Report #8234 cancel

  • Creation Date: March 2, 2020, 4:13 p.m.
  • Last Update: March 2, 2020, 5:05 p.m.
  • File: BOL_N000452376732.exe
  • Results:
Binary
DLL
False cancel
Size
153.00KB
trid
41.7% DirectShow filter
24.1% Windows ActiveX control
15.1% Generic CIL Executable
6.4% Win32 Executable MS Visual C++
5.7% Win64 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
8accf0a9f37017832cd9f75b6b509f70
sha1
7504fabb2fbbf16276ec515523b6c54c05dc2e74
crc32
0x207a4b95
sha224
6d8f9223bf18566ad664a36a948b5a97a54181adea8d12d8105b4e81
sha256
af48f48fc5257010e0b5e97e9ee50501c12fb4cd994425e5291ed0a88e7a9df3
sha384
8eed4b62cb969a95fa6e7fd4a97977f4c050c99555ed2ecafcfb9dd3ded28d97f1a3a746695e03ca31dce728099c5e5d
sha512
341259c3f2f91679f8b570ea038c4b17eaad3852db45ef249da147851cb2b87246ebdb05d57e62e59500428bf8117b4af90351853de86b17037ae2d0f0e6d0a2
ssdeep
3072:ozNcOKzGL34jTLUlLD0NzpDudk61bugpu/z3HP/Ummx1qou9Mi2bq:E2Q4CLD0Nzg1bnO3gStp
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasDebugData, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, Microsoft_Visual_Studio_NET, NET_executable_, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, NET_executable, network_tcp_socket, screenshot, IP, contentis_base64, keylogger, NETexecutableMicrosoft, IsWindowsGUI, url, IsNET_EXE, Microsoft_Visual_C_Basic_NET, win_registry, Browsers, System_Tools, Big_Numbers2

Suspicious
True check_circle

Strings
List
C:\a14\WindowsApplication1\WindowsApplication1\obj\Release\WindowsApplication2.pdb
My.Computer
System.IO
System.Net
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
WindowsApplication1.My
3http://crl.microsoft.com/pki/crl/products/tspca.crl0H
3http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
,http://www.microsoft.com/pki/certs/tspca.crt0
,http://www.microsoft.com/pki/certs/CSPCA.crt0
System.ComponentModel.Design
\Internet Explorer\iexplore.exe
System.Net.Sockets
http://microsoft.com0
System.Security.AccessControl
\Internet Explorer\mswinsck.ocx
MSWNSK98.chm
WSOCK32.dll
hhctrl.ocx
SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
4System.Web.Services.Protocols.SoapHttpClientProtocol
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
\a.dll
Host is down.
RegSvr32.exe /s
Network subsystem failed9The network cannot be reached from this host at this time1Connection has timed out when SO_KEEPALIVE is set5Connection is aborted due to timeout or other failure&The connection is reset by remote side
Socket is not connectedWWW
"255.255.255.255
CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
WindowsApplication1.My.Resources
2.0.0.0
9.0.0.0
8.0.0.0
System.Net.Configuration.SettingsSectionInternal
Error occurred;
Destination address is requiredAThe datagram is too large to fit into the buffer and is truncated3The specified port is the wrong type of this socket
RemoteP&ort
System.Windows.Forms.Form
System.Net.Configuration
Socket is not connected
Socket has a pending request(Socket is resolving remote computer name(Socket has resolved remote computer name'Socket is connecting to remote computer'Socket has connected to remote computer/Socket is closing connection to remote computer
Winsock methods and events"Returns the remote host IP address
3System.Resources.Tools.StronglyTypedResourceBuilder
Apartment
Socket is resolving remote computer nameWW(
Socket has resolved remote computer nameWW'
DeleteSubKeyTree
sckClosedWWWX
BytesReceivedWWWd
The connection is reset by remote side
pass
System.Windows.Forms
Address is not available from the local machineWWW
Socket is connecting to remote computerWWW'
Socket has connected to remote computerWWW/
Socket is currently openWW
Socket is currently open Socket is listening for requests
Socket is currently closed
Socket is currently closed
HKEY_CLASSES_ROOT
=Socket is non-blocking and the specified operation will block+A blocking winsock operation is in progressAThe operation is completed. No blocking operation is in progress.
The network cannot be reached from this host at this timeW1
Socket is closing connection to remote computerWWW
HKEY_LOCAL_MACHINE
Socket has a pending requestWW(
WindowsApplication2.exe
WindowsApplication2.exe
WindowsApplication2.exe
Socket is already connectedWWW
Socket has encountered an errorWWW
Network subsystem is unavailable WINSOCK.DLL version out of range"WinsockInit should be called first
Socket is listening for requestsWW
Socket has been shut downW
requestedExecutionLevel node with one of the following.
Graceful shutdown in progress.
SOFTWARE\\Classes\\CLSID\\
OCX\MSWINSCK.dbg
Connect to the remote computer'Listen for incoming connection requests%Accept an incoming connection request
mscoree.dll
\InprocServer32
Socket is already connected
add_Shutdown
Socket has been shut down
Connection has timed out when SO_KEEPALIVE is setW5
User-Agent
\InprocServer
_RemoteHostWd
Remote&Host
get_UserName
Registra_BHO
get_ResourceManager
\gbplugin
set_ShutdownStyle
+ListenWWd
TcpClient
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

