Report #9533 cancel

AVclass
chepro
1
VirusTotal
md5
ea82b2082d0cd22b5f35da92e40f8317
sha1
23497fa467f68d5f09be10f47d379f6d383ed7f3
SCANS (DETECTION RATE = 61.90%)
AVG
result: Win32:Malware-gen
update: 20180629
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180629
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=88)
update: 20180630
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180629
version: 1.3.0.9466
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20180630
version: 10.51.27609
detected: True check_circle

ALYac
result: Gen:Variant.Graftor.158501
update: 20180629
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180629
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Banker.ChePro.qik
update: 20180629
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9812
update: 20180628
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.IXCU-3407
update: 20180629
version: 6.0.0.4
detected: True check_circle

DrWeb
result: Trojan.Bankfraud.1779
update: 20180629
version: 7.0.33.6080
detected: True check_circle

GData
result: Gen:Variant.Graftor.158501
update: 20180629
version: A:25.17629B:25.12609
detected: True check_circle

Panda
result: Trj/Chgt.I
update: 20180629
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanBanker.ChePro
update: 20180629
version: 3.12.32.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180629
version: 67762
detected: True check_circle

Zoner
update: 20180629
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180629
version: 1.6.0.52
detected: True check_circle

ClamAV
update: 20180629
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180630
version: 29260
detected: True check_circle

F-Prot
update: 20180630
version: 4.7.1.166
detected: False cancel

McAfee
result: Artemis!EA82B2082D0C
update: 20180629
version: 6.0.6.653
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180629
version: 4.98.0
detected: True check_circle

Yandex
result: TrojanSpy.Bancos!gbPhPduligs
update: 20180629
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.ChePro.Win32.4648
update: 20180629
version: 2.0.0.3584
detected: True check_circle

Arcabit
result: Trojan.Graftor.D26B25
update: 20180629
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180406
version: 9107201
detected: False cancel

Endgame
result: malicious (moderate confidence)
update: 20180612
version: 2.1.3
detected: True check_circle

TACHYON
update: 20180629
version: 2018-06-29.02
detected: False cancel

Tencent
result: Win32.Trojan-banker.Chepro.Amby
update: 20180630
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180629
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Gen
update: 20180630
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20180630
detected: False cancel

Ad-Aware
result: Gen:Variant.Graftor.158501
update: 20180629
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Troj.Banker.W32.ChePro.qik!c
update: 20180629
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Graftor.158501 (B)
update: 20180629
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Graftor.158501
update: 20180630
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Bancos.ACZ!tr.spy
update: 20180629
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180601
version: 6.3.5.26121
detected: False cancel

Jiangmin
update: 20180629
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180630
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20180630
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20180629
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Agent.R120677
update: 20180629
version: 3.12.1.21240
detected: True check_circle

Antiy-AVL
result: Trojan[Banker]/Win32.ChePro
update: 20180630
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Banker.Win32.ChePro.qik
update: 20180629
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180629
version: 1.1.15000.2
detected: False cancel

Qihoo-360
update: 20180630
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20180628
version: 6.8.0.5.3218
detected: False cancel

ZoneAlarm
result: Trojan-Banker.Win32.ChePro.qik
update: 20180629
version: 1.0
detected: True check_circle

Cybereason
result: malicious.82d0cd
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/Spy.Bancos.ACZ
update: 20180629
version: 17636
detected: True check_circle

BitDefender
result: Gen:Variant.Graftor.158501
update: 20180629
version: 7.2
detected: True check_circle

CrowdStrike
update: 20180530
version: 1.0
detected: False cancel

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20180629
version: 10.51.27609
detected: True check_circle

SentinelOne
update: 20180618
version: 1.0.17.225
detected: False cancel

Avast-Mobile
update: 20180629
version: 180628-10
detected: False cancel

Malwarebytes
update: 20180629
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180629
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20180629
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Bankfraud.dghetl
update: 20180629
version: 1.0.116.23366
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Graftor.158501
update: 20180629
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180629
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20180629
version: v2017.2786
detected: False cancel

total
63
sha256
0e14e08fcd8acd75ac8357bd37db1ac5a679e72612e5cd54965afc62cfe5db79
scan_id
0e14e08fcd8acd75ac8357bd37db1ac5a679e72612e5cd54965afc62cfe5db79-1530318388
resource
ea82b2082d0cd22b5f35da92e40f8317
positives
39
scan_date
2018-06-30 00:26:28
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
12/3/2020 - 16:45:43.153Open1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.153Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Read1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Unknown1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wininit.exe
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\ProgramData\Menu Iniciar\Programas\Inicializar\wininit.exe
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas\Inicializar\wininit.exe
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inicializar\wininit.exe
12/3/2020 - 16:45:43.168Unknown1480C:\malware.exeC:\malware.exe
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
12/3/2020 - 16:45:43.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
12/3/2020 - 16:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\cryptsp.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\credssp.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\DNSAPI.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
12/3/2020 - 16:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
12/3/2020 - 16:45:43.450Open1480C:\malware.exeC:\IPHLPAPI.DLL
12/3/2020 - 16:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
12/3/2020 - 16:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
12/3/2020 - 16:45:43.450Open1480C:\malware.exeC:\WINNSI.DLL
12/3/2020 - 16:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
12/3/2020 - 16:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
12/3/2020 - 16:45:43.497Open1480C:\malware.exeC:\rasadhlp.dll
12/3/2020 - 16:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
12/3/2020 - 16:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
12/3/2020 - 16:45:43.997Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
12/3/2020 - 16:45:43.997Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
12/3/2020 - 16:45:44.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\p2
12/3/2020 - 16:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
12/3/2020 - 16:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

DNS
Query
computer localhost arrow_forward computer gateway:50273 code fedprogrammers.com.
computer localhost arrow_forward computer gateway:DNS code fedprogrammers.com.

Response
computer gateway:DNS arrow_forward computer localhost code fedprogrammers.com. reply_all 91.195.240.126


TCP
Info
91.195.240.126:80 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 91.195.240.126:80

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send POST fedprogrammers.com attach_file /images/01/access.php

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 68.20%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 97.91%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 61.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 88.56%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.93%
suspicious: False cancel