Report #94 cancel

  • Creation Date: May 22, 2019, 2:55 p.m.
  • Last Update: May 22, 2019, 2:58 p.m.
  • File: Battle.net-Setup.exe
  • Results:
Binary
DLL
False cancel
Size
4.68MB
trid
72.3% Win64 Executable
11.8% Win32 Executable
5.3% OS/2 Executable
5.2% Generic Win/DOS Executable
5.2% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e14bd5c10e16420fdb54a28f7b7a0353
sha1
1ef1349b139134bb6c6126364861e0ad35a3bcae
crc32
0xc489349f
sha224
f72d6187c3eb3188c0c44b6216bc4e6a5fdbf6ed9cee3f27a0981823
sha256
d3821b01dd6813f0dedc0c2c3598a48bd8f47d10a07af50a027ab7cd88ce1256
sha384
bdbbfba686bd9e40f532ec6656e28eca58a7af5d6c6a4467241d73686a728d6e21083c449df2531a4b37744aaaad4a0a
sha512
e359f20eea77c4456d24f65bda77d22d298a361ed01d903d525b11880ac760048809312e3adc76c977d1e5c3f897ff07df9392dd4612fd18275bcb6034a6f8a3
ssdeep
98304:zhd3ga/+fpF5bAeDlMcXVFmpJE5qZ03wRtX:zhdv+f5bRmP4q2wtX
Community
Google
0
HashLib
0
YARA
Matches
IP, HasDebugData, CRC32_poly_Constant, BASE64_table, escalate_priv, HasRichSignature, VC8_Microsoft_Corporation, RIPEMD160_Constants, DebuggerException__SetConsoleCtrl, Check_OutputDebugStringA_iat, network_dns, CRC32_table, RijnDael_AES, network_http, BLOWFISH_Constants, win_files_operation, IsPE32, WHIRLPOOL_Constants, network_tcp_socket, Misc_Suspicious_Strings, screenshot, win_token, win_mutex, maldoc_find_kernel32_base_method_1, anti_dbg, IsWindowsGUI, antisb_threatExpert, SHA512_Constants, HasDigitalSignature, network_tcp_listen, url, DES_Long, SHA1_Constants, android_meterpreter, contentis_base64, Microsoft_Visual_Cpp_8, win_registry, HasOverlay, network_dga, network_smtp_raw, Advapi_Hash_API, MD5_Constants, Big_Numbers1

Suspicious
1

Heuristics
IPs
hasIPs: 1
Allowed: 127.0.0.1, 1, localhost., 2.5.4.8, 1, alille-656-1-159-8.w2-5.abo.wanadoo.fr., 2.5.4.9, 1, alille-656-1-159-9.w2-5.abo.wanadoo.fr., 2.5.4.6, 1, alille-656-1-159-6.w2-5.abo.wanadoo.fr., 2.5.4.7, 1, alille-656-1-159-7.w2-5.abo.wanadoo.fr., 2.5.4.4, 1, alille-656-1-159-4.w2-5.abo.wanadoo.fr., 2.5.4.5, 1, alille-656-1-159-5.w2-5.abo.wanadoo.fr., 2.5.4.3, 1, alille-656-1-159-3.w2-5.abo.wanadoo.fr., 2.5.4.72, 1, alille-656-1-159-72.w2-5.abo.wanadoo.fr., 2.5.4.10, 1, alille-656-1-159-10.w2-5.abo.wanadoo.fr., 2.5.4.11, 1, alille-656-1-159-11.w2-5.abo.wanadoo.fr., 2.5.4.12, 1, alille-656-1-159-12.w2-5.abo.wanadoo.fr., 2.5.4.13, 1, alille-656-1-159-13.w2-5.abo.wanadoo.fr., 2.5.4.17, 1, alille-656-1-159-17.w2-5.abo.wanadoo.fr., 2.5.4.45, 1, alille-656-1-159-45.w2-5.abo.wanadoo.fr., 2.5.4.65, 1, alille-656-1-159-65.w2-5.abo.wanadoo.fr., 2.5.4.46, 1, alille-656-1-159-46.w2-5.abo.wanadoo.fr., 2.5.4.44, 1, alille-656-1-159-44.w2-5.abo.wanadoo.fr., 2.5.4.43, 1, alille-656-1-159-43.w2-5.abo.wanadoo.fr., 2.5.4.42, 1, alille-656-1-159-42.w2-5.abo.wanadoo.fr., 2.5.4.41, 1, alille-656-1-159-41.w2-5.abo.wanadoo.fr.
Suspicious: 1.3.14.3, 0, Unknown, 101.3.4.2, 0, Unknown, 2.5.29.19, 0, Unknown, 2.5.29.17, 0, Unknown, 2.5.29.18, 0, Unknown
hasAllowed: 1
hasSuspicious: 1

