.75Read1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.90Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.90Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.90Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.90Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.90Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.200Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.200Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.200Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.215Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.215Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.215Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.215Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
28/2/2020 - 11:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
28/2/2020 - 11:45:43.215Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 11:45:43.325Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 11:45:43.325Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 11:45:43.325Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 11:45:43.325Unknown1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\
28/2/2020 - 11:45:43.325Unknown1480C:\malware.exeC:\
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\Monitor
28/2/2020 - 11:45:43.325Unknown1480C:\malware.exeC:\Monitor
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 11:45:43.325Unknown1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\RICHED32.DLL
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\riched32.dll
28/2/2020 - 11:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\riched32.dll
28/2/2020 - 11:45:43.512Open1480C:\malware.exeC:\RICHED20.dll
28/2/2020 - 11:45:43.512Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
28/2/2020 - 11:45:43.512Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
28/2/2020 - 11:45:43.559Open1480C:\malware.exeC:\Windows\win.ini
28/2/2020 - 11:45:43.559Read1480C:\malware.exeC:\Windows\win.ini
28/2/2020 - 11:45:43.606Open1480C:\malware.exeC:\Program Files (x86)\Common Files\System\ado\msado15.dll
28/2/2020 - 11:45:43.606Open1480C:\malware.exeC:\Program Files (x86)\Common Files\System\ado\msado15.dll
28/2/2020 - 11:45:43.637Open1480C:\malware.exeC:\Program Files (x86)\Common Files\System\ado\MSDART.DLL
28/2/2020 - 11:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\msdart.dll
28/2/2020 - 11:45:43.653Open1480C:\malware.exeC:\Windows\SysWOW64\msdart.dll
28/2/2020 - 11:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
28/2/2020 - 11:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
28/2/2020 - 11:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
28/2/2020 - 11:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\DNSAPI.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\IPHLPAPI.DLL
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\WINNSI.DLL
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
28/2/2020 - 11:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
28/2/2020 - 11:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
28/2/2020 - 11:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
28/2/2020 - 11:45:43.856Open1480C:\malware.exeC:\rasadhlp.dll
28/2/2020 - 11:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
28/2/2020 - 11:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
28/2/2020 - 11:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 11:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 11:46:3.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\NBH8989400
28/2/2020 - 11:46:3.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\NBH8989400
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 11:46:8.872Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 11:46:8.872Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\Secur32.dll
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 11:46:8.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 11:46:8.872Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 11:46:8.872Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 11:46:8.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
28/2/2020 - 11:46:8.887Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 11:46:8.887Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 11:46:8.887Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 11:46:8.887Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
28/2/2020 - 11:46:8.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
28/2/2020 - 11:46:8.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
28/2/2020 - 11:46:9.28Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
28/2/2020 - 11:46:9.28Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
28/2/2020 - 11:46:9.75Open1480C:\malware.exeC:\dhcpcsvc6.DLL
28/2/2020 - 11:46:9.75Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
28/2/2020 - 11:46:9.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 11:46:9.75Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
28/2/2020 - 11:46:9.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\CRYPTSP.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\RpcRtRemote.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
28/2/2020 - 11:46:9.122Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
28/2/2020 - 11:46:9.122Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\dhcpcsvc.DLL
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
28/2/2020 - 11:46:9.122Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
28/2/2020 - 11:46:9.168Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
28/2/2020 - 11:46:9.168Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 11:46:9.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 11:46:9.278Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 11:46:10.325Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 11:46:10.325Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 11:46:14.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\NBH8989400\468485984089485748757480.24F
28/2/2020 - 11:46:14.684Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
28/2/2020 - 11:46:3.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\AssociationsLowRiskFileTypes
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
28/2/2020 - 11:46:8.887Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
28/2/2020 - 11:46:8.887Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
28/2/2020 - 11:46:8.887Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
28/2/2020 - 11:46:8.887Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
28/2/2020 - 11:46:8.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
28/2/2020 - 11:46:8.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
28/2/2020 - 11:46:8.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
28/2/2020 - 11:46:8.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
28/2/2020 - 11:46:9.168Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 11:46:9.168Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 11:46:9.168Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 11:46:9.168Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
28/2/2020 - 11:46:10.559Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 11:46:10.559Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 11:46:10.559Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 11:46:10.559Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.

Response
computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255


TCP
Info
computer localhost:65191 arrow_forward 45.63.0.235:80
45.63.0.235:80 arrow_forward computer localhost:65191

UDP
Info
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:67 arrow_forward computer localhost:68
computer localhost:50273 arrow_forward computer localhost:53

HTTP
Info
computer localhost send GET 45.63.0.235 help_outline attach_file /irmao_marron_11_1.000

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 59.98%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 90.50%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 54.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 42.03%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 68.14%
suspicious: False cancel

Add to Collection
Download