Report #9183 check_circle

  • Creation Date: March 10, 2020, 4:35 p.m.
  • Last Update: March 11, 2020, 12:55 a.m.
  • File: ADB78999.exe
  • Results:
Binary
DLL
False cancel
Size
1.60MB
trid
40.8% UPX compressed Win32 Executable
40.1% Win32 EXE Yoda's Crypter
6.8% Win32 Executable
3.1% Win16/32 Executable Delphi generic
3.0% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
ea5134ab3b6e787eeeae9dfd38df259b
sha1
8a8f238fb9dfa79e29513d00522c5f7949c4c9a6
crc32
0x684d2850
sha224
b0ad0d0b74151959dee31c2440f039f667d7385e94d9aff7f8ac7709
sha256
c641dcd9d9b27311bc3ac6c4614e7b1b6bc1dfd159402bdf1f235992cdf63432
sha384
2cf1bf851c3a153e8554144a613603b6315241a7d22917fe0452392d997e97218f93ec7e2a7da468445b236e40f87670
sha512
95d994bdb4c574e580f21b9408423063c3d9f7d2a5daa9557265a96d5bd2e398710e7153559b3af0a56db579dca867c31b29f0f665cff9345e994d9692624182
ssdeep
24576:a2B1z7n3nY+fHxpTJHF+GV33lwiuI0fywrD4Q/:a2BBIUL33lwiS/
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, UPX_wwwupxsourceforgenet, UPX20030XMarkusOberhumerLaszloMolnarJohnReiser, yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h, UPX_293_LZMA, UPX293300LZMAMarkusOberhumerLaszloMolnarJohnReiser, screenshot, UPX_302, UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser, IsPacked, UPX_293_300_LZMA, UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser_additional, UPX_wwwupxsourceforgenet_additional, IP, contentis_base64, UPXv20MarkusLaszloReiser, IsPE32, UPX, IsWindowsGUI, HasDigitalSignature, url, UPX_293_300_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser, UPX_293_LZMA_additional, HasOverlay, UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser

Suspicious
True check_circle

Strings
List
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
o.Cd
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
3http://www.microsoft.com/pkiops/docs/primarycps.htm0@
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
Ehttp://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
Chttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
a.aC
WB-0.pW
SkypeSetup.exe
SkypeSetup.exe
crypt32.dll
qw.Mo
http://CodeSignInfo 0
http://CodeSignInfo 0
winspool.drv
comctl32.dll
msimg32.dll
version.dll
wininet.dll
wintrust.dll
oleacc.dll
6.14.0.104
@n\yR
Rd,a
&oDw
fe,OK
CRfi;
Jt5sn"%+o
y%*AdM2
name="Microsoft.Windows.Common-Controls"
u2%|4Ach
3sFh
O/E(%3d
%gF%nPr!
R%+dh||f[
Dk%-Ee_/
!Kr%o%c
n)l{%i
ts[%u
S%d%T
n%s/W
{%syN
e%nA'g
T)%Ee
O%f=A
TA%o!
r%1ogb
fDrP
YH%Ls
N%dPw
i%dnD
%lgiu
%uAGOA
s b%a
<!-- Windows Vista application security requirements. -->
<requestedPrivileges>
publicKeyToken="6595b64144ccf1df"
EXECUTABLE
GetProcAddress
ExitProcess
cG.lV+
This program must be run under Win32
VirtualAlloc
VirtualProtect
Dca77
InternetOpenW
LoadLibraryA
CED9
NETWORK
cAE3
Cd5e
BING_CHECKER
0eaAF
D7EEb
Skype code sig
Skype code sig
LANG_SL
LANG_LT
LANG_HR
LANG_LV
LANG_NL
LANG_TH
LANG_SV
LANG_PP
LANG_PT
LANG_SK
LANG_TR

