Report #91 cancel

Binary
DLL
False cancel
Size
1.27MB
trid
64.5% Win32 Executable MS Visual C++
13.6% Win32 Dynamic Link Library
9.3% Win32 Executable
4.1% OS/2 Executable
4.1% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
0639abd941c7976350d7ac3d9eefaeba
sha1
361edebd680afa6bef43e9d2beea7ec277c84d89
crc32
0x72f5e79a
sha224
93dd67faf53e1b761d0ccda1cad41d04c0ea7ac37df1b111ab0834c0
sha256
a2fc4b524b517be0108de0dc3c7212aed640756786ff0fa56ef391f1742f412f
sha384
e7b79dc64e95f1544c3aa39b32fbdb15dfc8585b94b705727eec56fb1f5d6b3bffbf5b7c17329c9658c199e16528795b
sha512
0db76868ca10fc23e017ce03f18a6ae2889ff338c3044119a61672124cb2924178cd6d3b6a5b177397dec5ad7f366bdb6d4c9441e631f84955a1c10fb32e227b
ssdeep
24576:eEicVlFUlsBwnVvEt7tTkaWhUE5KU6nVyViuqVKBLzTSjlnupNIL4qCw+3XGhqM:eEicVlos6nVMt7tTjr4KU8VyouHBmw9g
Community
Google
1
HashLib
0
YARA
Matches
domain, contentis_base64, screenshot, win_private_profile, url, HasRichSignature, win_files_operation, win_registry, Nullsoft_PiMP_Stub_SFX, HasOverlay, CRC32_poly_Constant, win_token, IsPE32, escalate_priv, IsWindowsGUI, IP, IsPacked

Suspicious
1

Heuristics
IPs
hasIPs: 1
Allowed: 1.9.6.6, 1, 2(SERVFAIL)
Suspicious
hasAllowed: 1
hasSuspicious: 0

URLs
Allowed
hasURLs: 1
Suspicious: http://nsis.sf.net/nsis_error, http://pendrivelinux.com
hasAllowed: 0
hasSuspicious: 1

Files
Allowed: ADVAPI32.dll, SHELL32.dll, COMCTL32.dll, ole32.dll, %s%s.dll, USER32.dll, GDI32.dll, KERNEL32.dll
hasFiles: 1
Suspicious
hasAllowed: 1
hasSuspicious: 0

Binary
Sizes
RVA
RVA: 16
Suspicious: 0
Code
Size: 120320
Suspicious: 0
Image
Address: 4194304
Suspicious: 0
Stack
Stack: 4096
Suspicious: 0
Headers
Headers: 1024
Suspicious: 0
Suspicious: 0

Symbols
Number
Number: 0
Suspicious: 1
Pointer
Pointer: 0
Suspicious: 1
Directories
Number: 16
Suspicious: 0

Checksum
Value: 0
Suspicous: 1

Sections
Allowed: .text, .rdata, .data, .ndata, .rsrc
Suspicious
hasAllowed: 1
hasSections: 1
hasSuspicious: 0

Versions
OS
Version: 4
Suspicious: 0
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: 0
Subsystem
Version: 4.0
Suspicious: 0
Suspicious: 0

EntryPoint
Address: 12510
Suspicious: 0

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: 1

Libraries
Allowed: advapi32.dll, shell32.dll, comctl32.dll, ole32.dll, user32.dll, gdi32.dll, kernel32.dll
hasLibs: 1
Suspicious: %s%s.dll
hasAllowed: 1
hasSuspicious: 1

Timestamp
Past: 0
Valid: 1
Value: 2015-12-11 05:11:55
Future: 0

Compilation
Packed: 1
Missing: 0
Packers: Nullsoft PiMP Stub -> SFX
Compiled: 0
Compilers

Obfuscation
XOR: 0
Fuzzing: 0

Disassembly
hasTricks
1
Tricks
pushret
.rsrc: 14

pushpopmath
.data: 1
.rsrc: 1

garbagebytes
.rsrc: 5

fakeconditionaljumps
.rsrc: 1

programcontrolflowchange
.rsrc: 4

cpuinstructionsresultscomparison
.rsrc: 27

AVclass
None
1
VirusTotal
md5
0639abd941c7976350d7ac3d9eefaeba
sha1
361edebd680afa6bef43e9d2beea7ec277c84d89
SCANS (DETECTION RATE = 1.39%)
AVG
update: 20190504
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20190504
version: 2018.9.12.1
detected: False cancel

