Report #9062 check_circle

Binary
DLL
False cancel
Size
2.77MB
trid
67.8% Inno Setup installer
25.6% Win32 EXE PECompact compressed
2.7% Win32 Executable
1.2% OS/2 Executable
1.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
93ea860f288f02c22a8eb63590c99d57
sha1
da0fcb1b5b94df037c4f6bf69162774cadd966e8
crc32
0xc29317ef
sha224
99f7b2222206fc75c1c36956a54d4fea73e76f5b215ca6698be933a2
sha256
3b081755582bc79985353ad0a6876ee3342d95cd79a159a8ca684650e40e9c87
sha384
b93718463b2e145179e20d4c8b58037855cc8eeb948870fcc9f2c8d27f4957a0ed7c15f530f7f80c20ad094d457b81c0
sha512
a8ba9117a83e4dc1cc73519c5868f09005dab4fc52ea5e8b90466dfea30de0cc6e67e3faf90c0cc8a865404a2a9e466182af7646af45b0c3b4bcb461d21e03e3
ssdeep
49152:6RBtcNX90cFHkmSHSbphuPCsAXpydaWXBhzMMMMMMMMMMMMMMMMMMnMMMMMMMMM7:6v+NX906wAgTAZ0aWX3MMMMMMMMMMMMU
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, IP, Borland_Delphi_30_, network_ssl, borland_delphi, Delphi_FormShow, BobSoftMiniDelphiBoBBobSoft, contentis_base64, Microsoft_Visual_Cpp_v50v60_MFC, BobSoft_Mini_Delphi_BoB_BobSoft_additional, win_files_operation, IsPE32, win_hook, win_mutex, screenshot, Borland_Delphi_v40_v50, keylogger, MD5_Constants, Borland_Delphi_40_additional, OpenSSL_DSA, Borland_Delphi_40, IsWindowsGUI, anti_dbg, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, android_meterpreter, win_registry, Delphi_CompareCall, Browsers, Borland_Delphi_30_additional, Borland_Delphi_v30, Big_Numbers4

Suspicious
True check_circle

Strings
List
http://www.indyproject.org/
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
t.Ht
Winapi.Windows
Winapi.Windows
Winapi.Windows
Font.Style
Font.Name
.stl=application/vnd.ms-pki.stl
.sxg=application/vnd.sun.xml.writer.global
.pko=application/vnd.ms-pki.pko
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
libssl32.dll
ssleay32.dll
ssleay32.dll
8.cD
127.0.0.1
\Internet Explorer\iexplore.exe
\Internet Explorer.lnk
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
security.dll
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
_ossl_old_des_ecb_encrypt
-The requested security package does not exist6The caller is not the owner of the desired credentialsBThe security package failed to initialize, and cannot be installed-The token supplied to the function is invalid^The security package is not able to marshall the logon buffer, so the logon attempt has failedNThe per-message Quality of Protection is not supported by the security package?The security context does not allow impersonation of the client
.pkg=vnd.apple.installer+xml
.mpkg=vnd.apple.installer+xml
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count%Cannot remove shell notification icon"%s requires Windows Vista or later
.dist=vnd.apple.installer+xml
user_pref("network.proxy.type", 2);
.distz=vnd.apple.installer+xml
.cab=application/vnd.ms-cab-compressed
System.Win.Crtl
System.Win.Crtl
System.Win.ComConst
System.Win.ComConst
_ossl_old_des_set_key
STACK_OF_SRTP_PROTECTION_PROFILE
SSL status: "%s"
windowscodecs.dll
.sid=audio/prs.sid
SSL_set_connect_state
.djvu=image/vnd.djvu
B.rsrc
.djv=image/vnd.djvu
Delphi%.8X
Software\Borland\Locales
ISO_646.irv:1991
Software\Borland\Delphi\Locales
.xfdf=application/vnd.adobe.xfdf
winspool.drv
winspool.drv
.odm=application/vnd.oasis.opendocument.text-master
libeay32.dll
comctl32.dll