Foremost
Matches
0.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 6.14.0.104, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed: http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0t, http://www.microsoft.com/pki/certs/microoceraut2011_2011_03_22.crt0, http://www.microsoft.com/pkiops/docs/primarycps.htm0@, http://crl.microsoft.com/pki/crl/products/microsofttimestamppca.crl0x, http://www.microsoft.com/pkiops/certs/miccodsigpca2011_2011-07-08.crt0, http://crl.microsoft.com/pki/crl/products/miccodsigpca_08-31-2010.crl0z, http://crl.microsoft.com/pki/crl/products/microoceraut2011_2011_03_22.crl0, http://crl.microsoft.com/pki/crl/products/microoceraut_2010-06-23.crl0z, http://www.microsoft.com/pki/certs/miccodsigpca_08-31-2010.crt0, http://www.microsoft.com/pki/certs/microsofttimestamppca.crt0, http://www.microsoft.com/pki/certs/mictimstapca_2010-07-01.crt0, http://crl.microsoft.com/pki/crl/products/mictimstapca_2010-07-01.crl0z, http://www.microsoft.com/pki/docs/cps/default.htm0@, http://www.microsoft.com/pki/certs/microsoftrootcert.crt0, http://www.microsoft.com/pki/certs/microoceraut_2010-06-23.crt0, http://www.microsoft.com/pkiops/crl/miccodsigpca2011_2011-07-08.crl0a
hasURLs: True check_circle
Suspicious: http://codesigninfo
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: shlwapi.dll, crypt32.dll, wininet.dll, user32.dll, wintrust.dll, oleacc.dll, comctl32.dll, ole32.dll, advapi32.dll, gdi32.dll, version.dll, msimg32.dll, KERNEL32.DLL, oleaut32.dll, shell32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 299008
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1723255
Suspicous: False cancel

Sections
Allowed: .rsrc
Suspicious: upx0, upx1
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: True check_circle

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 3329328
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: shlwapi.dll, crypt32.dll, wininet.dll, user32.dll, wintrust.dll, oleacc.dll, comctl32.dll, ole32.dll, advapi32.dll, gdi32.dll, version.dll, msimg32.dll, kernel32.dll, oleaut32.dll, shell32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-02-10 16:03:30
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: UPX 2.93 (LZMA), UPX v3.0 (EXE_LZMA) -> Markus Oberhumer & Laszlo Molnar & John Reiser, UPX -> www.upx.sourceforge.net
Compiled: False cancel
Compilers
MainPacker: UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 1543
.rsrc: 23

nopsequence
none: 3
.rsrc: 1

pushpopmath
none: 743
.rsrc: 10

ss register
none: 26

garbagebytes
none: 605
.rsrc: 17

hookdetection
none: 42

software breakpoint
none: 34

fakeconditionaljumps
none: 56

programcontrolflowchange
none: 553
.rsrc: 17

cpuinstructionsresultscomparison
none: 20
.rsrc: 14

AVclass
None
1
VirusTotal
md5
ea5134ab3b6e787eeeae9dfd38df259b
sha1
8a8f238fb9dfa79e29513d00522c5f7949c4c9a6
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20191029
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20191029
version: 2019.9.16.1
detected: False cancel

APEX
update: 20191028
version: 5.78
detected: False cancel

Bkav
update: 20191028
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20191029
version: 11.74.32378
detected: False cancel

ALYac
update: 20191029
version: 1.1.1.5
detected: False cancel

Avast
update: 20191029
version: 18.4.3895.0
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20191029
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20191029
version: 7.0.41.7240
detected: False cancel

GData
update: 20191029
version: A:25.23802B:26.16463
detected: False cancel

Panda
update: 20191028
version: 4.6.4.2
detected: False cancel

VBA32
update: 20191029
version: 4.2.0
detected: False cancel

VIPRE
update: 20191029
version: 78934
detected: False cancel

Zoner
update: 20191028
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20191028
version: 0.102.0.0
detected: False cancel

Comodo
update: 20191029
version: 31660
detected: False cancel

F-Prot
update: 20191029
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20191029
version: 0.1.5.2
detected: False cancel

McAfee
update: 20191029
version: 6.0.6.653
detected: False cancel

Rising
update: 20191029
version: 25.0.0.24
detected: False cancel

Sophos
update: 20191029
version: 4.98.0
detected: False cancel

Yandex
update: 20191025
version: 5.5.2.24
detected: False cancel

Zillya
update: 20191029
version: 2.0.0.3935
detected: False cancel

Acronis
update: 20191018
version: 1.1.1.58
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20191029
version: 1.0.0.861
detected: False cancel

Cylance
update: 20191029
version: 2.3.1.101
detected: False cancel

Endgame
update: 20190918
version: 3.0.15
detected: False cancel

FireEye
update: 20191029
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20191029
version: 2019-10-29.03
detected: False cancel

Tencent
update: 20191029
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20191029
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20191029
version: 1.0.0.403
detected: False cancel

eGambit
update: 20191029
version: v5.0.6
detected: False cancel

Ad-Aware
update: 20191029
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20191029
version: 4.2
detected: False cancel

