Report #9203 check_circle

  • Creation Date: March 10, 2020, 5:08 p.m.
  • Last Update: March 11, 2020, 2:32 a.m.
  • File: Aepalco62.exe
  • Results:
Binary
DLL
False cancel
Size
3.55MB
trid
46.5% Win32 Executable Borland Delphi 7
31.5% Win32 Executable Borland Delphi 5
18.3% Win32 Executable Borland Delphi 6
0.9% Win32 Executable Delphi generic
0.9% Windows screen saver
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
fcf899c1c563f3578b03b5c03f5a9f1e
sha1
23114fefde2047a3ad51aa102be229992bce4633
crc32
0x17ce59b
sha224
d46dc112796e859f94ee336d489ab509511a926c00093719763c82cc
sha256
0399324f2b08dd9fedadf528fded8294bcc1e65e8c6d2546d162b1e1185a2d09
sha384
2f8c7c3dd07f7e56a8886f5b7da1abc9496c5afc9b89659ef572c5a47f494060b3281880f0d15d629a6357987d561b97
sha512
c6e3ebd20a7cfdd5c5418a5d3180f5a2fb3bbf111edb9727264536db063d9f9bd4bc600cff927444d41e9db631a37c53c740971ca24700724f3d2c6521fe3764
ssdeep
98304:byBsesl2lYGabDPfPPzPan9xPKhHWvuUR3jRXe:GBseA2FabDPfPPzPa9dI
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, Borland_Delphi_30_, CRC32_poly_Constant, Delphi_DecodeDate, possible_includes_base64_packed_functions, borland_delphi, Delphi_FormShow, CRC32_table, Microsoft_Visual_Cpp_v50v60_MFC, network_http, win_files_operation, IsPE32, win_hook, screenshot, Borland_Delphi_v40_v50, keylogger, contentis_base64, Borland_Delphi_40_additional, Borland_Delphi_40, Delphi_Random, IsWindowsGUI, Delphi_Copy, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, win_registry, Delphi_CompareCall, Delphi_StrToInt, Advapi_Hash_API, Borland_Delphi_30_additional, Borland_Delphi_v30, Big_Numbers2, Big_Numbers0

