Report #90 cancel

  • Creation Date: May 14, 2019, 8:44 p.m.
  • Last Update: May 14, 2019, 10:08 p.m.
  • File: setup6_164_1.dat.exe
  • Results:
Binary
DLL
False cancel
Size
71.92MB
trid
64.5% Win32 Executable MS Visual C++
13.6% Win32 Dynamic Link Library
9.3% Win32 Executable
4.1% OS/2 Executable
4.1% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
ad97c2182198372e903a78566422c383
sha1
a358dfef3d161ebc222526159499c9d0083b9c49
crc32
0xb2d2b58d
sha224
72dab4b4df661f4af3b650be240d330cd29187f82b28b9bd3cb860bf
sha256
13d1689003962402dddb92ce884fa2ac0f340e4b9462fa0ae75ea1cab7944c95
sha384
89499c40d5e6e85ac36c001e15a2ff7d145a659f89ff157881909e68e204930a401b73f43348c5730682bfdbaac61bfb
sha512
f70608051f60c1bb951699e42f944b16db5aff0c3a9f9eb78bbde7d0fa7eda2f1538a9f4336399f331d9556587cab107b482aa5e2c7acb21d6342280253e2207
ssdeep
1572864:w5EtKw7LjquTbPH5ePKmItf0mMfZP6SLSwh6gQpMEOKxbgaMSCup6dYnu31XUYEl:wy9f3XtsmMfZSiY5pMZWySCRDEFeA
Community
Google
0
HashLib
0
YARA
Matches
IP, contentis_base64, screenshot, win_private_profile, url, CRC32c_poly_Constant, win_files_operation, android_meterpreter, win_registry, IsPacked, HasOverlay, CRC32_poly_Constant, win_token, IsPE32, escalate_priv, IsWindowsGUI, possible_includes_base64_packed_functions, HasRichSignature

Suspicious
1

Heuristics
IPs
hasIPs: 0
Allowed
Suspicious
hasAllowed: 0
hasSuspicious: 0

URLs
Allowed
hasURLs: 1
Suspicious: http://nsis.sf.net/nsis_error
hasAllowed: 0
hasSuspicious: 1

Files
Allowed: ADVAPI32.dll, %s%s.dll, GDI32.dll, SHELL32.dll, USER32.dll, ole32.dll, KERNEL32.dll, COMCTL32.dll
hasFiles: 1
Suspicious: Y..sO, \@.So, Wp~T<~.TIf, xa.Db, u&.DB
hasAllowed: 1
hasSuspicious: 1

Binary
Sizes
RVA
RVA: 16
Suspicious: 0
Code
Size: 118784
Suspicious: 0
Image
Address: 4194304
Suspicious: 0
Stack
Stack: 4096
Suspicious: 0
Headers
Headers: 1024
Suspicious: 0
Suspicious: 0

Symbols
Number
Number: 0
Suspicious: 1
Pointer
Pointer: 0
Suspicious: 1
Directories
Number: 16
Suspicious: 0

Checksum
Value: 0
Suspicous: 1

Sections
Allowed: .text, .rdata, .data, .ndata, .rsrc
Suspicious
hasAllowed: 1
hasSections: 1
hasSuspicious: 0

Versions
OS
Version: 4
Suspicious: 0
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: 0
Subsystem
Version: 4.0
Suspicious: 0
Suspicious: 0

EntryPoint
Address: 13069
Suspicious: 0

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: 1

Libraries
Allowed: advapi32.dll, gdi32.dll, shell32.dll, user32.dll, ole32.dll, kernel32.dll, comctl32.dll
hasLibs: 1
Suspicious: %s%s.dll
hasAllowed: 1
hasSuspicious: 1

Timestamp
Past: 0
Valid: 1
Value: 2017-07-31 21:33:55
Future: 0

Compilation
Packed: 0
Missing: 1
Packers
Compiled: 0
Compilers

Obfuscation
XOR: 0
Fuzzing: 0

Disassembly
hasTricks
1
Tricks
pushret
.rsrc: 8

pushpopmath
.data: 1
.rsrc: 2

AVclass
yelloader
1
VirusTotal
md5
ad97c2182198372e903a78566422c383
sha1
a358dfef3d161ebc222526159499c9d0083b9c49
SCANS (DETECTION RATE = 27.54%)
AVG
result: Win32:Malware-gen
update: 20190131
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190131
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=88)
update: 20190131
version: 2018.9.12.1
detected: True check_circle

Bkav
result: HW32.Packed.
update: 20190130
version: 1.3.0.9899
detected: True check_circle