Foremost
Matches
0.exe, 2 MB, 5312.png, 39 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 255.255.255.255, 1, record, 127.0.0.1, 1, localhost.
Suspicious: 0.0.0.1, 0, Unknown
hasAllowed: True check_circle
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.indyproject.org/, file://, file:///
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: user32.dll, secur32.dll, ssleay32.dll, kernel32.dll, uxtheme.dll, security.dll, MSWSOCK.DLL, libeay32.dll, Normaliz.dll, Fwpuclnt.dll, IdnDL.dll, comctl32.dll, Wship6.dll, ole32.dll, libssl32.dll, imm32.dll, oleaut32.dll, WS2_32.DLL, advapi32.dll, DWMAPI.DLL, wtsapi32.dll, windowscodecs.dll, gdi32.dll, version.dll, shell32.dll, msimg32.dll
hasFiles: True check_circle
Suspicious: \Internet Explorer (64 bits).lnk, \Internet Explorer.lnk, *.lnk
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 483328
Suspicious: False cancel
Image
Address: 133234688
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 2428680
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, secur32.dll, kernel32.dll, uxtheme.dll, security.dll, mswsock.dll, normaliz.dll, idndl.dll, comctl32.dll, wship6.dll, ole32.dll, imm32.dll, oleaut32.dll, ws2_32.dll, advapi32.dll, dwmapi.dll, wtsapi32.dll, windowscodecs.dll, gdi32.dll, version.dll, shell32.dll, msimg32.dll
hasLibs: True check_circle
Suspicious: ssleay32.dll, libeay32.dll, fwpuclnt.dll, libssl32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-10-06 14:50:45
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: BobSoft Mini Delphi -> BoB / BobSoft
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.0, Borland Delphi v6.0 - v7.0
MainPacker: BobSoft Mini Delphi -> BoB / BobSoft

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
proxychanger
1
VirusTotal
md5
93ea860f288f02c22a8eb63590c99d57
sha1
da0fcb1b5b94df037c4f6bf69162774cadd966e8
SCANS (DETECTION RATE = 60.87%)
AVG
result: MSIL:GenMalicious-BWB [Trj]
update: 20190310
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190310
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=80)
update: 20190310
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190308
version: 1.3.0.9899
detected: False cancel

K7GW
result: Proxy-Program ( 004ae92c1 )
update: 20190310
version: 11.32.30234
detected: True check_circle

ALYac
result: Gen:Variant.Zusy.110124
update: 20190310
version: 1.1.1.5
detected: True check_circle

Avast
result: MSIL:GenMalicious-BWB [Trj]
update: 20190310
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/ATRAPS.Gen
update: 20190309
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190306
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190310
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190310
version: 7.0.34.11020
detected: False cancel

GData
result: Gen:Variant.Zusy.110124
update: 20190310
version: A:25.21031B:25.14569
detected: True check_circle

Panda
result: Trj/CI.A
update: 20190309
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanProxy.Gootripor
update: 20190307
version: 4.0.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20190308
version: 73602
detected: True check_circle

Zoner
update: 20190310
version: 1.0
detected: False cancel

ClamAV
update: 20190309
version: 0.101.1.0
detected: False cancel

Comodo
result: Malware@#3tjbqiq2qk4xq
update: 20190310
version: 30546
detected: True check_circle

F-Prot
update: 20190310
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Win32.ProxyChanger
update: 20190309
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericR-CEN!93EA860F288F
update: 20190310
version: 6.0.6.653
detected: True check_circle

Rising
result: Downloader.Banload!8.15B (TFE:4:ETX0xYbcmsP)
update: 20190310
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/DelpInj-H
update: 20190310
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.ProxyChanger!CqVcRCewY9A
update: 20190308
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20190307
version: 2.0.0.3768
detected: False cancel

Acronis
result: suspicious
update: 20190222
version: 1.0.1.40
detected: True check_circle

Alibaba
update: 20190306
version: 0.2.0.3
detected: False cancel

Arcabit
result: Trojan.Zusy.D1AE2C
update: 20190309
version: 1.0.0.837
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20190310
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190215
version: 3.0.3
detected: True check_circle

TACHYON
update: 20190310
version: 2019-03-10.02
detected: False cancel

Tencent
update: 20190310
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190309
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20190310
version: v4.3.6
detected: False cancel

Ad-Aware
result: Gen:Variant.Zusy.110124
update: 20190310
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20190310
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Zusy.110124 (B)
update: 20190310
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Trojan.TR/ATRAPS.Gen
update: 20190309
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Banker.ABKH!tr.spy
update: 20190310
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20181128
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190310
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190310
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190310
version: 1.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20190301
version: 3.1.48.748
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Banbra.R120833
update: 20190309
version: 3.14.1.22785
detected: True check_circle

Antiy-AVL
update: 20190310
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-Downloader.Win32.Generic
update: 20190310
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanProxy:Win32/Gootripor.A
update: 20190307
version: 1.1.15700.9
detected: True check_circle

Qihoo-360
result: Win32/Trojan.f52
update: 20190310
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20190308
version: 6.8.0.5.4056
detected: False cancel

Trustlook
update: 20190310
version: 1.0
detected: False cancel

ZoneAlarm
result: UDS:DangerousObject.Multi.Generic
update: 20190310
version: 1.0
detected: True check_circle

Cybereason
result: malicious.f288f0
update: 20190109
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/ProxyChanger.RZ
update: 20190309
version: 19001
detected: True check_circle

TrendMicro
result: TSPY_BANCOS.XJME
update: 20190310
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Gen:Variant.Zusy.110124
update: 20190310
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190212
version: 1.0
detected: False cancel