Suspicious
True check_circle

Strings
List
http://www.elivaldo.com.br
http://www.elivaldo.com.br
http://www.elivaldo.com.br
http://www.elivaldo.com.br
msoe@microsoft.com
t.Ht
Font.Name
Font.Style
Font.Style
Font.Name
Font.Style
Font.Name
Font.Name
Font.Style
Font.Style
Font.Name
B';P/JO/HN.HN.HN.HP.HO.GE'B5
ZA|Y@zX?wX>tW<qU;nU9kS7hS6eR5aQ3_Q2]P2[O0YO/VN.TN.SN-QM-PM-OM-OM,OM,NN+LN+LN,KO,LO,LO+KO+KP-MP-MP-MQ.NQ.NQ.MR.NR/NR.NS/PW5[ZD|^M
7F$?T-HU-HS-IS,HU-HV-GV.GV.GT,GV-GW.GW-GW-GW.HW-GW-GW-HW-HW.HW.IW.IX/JT,E
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
<,TL&DW.LU-KU-KU-KU-KU-KU-KU-JU-JU-JU-JU-JU-JU-JT-IT-IT-IT-IT-HT-HT,HT,GS*ER+IW:\aQwi^
e-mail: falecom@elivaldo.com.br
e-mail: falecom@elivaldo.com.br
e-mail: falecom@elivaldo.com.br
e-mail: falecom@elivaldo.com.br
.M-EQ/IO.GO.GO.GO.GP/GO.EB%A2
0!j2'ZC:\WMjeZvi^|h]|g\{f[zf[zf[{f[{f[{f[{f[{f[|f[|f[|f[}f[}f[|eX{eXzeYzeYzeY{eYzdXycVxcUwcUwdUxdUxdVycUxcUxbSvbSvbRwbRwbRwbRxbSxbSxaQwbRwbQwbQwbQwbPwbR{R2SN$>O&BO'BO)DR+FU,JV.MW.PX.PX/PX/QX/QX/RY/RY/RY/SZ0TR+NL(JV,OY.T]>nj\
4.my
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
0G 0G /G /G!/H!0F$<I-OQ;eWBqYFv\K{>'FL&=R+DR,DR,FS.HT.IU.IU.IU.IU.JU.JU.JU.JU.JU.JU.JU/KU/KU/KU/KV/KV/LV/LV/LV/LV/LV/LV/LV/LV/MV0MV0MW0MW0MW0MW0NW0NW0NW0NW0NW0NW0NW0OW0OW0OW0OW0OX0OX0OX0OX0OX0OX1OX1OX1PX1PX1PX1OX1OX1PX1PZ2OJ%EF/g
crypt32.dll
G,QH%GP.NR2SR1SR1SR1SR1SR1RR1RR1QR1QR0PR0PS0OS0OS0OS0OS0OS0NR/MR/MS.MS.MR.MR.MR.MQ.MQ.MQ.KQ.KQ.KR.KR/LT/NN,G9
6'j>3`LBc^Sph]{i^~g\}f[|dYydXzdXyeXzeXydXxcVvcUvcVvcUwcVwbUvbSuaQtaQsaQtaQtaQt`Qs`Pr`Or`Or`Or`Os`Os_Nr_Nq`Mr`Mr`Ms`Ms`Ms`NvR7]L#=M%@M%@M%@M%@M%@M&@N%@N%AN&BO'CQ(ER)GT+JV-MX.PY/RY/TZ/TZ/U[1VK(KA!DQ*O[/T[3_eP
M<bA"FI%EP.OR1RR1SR1SR1RR1RR1RR1RR1RR1RR1QR1QR0PS0OS0OS0OS0OS0OS/NR/NR/NR/NR/MR/MR/MR/MR/LR.LR.LQ.LQ.LR.LU/NO,I>#5%
bCzd?dd?bd?bc?ac?ac?ac?bb?ab>`b>_b>_b>_b=_b=_b=_b=`b=`b=ab=ab=ab=aa=aa=aa=aa=`a=`a=`a=`a=_a=_a=_`>``>``>a`>a`>a`>a`>b`>b`=b`=a_=`_<_^;^^;]^;]^;]^;]^;]];]];]];]];]];]]:\\:[\9ZZ7WY5TX4SW3PV1OU1NU1MU0LS.JP+BL':L&9K&8K&8K%8K%7K%7K%8F!1@
E!@W-HU-JU-JU-JU-KU-KU-KU-KV-LV.LW.LW/MX/NY0NY/MV.LR*IJ%E<
6= :B#>E#@G%AI&?K%>L%<K%:L%:M&:N'<O(?P*AQ+DS.GU/JX0MX3QY5S\5V\7W\8X\8Y]9Z^;]_<_`=``?m`H
:({4&b=2[MDdaWsh]{i^}g\|f[{f[{f[|f[|fZzdYydXyeYzeYzeYzdXxcVwcUvcUvcUwcVwcUwcTvbRubRtaRuaRuaSvbRubQtaPs`Os`OsaOt`Pt`Pt`Ot`Nt`Ns`Mt`MtaOwT9_M$>M%@M%@M%@M%@M&AN&AN&AP(CQ)FT+JV-MW/OX/QY/SY/SY/SY/T[/UX.SG%GI&JZ/SZ-T^<ml]
1R,FV.KT-IT-HT-JT-JT-JT-JU-JU-KU.KW/L.
PB_V@XT=VK.HK%7M&5M&5M&5M&4M%4M%3L%3L%3L%2L%2L$2J#3H#5G&:J-CL/C9