URLs
Allowed: http://www.w3.org/1999/02/22-rdf-syntax-ns#
hasURLs: 1
Suspicious: http://crl4.digicert.com/sha2-assured-cs-g1.crl0l, https://nydus.battle.net/app/%s/setup/app, http://crl3.digicert.com/sha2-assured-cs-g1.crl05, http://cacerts.digicert.com/digicertassuredidrootca.crt0, http://nydus.battle.net/app/%s/setup/error/%s, https://curl.haxx.se/docs/http-cookies.html, ftp://%s:%s@%s, http://, http://iir.blizzard.com:3724/submit/bnet_app, http://%s:%d%s, http://ns.adobe.com/xap/1.0/mm/, http://ocsp.digicert.com0n, http://ns.adobe.com/xap/1.0/stype/resourceref#, http://ocsp.digicert.com0c, http://crl.thawte.com/thawtetimestampingca.crl0, http://nydus.battle.net/geoip, file://, https://www.openssl.org/docs/faq.html, https://telemetry-in.battle.net, http://ocsp.thawte.com0, http://crl3.digicert.com/digicertassuredidrootca.crl0o, ftp://, http://cacerts.digicert.com/digicertsha2assuredidcodesigningca.crt0, http://ns.adobe.com/xap/1.0/, http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(, http://www.google-analytics.com/collect, file://hostname/,, http://crl4.digicert.com/digicertassuredidrootca.crl0:, http://ts-ocsp.ws.symantec.com07, https://www.digicert.com/cps0, http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
hasAllowed: 1
hasSuspicious: 1

Files
Allowed: tAdvapi32.dll, Sapi-ms-win-core-synch-l1-2-0.dll, 7psapi.dll, mscoree.dll, ntdll.dll, combase.dll, advapi32.dll, Ckernel32.dll, COMCTL32.DLL, shell32.dll, RPCRT4.dll, KERNEL32.dll, MSIMG32.dll, USER32.dll, WINTRUST.dll, secur32.dll, VERSION.dll, WS2_32.DLL, security.dll, WINHTTP.dll, WININET.dll, dbghelp.dll, OLEAUT32.dll, ole32.dll, CRYPT32.dll, psapi.dll, GDI32.dll
hasFiles: 1
Suspicious: STRINGS.BIN, ProductLocale.txt, exception-failed.txt, Logs/repair-on-demand.log, battle.net-setup.log, battle.net-launcher.log, Logs/Streaming.log, Setup.db, .agent.db, Launcher.db
hasAllowed: 1
hasSuspicious: 1

Binary
Sizes
RVA
RVA: 16
Suspicious: 0
Code
Size: 1975296
Suspicious: 0
Image
Address: 4194304
Suspicious: 0
Stack
Stack: 4096
Suspicious: 0
Headers
Headers: 1024
Suspicious: 0
Suspicious: 0

Symbols
Number
Number: 0
Suspicious: 1
Pointer
Pointer: 0
Suspicious: 1
Directories
Number: 16
Suspicious: 0

Checksum
Value: 4939465
Suspicous: 0

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: 1
hasSections: 1
hasSuspicious: 0

Versions
OS
Version: 6
Suspicious: 0
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 14.15
Suspicious: 0
Subsystem
Version: 6.0
Suspicious: 0
Suspicious: 0

EntryPoint
Address: 1279475
Suspicious: 0

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: 1

Libraries
Allowed: mscoree.dll, ntdll.dll, combase.dll, advapi32.dll, comctl32.dll, shell32.dll, rpcrt4.dll, kernel32.dll, msimg32.dll, user32.dll, wintrust.dll, secur32.dll, version.dll, ws2_32.dll, security.dll, winhttp.dll, wininet.dll, dbghelp.dll, oleaut32.dll, ole32.dll, crypt32.dll, psapi.dll, gdi32.dll
hasLibs: 1
Suspicious: tadvapi32.dll, sapi-ms-win-core-synch-l1-2-0.dll, 7psapi.dll, ckernel32.dll
hasAllowed: 1
hasSuspicious: 1

Timestamp
Past: 0
Valid: 1
Value: 2019-02-14 21:05:18
Future: 0

Compilation
Packed: 0
Missing: 0
Packers
Compiled: 1
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: 0
Fuzzing: 1