K7GW
result: Adware ( 0053620d1 )
update: 20190131
version: 11.25.29845
detected: True check_circle

ALYac
update: 20190131
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:Malware-gen
update: 20190131
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20190131
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190131
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190131
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190131
version: 7.0.34.11020
detected: False cancel

GData
result: Trojan.GenericKD.31594904
update: 20190131
version: A:25.20423B:25.14274
detected: True check_circle

Panda
update: 20190131
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190131
version: 3.35.1
detected: False cancel

VIPRE
update: 20190131
version: 72756
detected: False cancel

Zoner
update: 20190131
version: 1.0
detected: False cancel

ClamAV
update: 20190131
version: 0.101.1.0
detected: False cancel

Comodo
result: Malware@#3dmtqtkhmajc8
update: 20190131
version: 30359
detected: True check_circle

F-Prot
update: 20190131
version: 4.7.1.166
detected: False cancel

Ikarus
result: PUA.MSIL.Yelloader
update: 20190131
version: 0.1.5.2
detected: True check_circle

McAfee
update: 20190201
version: 6.0.6.653
detected: False cancel

Rising
result: PUF.Yelloader!8.E64 (TFE:C:sVcuvtCIM0G)
update: 20190131
version: 25.0.0.24
detected: True check_circle

Sophos
update: 20190131
version: 4.98.0
detected: False cancel

Yandex
update: 20190129
version: 5.5.1.3
detected: False cancel

Zillya
update: 20190130
version: 2.0.0.3742
detected: False cancel

Acronis
update: 20190130
version: 1.0.1.40
detected: False cancel

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
update: 20190131
version: 1.0.0.837
detected: False cancel

Babable
update: 20180918
version: 9107201
detected: False cancel

Endgame
update: 20181108
version: 3.0.2
detected: False cancel

TACHYON
update: 20190131
version: 2019-01-31.03
detected: False cancel

Tencent
update: 20190131
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190131
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Adware.Gen
update: 20190131
version: 1.0.0.403
detected: True check_circle

Ad-Aware
update: 20190131
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190131
version: 4.2
detected: False cancel

Emsisoft
update: 20190131
version: 2018.4.0.1029
detected: False cancel

F-Secure
result: Trojan.GenericKD.31594904
update: 20190131
version: 12.0.86.52
detected: True check_circle

Fortinet
result: Adware/Yelloader
update: 20190131
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20181128
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190131
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190131
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190131
version: 1.0
detected: False cancel

Symantec
update: 20190131
version: 1.8.0.0
detected: False cancel

Trapmine
update: 20190123
version: 3.1.40.719
detected: False cancel

AhnLab-V3
update: 20190131
version: 3.14.1.22785
detected: False cancel

Antiy-AVL
result: Trojan/Win32.Bitrep
update: 20190131
version: 3.0.0.1
detected: True check_circle

Kaspersky
update: 20190131
version: 15.0.1.13
detected: False cancel

Microsoft
result: PUA:Win32/Presenoker
update: 20190131
version: 1.1.15600.4
detected: True check_circle

Qihoo-360
update: 20190131
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20190129
version: 6.8.0.5.3988
detected: False cancel

Trustlook
update: 20190131
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190131
version: 1.0
detected: False cancel

Cybereason
update: 20190109
version: 1.2.27
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Yelloader.I potentially unwanted
update: 20190131
version: 18798
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0PAT19
update: 20190131
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.GenericKD.31594904
update: 20190131
version: 7.2
detected: True check_circle

CrowdStrike
update: 20181023
version: 1.0
detected: False cancel

K7AntiVirus
result: Adware ( 0053620d1 )
update: 20190131
version: 11.25.29849
detected: True check_circle

SentinelOne
update: 20190124
version: 1.0.21.269
detected: False cancel

Avast-Mobile
update: 20190131
version: 190131-00
detected: False cancel

Malwarebytes
update: 20190131
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190131
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190131
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190131
version: 1.0.134.24576
detected: False cancel

MicroWorld-eScan
update: 20190131
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20190130
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190201
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R002H09AU19
update: 20190131
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
13d1689003962402dddb92ce884fa2ac0f340e4b9462fa0ae75ea1cab7944c95
scan_id
13d1689003962402dddb92ce884fa2ac0f340e4b9462fa0ae75ea1cab7944c95-1548952290
resource
ad97c2182198372e903a78566422c383
positives
19
scan_date
2019-01-31 16:31:30
verbose_msg
Scan finished, information embedded
response_code
1
Results
Random Forest
detected: TBD
confidence: TBD