Foremost
Matches
0.exe, 153 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 255.255.255.255, 1, record
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed: http://www.microsoft.com/pki/certs/cspca.crt0, http://microsoft.com0, http://crl.microsoft.com/pki/crl/products/cspca.crl0h, http://crl.microsoft.com/pki/crl/products/tspca.crl0h, http://www.microsoft.com/pki/certs/tspca.crt0, http://www.w3.org/2001/xmlschema-instance
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: \a.dll, ADVAPI32.dll, ole32.dll, VERSION.DLL, GDI32.dll, USER32.dll, OLEAUT32.dll, KERNEL32.dll, mscoree.dll, WSOCK32.dll
hasFiles: True check_circle
Suspicious: MSWINSCK.OCX, \Internet Explorer\mswinsck.ocx, hhctrl.ocx
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4608
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .sdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 159086
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, ole32.dll, version.dll, gdi32.dll, user32.dll, oleaut32.dll, kernel32.dll, mscoree.dll, wsock32.dll
hasLibs: True check_circle
Suspicious: \a.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-05-11 21:47:45
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
1322
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 4

pushpopmath
.text: 18

ss register
.text: 1

garbagebytes
.text: 1

software breakpoint
.text: 2

programcontrolflowchange
.text: 1

cpuinstructionsresultscomparison
.text: 7

AVclass
banload
1
VirusTotal
md5
8accf0a9f37017832cd9f75b6b509f70
sha1
7504fabb2fbbf16276ec515523b6c54c05dc2e74
SCANS (DETECTION RATE = 72.73%)
AVG
result: MSIL:Banker-AU [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180324
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20180325
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180325
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 004b36131 )
update: 20180325
version: 10.42.26600
detected: True check_circle

ALYac
result: Trojan.GenericKD.2399888
update: 20180325
version: 1.1.1.5
detected: True check_circle

Avast
result: MSIL:Banker-AU [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Dropper.Gen
update: 20180324
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9992
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.HPLC-2439
update: 20180325
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.DownLoader13.13706
update: 20180325
version: 7.0.28.2020
detected: True check_circle

GData
result: Trojan.GenericKD.2399888
update: 20180325
version: A:25.16493B:25.11870
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180324
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.MSIL.Agent
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180325
version: 65504
detected: True check_circle

Zoner
update: 20180325
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180325
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180324
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180325
version: 28740
detected: True check_circle

F-Prot
result: W32/Trojan2.OSLT
update: 20180325
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan-Downloader.Win32.Upatre
update: 20180324
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/PWS-Banker!dx
update: 20180325
version: 6.0.6.653
detected: True check_circle

Rising
result: Dropper.Generic!8.35E (TFE:C:INabccZNc8E)
update: 20180325
version: 25.0.0.1
detected: True check_circle

Sophos
result: Troj/MSIL-CWH
update: 20180325
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!vBq/hvFZM4M
update: 20180324
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180323
version: 2.0.0.3519
detected: False cancel

Arcabit
result: Trojan.Generic.D249E90
update: 20180325
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180325
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Msil.Trojan-downloader.Agent.Edya
update: 20180325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180324
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180325
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.2399888
update: 20180325
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Generickd!c
update: 20180325
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.2399888 (B)
update: 20180325
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180325
version: 11.0.19100.45
detected: False cancel

Fortinet
result: MSIL/Banload.BE!tr.dldr
update: 20180325
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: TrojanDownloader.MSIL.csg
update: 20180325
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180325
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180325
version: 1.0
detected: True check_circle

Symantec
result: Infostealer.Limitail
update: 20180324
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180325
version: 2018-03-25.01
detected: False cancel

AhnLab-V3
result: Spyware/Win32.Limitail.C927131
update: 20180324
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.SGeneric
update: 20180325
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.MSIL.Agent.kna
update: 20180325
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:MSIL/BrobanDel.A
update: 20180325
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20180325
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.MSIL.Agent.kna
update: 20180325
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/TrojanDownloader.Banload.BE
update: 20180325
version: 17111
detected: True check_circle

TrendMicro
result: TROJ_BANLOAD_GC31011A.UVPM
update: 20180325
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180324
detected: False cancel

BitDefender
result: Trojan.GenericKD.2399888
update: 20180325
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 004b36131 )
update: 20180325
version: 10.42.26601
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180324
version: 180324-00
detected: False cancel

Malwarebytes
update: 20180324
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180324
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.MSIL
update: 20180324
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dwn.drpzxv
update: 20180325
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.2399888
update: 20180325
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180324
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/PWS-Banker!dx
update: 20180324
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_BANLOAD_GC31011A.UVPM
update: 20180325
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
af48f48fc5257010e0b5e97e9ee50501c12fb4cd994425e5291ed0a88e7a9df3
scan_id
af48f48fc5257010e0b5e97e9ee50501c12fb4cd994425e5291ed0a88e7a9df3-1521949420
resource
8accf0a9f37017832cd9f75b6b509f70
positives
48
scan_date
2018-03-25 03:43:40
verbose_msg
Scan finished, information embedded
response_code
1
Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 62.34%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 97.90%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 40.33%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 89.33%
suspicious: False cancel