K7AntiVirus
result: Proxy-Program ( 004ae92c1 )
update: 20190310
version: 11.32.30234
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20190203
version: 1.0.23.276
detected: True check_circle

Avast-Mobile
update: 20190308
version: 190308-00
detected: False cancel

Malwarebytes
update: 20190310
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190310
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190309
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.ProxyChanger.dgkzsk
update: 20190310
version: 1.0.134.24576
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Zusy.110124
update: 20190310
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190307
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: GenericR-CEN!93EA860F288F
update: 20190310
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TSPY_BANCOS.XJME
update: 20190310
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
3b081755582bc79985353ad0a6876ee3342d95cd79a159a8ca684650e40e9c87
scan_id
3b081755582bc79985353ad0a6876ee3342d95cd79a159a8ca684650e40e9c87-1552206953
resource
93ea860f288f02c22a8eb63590c99d57
positives
42
scan_date
2019-03-10 08:35:53
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
10/3/2020 - 13:45:42.825Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/3/2020 - 13:45:42.825Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/3/2020 - 13:45:42.825Open1480C:\malware.exeC:\security.dll
10/3/2020 - 13:45:42.825Open1480C:\malware.exeC:\Windows\SysWOW64\security.dll
10/3/2020 - 13:45:42.918Open1480C:\malware.exeC:\Windows\SysWOW64\security.dll
10/3/2020 - 13:45:43.59Open1480C:\malware.exeC:\SECUR32.DLL
10/3/2020 - 13:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/3/2020 - 13:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/3/2020 - 13:45:43.59Open1480C:\malware.exeC:\Fwpuclnt.dll
10/3/2020 - 13:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/3/2020 - 13:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/3/2020 - 13:45:43.59Open1480C:\malware.exeC:\IdnDL.dll
10/3/2020 - 13:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\idndl.dll
10/3/2020 - 13:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\idndl.dll
10/3/2020 - 13:45:43.309Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
10/3/2020 - 13:45:43.309Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/3/2020 - 13:45:43.309Open1480C:\malware.exeC:\malware.exe.Local
10/3/2020 - 13:45:43.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 13:45:43.309Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 13:45:43.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 13:45:43.309Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 13:45:43.309Open1480C:\malware.exeC:\malware.exe.Local
10/3/2020 - 13:45:43.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
10/3/2020 - 13:45:43.309Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
10/3/2020 - 13:45:43.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
10/3/2020 - 13:45:43.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88\comctl32.dll.mui
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/3/2020 - 13:46:3.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/3/2020 - 13:46:3.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\Default
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\Default
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\chrome_installer.exe
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\DNSAPI.dll
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\IPHLPAPI.DLL
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\WINNSI.DLL
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
10/3/2020 - 13:46:3.309Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
10/3/2020 - 13:46:3.450Open1480C:\malware.exeC:\rasadhlp.dll
10/3/2020 - 13:46:3.450Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
10/3/2020 - 13:46:3.450Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
10/3/2020 - 13:46:3.450Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
10/3/2020 - 13:46:3.450Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
10/3/2020 - 13:46:3.809Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/3/2020 - 13:46:3.809Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/3/2020 - 13:46:3.809Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/3/2020 - 13:46:3.809Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/3/2020 - 13:46:3.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\chrome_installer.exechrome_installer.exe
10/3/2020 - 13:46:3.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\chrome_installer.exe
10/3/2020 - 13:46:3.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\chrome_installer.exechrome_installer.exe
10/3/2020 - 13:46:3.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\chrome_installer.exe
10/3/2020 - 13:46:3.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\chrome_installer.exechrome_installer.exe
10/3/2020 - 13:46:3.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\chrome_installer.exe
10/3/2020 - 13:46:3.809Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\chrome_installer.exechrome_installer.exe
10/3/2020 - 13:46:3.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\chrome_installer.exechrome_installer.exe
10/3/2020 - 13:46:23.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:46:23.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:46:23.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:46:43.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:46:43.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:46:43.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:47:3.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:47:3.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:47:3.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:47:23.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:47:23.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:47:23.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:47:43.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:47:43.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:47:43.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:48:3.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:48:3.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:48:3.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:48:23.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:48:23.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:48:23.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:48:43.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:48:43.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:48:43.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:49:3.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:49:3.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:49:3.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:49:23.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:49:23.825Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 13:49:23.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\Application\chrome.exe

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code dl.google.com.
computer localhost arrow_forward computer gateway:50273 code dl.google.com.

Response
computer gateway:DNS arrow_forward computer localhost code dl.google.com. reply_all 172.217.172.206


TCP
Info
172.217.172.206:80 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 172.217.172.206:80

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET dl.google.com attach_file /chrome/install/375.126/chrome_installer.exe

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 63.22%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 89.29%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 85.58%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 67.06%
suspicious: False cancel

Add to Collection
Download