Report #8002 cancel

  • Creation Date: Feb. 28, 2020, 5:16 p.m.
  • Last Update: Feb. 28, 2020, 9:55 p.m.
  • File: accoresgmt.exe
  • Results:
Binary
DLL
False cancel
Size
2.60MB
trid
42.7% Win32 Executable
19.2% OS/2 Executable
18.9% Generic Win/DOS Executable
18.9% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
ff15b596ed643b1639a6ef9f105926b5
sha1
1ab94bd1cac1c4a3c54feda202847b56247f20d9
crc32
0x64057da2
sha224
276efdf6b867d082f73b7973386671035c071cc2250d8ca24da1fd88
sha256
714a79c98897fbe72142fd5d0ed413bcd9c93262db6a2e66bc97b07e0a26a1a8
sha384
1f0a29a647c52c5cc3c11921d2da23526bfd96a88cab4257dc581eca2d6c732fcd1c12b412d098a3b418d1e54fbfad32
sha512
98e84d3cc21aabc9ef4d5c4738aced7846fd7f9db3dc80aaadf1f87ead76c1755a83af8889391d37059cd4d6272fcdaed1aa202a7eab41af26b2e6314c25229d
ssdeep
49152:7B2jkaIrmvDtc8Yx0wJRbxrxnn2+Qqk8HnjKQ9Aw5ivhbuzj0UWR:93mvDHYZlxVnFQ/8HjKGipas
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasRichSignature, contentis_base64, IsPacked, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
T.Rw
r.GH
d.IO
a.Mo
T.ru
L.LK
U.Bv
-.Tv
v.IS
I9.VG
Dw3.MP
d.DM
a.bg
eq.IQ
q.kW
Q0t.SV
+I.tH
%@6&50%%
%uE|/W%
%EO?%
`S.at-
d(+Hi9
1a"ND
I'1YTH
uS/W"R
e;%wfD
_I:h
w~NfDP>
aK,E
moS:
i(wS
s%FH
&okND
_YOIB
weY-D
ce:wl
%c?`7dSh
1'>EC%FBN
%GN\6R|
1sFh
d%A?8i!
(%%'1
0i^%o
1%eah|
%%@e1
&E%e3
t'%E6
{%8E2
%dVA"ESi_
|)%E!ny%
Tl8%n
%A4eI
Tt8%E
['%tdi^
['%e]-_
y/I|i%e
Omc"%e.
'%eh,W#
]=%e+
e>%ne
ea%p@[
|v%eo
T%[N%f
RT%A)
!Lm%A<
A%f*h
%}Er%u
%ERHc(
>%EOG
v%Er,
R~{%e.
/eI%a]
!|^%E
eH%2iw
%7uno
od%ad
RdfW
wNsr
%tEId
%uEdk
EuT%s
Tin%o
ty%nb
eo%ub
rt%iYF
khum%E
%tnRuv
\ 'eh%u9T
ghH%uRK
%sT (t
t RaW%Ad
<requestedPrivileges>
jbB.wvvi]
J.ylk
/4y.al
i.lb-
dnS>
ED08
de2
GetModuleFileNameA

Foremost
Matches
0.exe, 2 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 198144
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 2782425
Suspicous: False cancel

Sections
Allowed: , .rsrc, .idata , , eywivdj, nmkwhii
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 10.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 7507968
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-03-30 21:11:43
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 68
.rsrc: 1372

pushpopmath
none: 53
.rsrc: 915

ss register
.rsrc: 34

garbagebytes
none: 24
.rsrc: 525

hookdetection
none: 3
.rsrc: 40

software breakpoint
none: 3
.rsrc: 26

fakeconditionaljumps
none: 4
.rsrc: 30

programcontrolflowchange
none: 20
.rsrc: 501

cpuinstructionsresultscomparison
.rsrc: 1

AVclass
high
1
VirusTotal
md5
ff15b596ed643b1639a6ef9f105926b5
sha1
1ab94bd1cac1c4a3c54feda202847b56247f20d9
SCANS (DETECTION RATE = 67.65%)
AVG
result: Win32:Malware-gen
update: 20181203
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20181202
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=86)
update: 20181203
version: 2018.9.12.1
detected: True check_circle

Bkav
result: W32.HfsAutoB.
update: 20181129
version: 1.3.0.9899
detected: True check_circle

K7GW
result: Trojan ( 0040f4ef1 )
update: 20181203
version: 11.14.29219
detected: True check_circle