Disassembly
hasTricks
1
Tricks
ldr
.text: 2

pushret
.data: 1
.rsrc: 151
.text: 2
.rdata: 80

pushpopmath
.data: 73
.rsrc: 219
.text: 96
.rdata: 1354
.reloc: 118

sizeofimage
.text: 2

ss register
.rsrc: 5

garbagebytes
.rsrc: 54
.text: 1
.rdata: 24

hookdetection
.data: 1
.rsrc: 7
.rdata: 2
.reloc: 8

stealthimport
.rsrc: 1
.text: 9

peb ntglobalflag
.text: 2

isdebbugerpresent
.text: 2

software breakpoint
.rsrc: 3
.text: 28
.rdata: 3
.reloc: 46

fakeconditionaljumps
.rsrc: 7

programcontrolflowchange
.rsrc: 48
.text: 1
.rdata: 24

cpuinstructionsresultscomparison
.data: 10
.rsrc: 10
.rdata: 61
.reloc: 3

AVclass
None
1
VirusTotal
md5
e14bd5c10e16420fdb54a28f7b7a0353
sha1
1ef1349b139134bb6c6126364861e0ad35a3bcae
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20190522
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20190522
version: 2018.9.12.1
detected: False cancel

APEX
update: 20190522
version: 5.20
detected: False cancel

Bkav
update: 20190522
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190522
version: 11.45.30986
detected: False cancel

ALYac
update: 20190522
version: 1.1.1.5
detected: False cancel

Avast
update: 20190522
version: 18.4.3895.0
detected: False cancel

Avira
update: 20190522
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190522
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190522
version: 7.0.34.11020
detected: False cancel

GData
update: 20190522
version: A:25.22058B:25.15141
detected: False cancel

Panda
update: 20190522
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190522
version: 4.0.0
detected: False cancel

Zoner
update: 20190522
version: 1.0
detected: False cancel

ClamAV
update: 20190522
version: 0.101.2.0
detected: False cancel

Comodo
update: 20190522
version: 30905
detected: False cancel

F-Prot
update: 20190522
version: 4.7.1.166
detected: False cancel

McAfee
update: 20190522
version: 6.0.6.653
detected: False cancel

Rising
update: 20190522
version: 25.0.0.24
detected: False cancel

Sophos
update: 20190522
version: 4.98.0
detected: False cancel

Zillya
update: 20190522
version: 2.0.0.3815
detected: False cancel

Acronis
update: 20190522
version: 1.0.1.48
detected: False cancel

Alibaba
update: 20190513
version: 0.3.0.4
detected: False cancel

Arcabit
update: 20190522
version: 1.0.0.846
detected: False cancel

Babable
update: 20190424
version: 9107201
detected: False cancel

Cylance
update: 20190522
version: 2.3.1.101
detected: False cancel

Endgame
update: 20190522
version: 3.0.12
detected: False cancel

FireEye
update: 20190522
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20190522
version: 2019-05-22.02
detected: False cancel

Tencent
update: 20190522
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190522
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190522
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190522
version: v4.3.6
detected: False cancel

Ad-Aware
update: 20190522
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190522
version: 4.2
detected: False cancel

Emsisoft
update: 20190522
version: 2018.4.0.1029
detected: False cancel

F-Secure
update: 20190522
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20190522
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190313
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190522
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190522
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190522
version: 1.0
detected: False cancel

Symantec
update: 20190522
version: 1.9.0.0
detected: False cancel

Trapmine
update: 20190522
version: 3.1.62.789
detected: False cancel

AhnLab-V3
update: 20190522
version: 3.15.1.23978
detected: False cancel

Antiy-AVL
update: 20190522
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20190522
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20190521
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20190522
version: 1.1.15900.4
detected: False cancel

Qihoo-360
update: 20190522
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20190522
version: 6.8.0.5.4232
detected: False cancel

Trustlook
update: 20190522
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190522
version: 1.0
detected: False cancel

Cybereason
update: 20190417
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20190522
version: 19398
detected: False cancel

TrendMicro
update: 20190522
version: 10.0.0.1040
detected: False cancel

BitDefender
update: 20190522
version: 7.2
detected: False cancel

CrowdStrike
update: 20190212
version: 1.0
detected: False cancel

K7AntiVirus
update: 20190522
version: 11.45.30988
detected: False cancel

SentinelOne
update: 20190511
version: 1.0.26.329
detected: False cancel

Avast-Mobile
update: 20190521
version: 190521-00
detected: False cancel

Malwarebytes
update: 20190522
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190522
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190522
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190521
version: 1.0.134.24826
detected: False cancel

MicroWorld-eScan
update: 20190522
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20190521
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190522
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20190522
version: 10.0.0.1040
detected: False cancel

total
71
sha256
d3821b01dd6813f0dedc0c2c3598a48bd8f47d10a07af50a027ab7cd88ce1256
scan_id
d3821b01dd6813f0dedc0c2c3598a48bd8f47d10a07af50a027ab7cd88ce1256-1558546614
resource
e14bd5c10e16420fdb54a28f7b7a0353
positives
0
scan_date
2019-05-22 17:36:54
verbose_msg
Scan finished, information embedded
response_code
1
Results
Random Forest
detected: TBD
confidence: TBD