Emsisoft
update: 20191029
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20191029
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20191029
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190904
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20191028
version: 16.0.100
detected: False cancel

Kingsoft
update: 20191029
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20191029
version: 1.0
detected: False cancel

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
update: 20191029
version: 3.16.3.25410
detected: False cancel

Antiy-AVL
update: 20191029
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20191029
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20191021
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20191029
version: 1.1.16500.1
detected: False cancel

Qihoo-360
update: 20191029
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20191029
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20191029
version: 20258
detected: False cancel

TrendMicro
update: 20191029
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20191029
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20191029
version: 11.74.32377
detected: False cancel

SentinelOne
update: 20190807
version: 1.0.31.22
detected: False cancel

Avast-Mobile
update: 20191012
version: 191012-04
detected: False cancel

Malwarebytes
update: 20191029
version: 2.1.1.1115
detected: False cancel

CAT-QuickHeal
update: 20191028
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20191029
version: 1.0.134.24859
detected: False cancel

MicroWorld-eScan
update: 20191029
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20191025
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20191028
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20191029
version: 10.0.0.1040
detected: False cancel

total
68
sha256
c641dcd9d9b27311bc3ac6c4614e7b1b6bc1dfd159402bdf1f235992cdf63432
scan_id
c641dcd9d9b27311bc3ac6c4614e7b1b6bc1dfd159402bdf1f235992cdf63432-1572343773
resource
ea5134ab3b6e787eeeae9dfd38df259b
positives
0
scan_date
2019-10-29 10:09:33
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
10/3/2020 - 23:45:42.934Open1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.934Unknown1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.934Open1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.934Unknown1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.934Open1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.934Unknown1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.934Open1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.934Unknown1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.981Open1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.981Unknown1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.981Open1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.981Unknown1480C:\malware.exeC:\Monitor\Malware
10/3/2020 - 23:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/3/2020 - 23:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\dwmapi.dll
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
10/3/2020 - 23:45:43.28Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/3/2020 - 23:45:43.28Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\cryptui.dll
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\cryptui.dll
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\cryptui.dll
10/3/2020 - 23:45:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\cryptui.dll
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\malware.exe.Local
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 23:45:43.59Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 23:45:43.59Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\malware.exe.Local
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
10/3/2020 - 23:45:43.59Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88\comctl32.dll.mui
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\msi.dll
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\msi.dll
10/3/2020 - 23:45:43.59Open1480C:\malware.exeC:\Windows\SysWOW64\msi.dll
10/3/2020 - 23:45:43.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dll
10/3/2020 - 23:45:43.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dll
10/3/2020 - 23:45:43.75Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dll
10/3/2020 - 23:45:43.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/3/2020 - 23:45:43.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Application\chrome.exe
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Program Files (x86)
10/3/2020 - 23:45:43.278Unknown1480C:\malware.exeC:\Program Files (x86)
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Application\chrome.exe
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dll
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\DefaultPackOffer.dllDefaultPackOffer.dll
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Program Files (x86)
10/3/2020 - 23:45:43.278Unknown1480C:\malware.exeC:\Program Files (x86)
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\malware.exe.Local
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 23:45:43.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 23:45:43.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/3/2020 - 23:45:43.340Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/3/2020 - 23:45:43.340Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/3/2020 - 23:45:43.387Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/3/2020 - 23:45:43.387Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/3/2020 - 23:45:43.403Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/3/2020 - 23:45:43.403Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/3/2020 - 23:45:43.418Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
10/3/2020 - 23:45:43.434Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
10/3/2020 - 23:45:43.59Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\Phone\UIInstallExitCode
10/3/2020 - 23:45:43.59Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\Phone\UI\GeneralSkypeSetup
10/3/2020 - 23:45:43.59Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\Phone\UI\GeneralSkypeSetup
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHFF
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHIE
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHGC
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPFF
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPIE
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPGC
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHFF
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHIE
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHGC
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPFF
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPIE
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPGC
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHFF
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHIE
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHGC
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPFF
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPIE
10/3/2020 - 23:45:43.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPGC
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHFF
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHIE
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHGC
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPFF
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPIE
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPGC
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPIE
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPFF
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerMSNHPGC
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHIE
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHFF
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerBINGSRCHGC
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerYHP
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerYSRCH
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerYHP
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerYSRCH
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerC2CFF
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerC2CIE
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerC2CGC
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerC2CFF
10/3/2020 - 23:45:43.278Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Skype\InstallerC2CGC

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 97.26%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 98.91%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 73.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 58.82%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download