Bkav
update: 20190503
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20190503
version: 11.41.30806
detected: False cancel

ALYac
update: 20190504
version: 1.1.1.5
detected: False cancel

Avast
update: 20190504
version: 18.4.3895.0
detected: False cancel

Avira
update: 20190504
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190503
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190503
version: 7.0.34.11020
detected: False cancel

GData
update: 20190503
version: A:25.21780B:25.14996
detected: False cancel

Panda
update: 20190503
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190503
version: 4.0.0
detected: False cancel

Zoner
update: 20190503
version: 1.0
detected: False cancel

ClamAV
update: 20190503
version: 0.101.2.0
detected: False cancel

Comodo
update: 20190503
version: 30811
detected: False cancel

F-Prot
update: 20190503
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20190503
version: 0.1.5.2
detected: False cancel

McAfee
update: 20190503
version: 6.0.6.653
detected: False cancel

Rising
update: 20190504
version: 25.0.0.24
detected: False cancel

Sophos
update: 20190503
version: 4.98.0
detected: False cancel

Yandex
update: 20190501
version: 5.5.1.3
detected: False cancel

Zillya
update: 20190503
version: 2.0.0.3807
detected: False cancel

Acronis
update: 20190501
version: 1.0.1.48
detected: False cancel

Alibaba
update: 20190426
version: 0.4.0.6
detected: False cancel

Arcabit
update: 20190504
version: 1.0.0.845
detected: False cancel

Babable
update: 20190424
version: 9107201
detected: False cancel

Cylance
update: 20190504
version: 2.3.1.101
detected: False cancel

Endgame
update: 20190403
version: 3.0.9
detected: False cancel

FireEye
update: 20190504
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20190503
version: 2019-05-03.03
detected: False cancel

Tencent
update: 20190504
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190503
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190504
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190504
version: v4.3.6
detected: False cancel

Ad-Aware
update: 20190504
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190503
version: 4.2
detected: False cancel

Emsisoft
update: 20190503
version: 2018.4.0.1029
detected: False cancel

F-Secure
update: 20190504
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20190503
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190313
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190503
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190504
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190504
version: 1.0
detected: False cancel

Symantec
update: 20190503
version: 1.9.0.0
detected: False cancel

Trapmine
update: 20190325
version: 3.1.52.760
detected: False cancel

AhnLab-V3
update: 20190503
version: 3.15.1.23978
detected: False cancel

Antiy-AVL
update: 20190503
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20190503
version: 15.0.1.13
detected: False cancel

MaxSecure
result: Trojan.Malware.9789672.susgen
update: 20190503
version: 1.0.0.1
detected: True check_circle

Microsoft
update: 20190503
version: 1.1.15900.4
detected: False cancel

Qihoo-360
update: 20190504
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20190503
version: 6.8.0.5.4203
detected: False cancel

Trustlook
update: 20190504
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190504
version: 1.0
detected: False cancel

Cybereason
update: 20190417
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20190503
version: 19298
detected: False cancel

TrendMicro
update: 20190504
version: 10.0.0.1040
detected: False cancel

BitDefender
update: 20190503
version: 7.2
detected: False cancel

CrowdStrike
update: 20190212
version: 1.0
detected: False cancel

K7AntiVirus
update: 20190503
version: 11.41.30805
detected: False cancel

SentinelOne
update: 20190420
version: 1.0.25.316
detected: False cancel

Avast-Mobile
update: 20190503
version: 190503-00
detected: False cancel

Malwarebytes
update: 20190503
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190503
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190503
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190504
version: 1.0.134.24788
detected: False cancel

MicroWorld-eScan
update: 20190504
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20190430
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190503
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20190504
version: 10.0.0.1040
detected: False cancel

total
72
sha256
a2fc4b524b517be0108de0dc3c7212aed640756786ff0fa56ef391f1742f412f
scan_id
a2fc4b524b517be0108de0dc3c7212aed640756786ff0fa56ef391f1742f412f-1556929211
resource
0639abd941c7976350d7ac3d9eefaeba
positives
1
scan_date
2019-05-04 00:20:11
verbose_msg
Scan finished, information embedded
response_code
1
Results
Random Forest
detected: TBD
confidence: TBD