C!;M'CJ&AI&AI&AI%AI%AJ%BJ&BJ&BJ&BK&CK&CK&CK&DL'EL&EL&EL&EL&EL&EN(GN(HN(FN(FM(FN*HP,KP,KP,KP,JP,JR-MT-NV.PT-NB$<&
.S.CA"</
6N(BU-FT-ER,DR,DR,DR,DR,DR,ER,ER,ER,ER,ER,ER,ES,ES,ES,ES,ET,FW.HM(A*
U.aU,[yCvt@v
<X.MT+N_Humc
-C.Si\
A$8Q.GP-FO-FO-EO-GO-FQ-E1
8N*BU.GT-FR,ER,ER,ER,ES,ER,ER,ET,FV.GR+D9
'J*AQ.IO-FO-EO-GO-FO-FQ.F7
4Q-DO,EO,EO,EO,FO,FO-FO-FO,FO,FP.GQ.HD&;-
6S,IT-JU-JU-KV-KU.KU.KU.KU.LU.LV.LV.MW/N8
1U.IU-JT-IT-IT-IT-IT-JT-JT-JU-KU.KW/LL)F&
@H%<V.IT-JT-IT-IT-IT-IT-IU-JV-KR+I&
-L-FP/JN.HN.HN.HO.HO.GF(C5
:N)GU.LS-LS-LS-LT-JU-IU-HV-HV-HU.HU-HV.HV-IW-HW.HW.HW-HW.HW.IW.IW.IW.JW.JY/H;
W6hU,RW.UW.UW.UW.UX.UY/VT-R*
7Q-DO,EO,EO,EO,EO,FO,FO-FO-FO-EO-FQ.HN-E=#4!
,O+BP-FO,EO,EO-FO-FO,FO-FQ.IN-E>#5+
5V.IW.IT+GW5WeS{e[
1N.HP/KN.IN.IO/JP/HG(B4
GW,IW.LW.LW.KY/LC
<W.PX.PW.PW.OW.OW.OW.OY/PM)G8
O.]T-VT.YT.YT.YU.YU.XV.WV.WY/W/
-H)@P.HN-GO.HP.HF(?4
8Y/MV/LV/MV/MV.LW/NW/NW.MW/OW.NY0PD$A9
8Y/MV.LV.KV.LV/MW.MW.MW.MW.NW/OY0OJ'F4
<"OV-IW.MW.LW.LX/LC
@6hC!;Q-DO,EO,EO-EO,EO-EO-EO-EO-EO-EO-EO-EQ-FQ.GD&:%
@W-O[0TY/SY/SY/SY/SY/TY/TY/TY/TY/TY/TY/TY/TY/TY/TY/TY/TY/SY/TY/TY/TY/TY/SY/SY/SY/RY/SY/SY/RY/QY/QY/QX/QW/RW/RV.SV.TX/SX/RC"B,
9Y.MV-KV.KV.LV.LV.LW.MW.MW/NW.NX.NS,L4
<Z/PW.NW.NW.NW.MW-LW-LW-LV-KV-KU-KW.LV.J?
P.rsrc
SOFTWARE\Borland\Delphi\RTL
Delphi%.8X
Software\Borland\Locales
%G$<Y-EV,DX-EE!7%
Software\Borland\Delphi\Locales
winspool.drv
9.gde
Software\Microsoft\Internet Explorer\IntelliForms\Storage2
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
qtw.elp
version.dll
vcltest3.dll
uxtheme.dll
wininet.dll
;J%<F":S,DU.GU.HT.IT.IU.IU.IU.IU.JU.JU.JU.JU.JU.JU.JU.JU/KU/KU/KV/KV/KV/LV/LV/LV/LV/LV/LV/LV/LV/MV0MV0MW0MW0MW0NW0NW0NW0NW0NW0NW0NW0NW0NW0OW0OW0OW0OW0OW0OW0OW0OW0OW0OX0OX0OY1OX/KA!IcT
*U-IX.LU,JU,IT,HT,HT,HT,HT,GT,FT,FT,FS,ES+ES+ES+DS+CS+CS*CS*AS*AR*AQ*AQ)?Q)?Q)A1
B3[D!>X.LU-KU-KU-JU-JU-JU-JU-JU-JT-IT-IT-IT-IT-IT-IT-HT-HT-HT-HT,HT,HT,GT,GS,GS,FR*DQ+HW9[aPuh]
-I%CX.MV-JU-JU,JT,IT,IT,HT,HT,GT,GT,FT,FT,FT+ES+ES+DS+DS+CS+CS+CS+CS*AR*AQ*AQ*@R+A0
4W/MV.LV.LV.KV-KV-JV,JU,JU,IT,IT,IT,HT,GT,GT,GT,GT,FT,FS,FS,ES,DS,DS,DS+DS*CS*CU+DE#5
6X/MV.LV.LV.LV.LV-JV-JV,JV,JU,IT,IT,IT,HT,HT,GT,GT,FT,FS,FS,FS,FS,DS,DS,DS*DS*CU+E9
;B&CL-JP0MR1MP0LP/KP/KP/KP/JP.IP.IP-IP-IP.IP-IP-IP-HP-HP-HP-HP-GQ-HS.HT.FO)?>
/R+IW.LV-KV-JU,JU,JT,IT,HT,HT,HT,GT,GT,GT,FT,ES,ES+ES+ES+DS+CS+CS*CS*BR*AR*AR*AR+A+
/O*HX/MV.LV.LV.LV.KV.KV-KV,JU,IU,IU,IT,IT,HT,HT,GT,GS,FS,FS,FS,FS,ES,ET,DT,DT,DV,FE#6'
?N'EZ/OW.NW.MW.MY/NN)HG%BW.LV-KV-KV-JV,JU,JU,IT,IT,HT,HV-F;

