Report #9359 check_circle

  • Creation Date: March 11, 2020, 7:08 p.m.
  • Last Update: March 12, 2020, 2:28 a.m.
  • File: bigbang.jpg.exe
  • Results:
Binary
DLL
True check_circle
Size
710.50KB
trid
28.0% Win 9x/ME Control Panel applet
25.5% Win32 Executable Delphi generic
23.6% Windows screen saver
8.1% Win32 Executable
3.7% Win16/32 Executable Delphi generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
924aa8d1503c050145f290dfba7ad6a4
sha1
21788a3ce57e039ef9102b36810fcd461a170493
crc32
0xbb3f1f7
sha224
956e2d6f3e0e8f9576a76ea2ccbcb668edbf36c8bcf9cfc561825b39
sha256
8bd092723abedc0947a13ae85fc2e9ce6e4cf8faa0b418f2d0f2a208a6488539
sha384
06866598b1ef0a460ee8c2958807adc228cfa1ee7bae0cace4e20384843f48d7858bacb88eeb30fb7790b5951d0a6354
sha512
f48382fae937a5cf14d5c6922a1b430f16b47a679d799b5398c2f3bb1969c0e93aade2901f212dcd4b4734ef65a07ad628ab29e2f6bb4b9e77c89acfebe95755
ssdeep
12288:9O2zqWF+Zp7HIPY5usu+RCcT9UtEzGtjaug6mFFeJ:tbFIIPYwApetEzZug62F
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, IP, Dropper_Strings, Borland_Delphi_30_, network_dropper, screenshot, Microsoft_Visual_Cpp_v50v60_MFC, win_files_operation, IsPE32, win_hook, borland_delphi_dll, Borland_Delphi_v40_v50, Borland_Delphi_40_additional, contentis_base64, keylogger, Borland_Delphi_40, IsWindowsGUI, Delphi_FormShow, IsDLL, Delphi_Copy, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, win_registry, Delphi_StrToInt, Borland_Delphi_30_additional, Borland_Delphi_v30, System_Tools

Suspicious
True check_circle

Strings
List
atp1p2.com
rundll32.exe shell32.dll,Control_RunDLL C:\ProgramData\Javachk.cpl
t.Ht
C:\ProgramData\reg.txt
GlassFrame.Top
Font.Name
Font.Style
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Uh.UA
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
1.1.2.2
B.rsrc
SOFTWARE\Borland\Delphi\RTL
Delphi%.8X
Software\Borland\Locales
Software\Borland\Delphi\Locales
/acesso.php
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
version.dll
wininet.dll
uxtheme.dll
1.0.0.0
dsPersistentCookieReceived
Nvtray.exe
dsCookieStateUnknown
dsSessionCookieReceived
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HideSelection0fD
dsDownloadingData
dsUploadingData
ControlOfs%.8X%.8X
WndProcPtr%.8X%.8X
rgserv - try
Sub-menu is not in menu
Division by zero
August September
TaskbarCreated
Rebuild
Selected
bsSizeToolWin
clWebLawnGreen
TaskbarCreated
ToolWin
Uhv%E
EWriteError<%A
Too many open files
Assertion failed
\Software\Microsoft\Windows\CurrentVersion\Run
\Software\Microsoft\Windows\CurrentVersion\Run
Error downloading URL: %s
OnDestroyL"A
Erase "%s"
%s (%s, line %d)
Privileged instruction(Exception %s in module %s at %p.
Error reading %s%s%s: %s
I/O error %d
If exist "%s" Goto 1
No help found for %s#No context-sensitive help installed
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
List count out of bounds (%d)
Ancestor for '%s' not found
Cannot assign a %s to a %s
Unable to load %s
Failed to set data for '%s'
No help found for context$No topic-based help system installed
Class %s not found
Property %s does not exist
Resource %s not found
OnDownloadProgress
OnDestroy
ESafecallException
TPersistent,)A
JMbkQNDqwN9fRo1aRo1KSc5YOMneRo1b84LjS79b
OnHide
OnContextPopupL"A
OnContextPopupL"A
*ShellAPI
Error creating window class+Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'
dsEndDownloadComponents
ssShift
OnDockOver0[D
ssHotTrack
abaixou - DoDownload
dsBeginDownloadData
Invalid stream format$''%s'' is not a valid component name
dsInstallingComponents
dsCompactPolicyReceived
top.txt
top.txt
top.txt
ssLeft
dsEndDownloadData
No argument for format '%s'"Variant method calls not supported
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
OnDeactivate4\D
Delphi Component