ALYac
result: Gen:Variant.Strictor.59344
update: 20181203
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20181203
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1032176
update: 20181203
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20181203
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/GenPua.FF15B596!Olympus
update: 20181203
version: 6.2.0.1
detected: True check_circle

DrWeb
update: 20181203
version: 7.0.34.11020
detected: False cancel

GData
result: Gen:Variant.Strictor.59344
update: 20181203
version: A:25.19685B:25.13815
detected: True check_circle

Panda
result: Trj/Chgt.O
update: 20181202
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.Agent
update: 20181130
version: 3.34.0
detected: True check_circle

Zoner
update: 20181203
version: 1.0
detected: False cancel

ClamAV
update: 20181203
version: 0.100.2.0
detected: False cancel

Comodo
result: Malware@#1rycml3p0c6kn
update: 20181203
version: 30065
detected: True check_circle

F-Prot
update: 20181203
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20181202
version: 0.1.5.2
detected: False cancel

McAfee
result: Artemis!FF15B596ED64
update: 20181203
version: 6.0.6.653
detected: True check_circle

Rising
result: Downloader.Agent!8.B23 (CLOUD)
update: 20181203
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20181203
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Agent!W8rWNbKjLSA
update: 20181130
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Agent.Win32.254586
update: 20181130
version: 2.0.0.3704
detected: True check_circle

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
result: Trojan.Strictor.DE7D0
update: 20181203
version: 1.0.0.837
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20181203
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20181108
version: 3.0.2
detected: True check_circle

TACHYON
update: 20181203
version: 2018-12-03.02
detected: False cancel

Tencent
result: Win32.Trojan-downloader.Agent.Eegz
update: 20181203
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20181203
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20181203
version: 1.0.0.403
detected: False cancel

eGambit
update: 20181203
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Strictor.59344
update: 20181203
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Agent.4!c
update: 20181203
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Strictor.59344 (B)
update: 20181203
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Gen:Variant.Strictor.59344
update: 20181203
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: PossibleThreat
update: 20181203
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20181128
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: TrojanDownloader.Agent.eqja
update: 20181203
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20181203
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20181203
version: 1.0
detected: False cancel

Symantec
update: 20181203
version: 1.8.0.0
detected: False cancel

Trapmine
result: malicious.high.ml.score
update: 20181128
version: 3.0.27.675
detected: True check_circle

AhnLab-V3
result: Backdoor/Win32.Rehai16.C928042
update: 20181203
version: 3.14.1.22672
detected: True check_circle

Antiy-AVL
result: Trojan[Downloader]/Win32.Agent
update: 20181202
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win32.Agent.hftx
update: 20181203
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Bitrep.A
update: 20181203
version: 1.1.15400.5
detected: True check_circle

Qihoo-360
result: HEUR/QVM19.1.Malware.Gen
update: 20181203
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20181202
version: 6.8.0.5.3885
detected: False cancel

Trustlook
update: 20181203
version: 1.0
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.Win32.Agent.hftx
update: 20181203
version: 1.0
detected: True check_circle

Cybereason
result: malicious.6ed643
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Packed.Themida.ADA
update: 20181203
version: 18480
detected: True check_circle

TrendMicro
result: TROJ_GEN.R034E01HB15
update: 20181203
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Gen:Variant.Strictor.59344
update: 20181203
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20181022
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0040f4ef1 )
update: 20181203
version: 11.14.29220
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20181011
version: 1.0.19.245
detected: True check_circle

Avast-Mobile
update: 20181203
version: 181203-02
detected: False cancel

Malwarebytes
update: 20181203
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20181203
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Avkill
update: 20181202
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Agent.dsixmh
update: 20181203
version: 1.0.134.24299
detected: True check_circle

SUPERAntiSpyware
update: 20181128
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.vc
update: 20181203
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R034E01HB15
update: 20181203
version: 10.0.0.1040
detected: True check_circle

total
68
sha256
714a79c98897fbe72142fd5d0ed413bcd9c93262db6a2e66bc97b07e0a26a1a8
scan_id
714a79c98897fbe72142fd5d0ed413bcd9c93262db6a2e66bc97b07e0a26a1a8-1543823413
resource
ff15b596ed643b1639a6ef9f105926b5
positives
46
scan_date
2018-12-03 07:50:13
verbose_msg
Scan finished, information embedded
response_code
1
Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 76.67%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 93.44%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 56.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 46.20%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.98%
suspicious: True check_circle