Foremost
Matches
0.exe, 3 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.elivaldo.com.br
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: crypt32.dll, vcltest3.dll, MAPI32.DLL, wininet.dll, user32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, gdi32.dll, oleaut32.dll, kernel32.dll, version.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 3034624
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 695252
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: crypt32.dll, mapi32.dll, wininet.dll, user32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, gdi32.dll, oleaut32.dll, kernel32.dll, version.dll
hasLibs: True check_circle
Suspicious: vcltest3.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1992-06-19 19:22:17
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 96
.rsrc: 287
.reloc: 1

nopsequence
.rsrc: 4

pushpopmath
none: 19
.rsrc: 572
.idata: 15
.reloc: 31

ss register
.rsrc: 2

garbagebytes
none: 93
.rsrc: 50
.reloc: 1

hookdetection
none: 2
.rsrc: 4
.reloc: 4

software breakpoint
none: 14
.rsrc: 157
.reloc: 12

fakeconditionaljumps
.rsrc: 3

programcontrolflowchange
none: 93
.rsrc: 47
.reloc: 1

cpuinstructionsresultscomparison
none: 26
.rsrc: 23

AVclass
delf
1
VirusTotal
md5
fcf899c1c563f3578b03b5c03f5a9f1e
sha1
23114fefde2047a3ad51aa102be229992bce4633
SCANS (DETECTION RATE = 66.67%)
AVG
result: Win32:Malware-gen
update: 20180325
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180324
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=88)
update: 20180325
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180325
version: 1.3.0.9466
detected: False cancel

K7GW
update: 20180325
version: 10.42.26600
detected: False cancel

ALYac
result: Gen:Variant.Ursu.141857
update: 20180325
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180325
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Symmi.26364.1
update: 20180324
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.KQVY-2772
update: 20180325
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.PWS.Siggen2.2215
update: 20180325
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Ursu.141857
update: 20180325
version: A:25.16495B:25.11872
detected: True check_circle

Panda
result: Trj/Banker.KXW
update: 20180324
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.Delf
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180325
version: 65508
detected: True check_circle

Zoner
update: 20180325
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180325
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180325
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180325
version: 28740
detected: True check_circle

F-Prot
update: 20180325
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Win32.Contuedo
update: 20180324
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXBX-JC!FCF899C1C563
update: 20180325
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Delf!8.12D (TFE:4:tWi6ZNdo5CP)
update: 20180325
version: 25.0.0.1
detected: True check_circle

Sophos
result: Troj/Spy-ACP
update: 20180325
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.PWS.BestaFera!
update: 20180324
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.BestaFera.Win32.6119
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Ursu.D22A21
update: 20180325
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180325
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan-banker.Bestafera.Eilk
update: 20180325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180324
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180325
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Ursu.141857
update: 20180325
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Uds.Dangerousobject.Multi!c
update: 20180325
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Ursu.141857 (B)
update: 20180325
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180325
version: 11.0.19100.45
detected: False cancel

Fortinet
result: W32/Delf.PMG!tr
update: 20180325
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
update: 20180325
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180325
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180325
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20180324
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180325
version: 2018-03-25.01
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Gen.C2255895
update: 20180324
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Contuedo
update: 20180325
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Banker.Win32.BestaFera.anhq
update: 20180325
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanSpy:Win32/Serortat.B
update: 20180325
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: Win32/Trojan.Spy.e39
update: 20180325
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Banker.Win32.BestaFera.anhq
update: 20180325
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Spy.Delf.PMG
update: 20180325
version: 17111
detected: True check_circle