Foremost
Matches
0.dll, 710 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.1.2.2, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: URLMON.DLL, USER32.DLL, uxtheme.dll, gdi32.dll, wininet.dll, oleaut32.dll, MAPI32.DLL, comctl32.dll, shell32.dll, DWMAPI.DLL, imm32.dll, kernel32.dll, version.dll, advapi32.dll
hasFiles: True check_circle
Suspicious: C:\ProgramData\reg.txt, top.txt, /acesso.php
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 350208
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 0
Suspicious: True check_circle
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: True check_circle

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .itext, .data, .bss, .idata, .edata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 382856
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: urlmon.dll, user32.dll, uxtheme.dll, gdi32.dll, wininet.dll, oleaut32.dll, mapi32.dll, comctl32.dll, shell32.dll, dwmapi.dll, imm32.dll, kernel32.dll, version.dll, advapi32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-12-08 04:37:07
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.0, Borland Delphi v6.0 - v7.0

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 44
.text: 35
.itext: 5
.reloc: 1

nopsequence
.rsrc: 4

pushpopmath
.rsrc: 10
.text: 6
.reloc: 23

garbagebytes
.rsrc: 9
.text: 35
.itext: 5
.reloc: 1

hookdetection
.text: 2
.reloc: 2

software breakpoint
.rsrc: 1
.reloc: 7

fakeconditionaljumps
.rsrc: 1

programcontrolflowchange
.rsrc: 9
.text: 35
.itext: 5
.reloc: 1

cpuinstructionsresultscomparison
.rsrc: 4
.text: 10

AVclass
banload
1
VirusTotal
md5
924aa8d1503c050145f290dfba7ad6a4
sha1
21788a3ce57e039ef9102b36810fcd461a170493
SCANS (DETECTION RATE = 74.60%)
AVG
result: Win32:Broban-W [Trj]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180324
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 7000000f1 )
update: 20180323
version: 10.42.26598
detected: True check_circle

ALYac
result: Gen:Variant.Zusy.118428
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Broban-W [Trj]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Crypt.Xpack.115100
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9725
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.CKPX-6141
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.Siggen6.28706
update: 20180323
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Zusy.118428
update: 20180323
version: A:25.16481B:25.11861
detected: True check_circle

Panda
result: Trj/Genetic.gen
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.Banload
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65478
detected: True check_circle

Zoner
update: 20180324
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180323
version: 28733
detected: True check_circle

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

McAfee
result: GenericR-CNK!924AA8D1503C
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Banker!1.A377 (CLASSIC)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Troj/Bancos-BZM
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!GfnNK/nme6g
update: 20180323
version: 5.5.1.3
detected: True check_circle

Arcabit
result: Trojan.Zusy.D1CE9C
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180324
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
update: 20180324
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180324
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Zusy.118428
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.W32.Generic!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Zusy.118428 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Zusy.118428
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banload.UNT!tr.dldr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: Trojan.Generic.avrky
update: 20180324
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180324
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180324
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Gen.C688682
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.AGeneric
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Banload
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: HEUR/QVM25.0.Malware.Gen
update: 20180324
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: Trojan/Downloader.Banload.unt
update: 20180319
version: 6.8.0.5.2551
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20180323
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.UNT
update: 20180323
version: 17107
detected: True check_circle

TrendMicro
result: TROJ_BANLOAD.EKCP
update: 20180323
version: 9.862.0.1074
detected: True check_circle

BitDefender
result: Gen:Variant.Zusy.118428
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
update: 20170201
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan ( 7000000f1 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
result: Win32/Banload.YPcHbF
update: 20180323
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: TrojanDownloader.Banload
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Crypted.dkwxwa
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Zusy.118428
update: 20180324
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: GenericR-CNK!924AA8D1503C
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_BANLOAD.EKCP
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
63
sha256
8bd092723abedc0947a13ae85fc2e9ce6e4cf8faa0b418f2d0f2a208a6488539
scan_id
8bd092723abedc0947a13ae85fc2e9ce6e4cf8faa0b418f2d0f2a208a6488539-1521850234
resource
924aa8d1503c050145f290dfba7ad6a4
positives
47
scan_date
2018-03-24 00:10:34
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code tynly2014.com.br.
computer localhost arrow_forward computer gateway:DNS code tynly2014.com.br.

Response

TCP
Info
216.58.202.3:80 arrow_forward computer localhost:65193
computer localhost:65193 arrow_forward 216.58.202.3:80

UDP
Info
computer localhost:67 arrow_forward computer localhost:68
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 79.33%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 68.62%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 63.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 45.39%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 32.90%
suspicious: False cancel

Add to Collection
Download