TrendMicro
result: TROJ_GEN.R004C0DKB17
update: 20180325
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180324
detected: False cancel

BitDefender
result: Gen:Variant.Ursu.141857
update: 20180325
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_60% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20180325
version: 10.42.26601
detected: False cancel

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180324
version: 180324-00
detected: False cancel

Malwarebytes
update: 20180325
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180324
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Dynamer.18261
update: 20180324
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Symmi.cucped
update: 20180325
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Ursu.141857
update: 20180325
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180324
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: GenericRXBX-JC!FCF899C1C563
update: 20180324
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R004C0DKB17
update: 20180325
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
0399324f2b08dd9fedadf528fded8294bcc1e65e8c6d2546d162b1e1185a2d09
scan_id
0399324f2b08dd9fedadf528fded8294bcc1e65e8c6d2546d162b1e1185a2d09-1521952524
resource
fcf899c1c563f3578b03b5c03f5a9f1e
positives
44
scan_date
2018-03-25 04:35:24
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Machine Crashed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:58312 code ipv6.msftncsi.com.
computer localhost arrow_forward computer gateway:50273 code thor777.com.
computer localhost arrow_forward computer gateway:DNS code time.windows.com.
computer localhost arrow_forward computer gateway:DNS code teredo.ipv6.microsoft.com.
computer localhost arrow_forward computer gateway:59071 code time.windows.com.
computer localhost arrow_forward computer gateway:DNS code www.msftncsi.com.
computer localhost arrow_forward computer gateway:54989 code teredo.ipv6.microsoft.com.
computer localhost arrow_forward computer gateway:DNS code thor777.com.
computer localhost arrow_forward computer gateway:DNS code ipv6.msftncsi.com.
computer localhost arrow_forward computer gateway:49432 code teredo.ipv6.microsoft.com.

Response
computer gateway:DNS arrow_forward computer localhost code time.windows.com. reply_all 51.137.137.111

computer gateway:DNS arrow_forward computer localhost code thor777.com. reply_all 184.168.221.58

computer gateway:DNS arrow_forward computer localhost code ipv6.msftncsi.com. reply_all a978.i6g1.akamai.net.

computer gateway:DNS arrow_forward computer localhost code www.msftncsi.com. reply_all 200.143.247.9


TCP
Info
computer localhost:49157 arrow_forward 200.143.247.8:80
200.143.247.8:80 arrow_forward computer localhost:49157
184.168.221.58:80 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 184.168.221.58:80

UDP
Info
computer localhost:63743 arrow_forward help_outline 224.0.0.252:5355
computer localhost:49432 arrow_forward computer localhost:53
computer localhost:59436 arrow_forward help_outline 224.0.0.252:5355
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:63659 arrow_forward help_outline 224.0.0.252:5355
computer localhost:53 arrow_forward computer localhost:59071
computer localhost:53 arrow_forward computer localhost:54989
51.137.137.111:123 arrow_forward computer localhost:123
computer localhost:54989 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:58312
computer localhost:55930 arrow_forward help_outline 239.255.255.250:3702
computer localhost:49596 arrow_forward help_outline 224.0.0.252:5355
computer localhost:62530 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:62530
computer localhost:58312 arrow_forward computer localhost:53
computer localhost:52263 arrow_forward help_outline 224.0.0.252:5355
computer localhost:55052 arrow_forward help_outline 224.0.0.252:5355
computer localhost:58980 arrow_forward help_outline 224.0.0.252:5355
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:49432
computer localhost:67 arrow_forward computer localhost:68
computer localhost:56779 arrow_forward help_outline 224.0.0.252:5355
computer localhost:123 arrow_forward 51.137.137.111:123
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:59071 arrow_forward computer localhost:53

HTTP
Info
computer localhost send GET www.msftncsi.com attach_file /ncsi.txt
computer localhost send POST thor777.com attach_file /upload.php

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 69.31%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 93.02%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 59.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 88.74%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.79%
suspicious: False cancel

Add to Collection
Download