Report #99 cancel

Binary
DLL
False cancel
Size
301.00KB
trid
38.2% UPX compressed Win32 Executable
37.5% Win32 EXE Yoda's Crypter
9.2% Win32 Dynamic Link Library
6.3% Win32 Executable
2.8% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
57c4ea10ebec721058068e05461feb88
sha1
3b86b8e3e2b3b2c5b1b958136df5569c41652cae
crc32
0x9541d408
sha224
a66e2a2833f9110ca618396718a917d624fafa73a0d785b2657912bc
sha256
e362d19ceff298f378a884bf44b0b3978813d24309c0f0a200d1f82c72611ebd
sha384
5f9f163825313717964198e77fb7f9d2b690b4eeb8148aaeda2fd67c2c916c9d992f6e6940e01c95c45aa95bd451bff6
sha512
f86131eed8b229ef899c935a714faa8293d10dd0452d00506f2af1a631ea3d5457686f7339c5459996cc984bbdfd68264745dc1e67c5aaab078783f8cd1e455c
ssdeep
6144:SuDLg9neBdrOOuoOjtqAMuVVv0067bngK0MQNZrl4oSj:D3g9eBJOLn85kl0063gvhr6oSj
Community
Google
1
HashLib
0
YARA
Matches
domain, UPX_wwwupxsourceforgenet, UPX20030XMarkusOberhumerLaszloMolnarJohnReiser, yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h, UPX_293_LZMA, HasRichSignature, UPX293300LZMAMarkusOberhumerLaszloMolnarJohnReiser, screenshot, UPX_302, UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser, IsPacked, UPX_293_300_LZMA, UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser_additional, UPX_wwwupxsourceforgenet_additional, contentis_base64, UPXv20MarkusLaszloReiser, IsPE32, UPX, PackerUPX_CompresorGratuito_wwwupxsourceforgenet, IsWindowsGUI, UPX_293_300_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser, UPX_293_LZMA_additional, UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser

Suspicious
1

Heuristics
IPs
hasIPs: 0
Allowed
Suspicious
hasAllowed: 0
hasSuspicious: 0

URLs
Allowed
hasURLs: 0
Suspicious
hasAllowed: 0
hasSuspicious: 0

Files
Allowed: KERNEL32.DLL, GDI32.dll, ADVAPI32.dll, USER32.dll
hasFiles: 1
Suspicious
hasAllowed: 1
hasSuspicious: 0

Binary
Sizes
RVA
RVA: 16
Suspicious: 0
Code
Size: 12288
Suspicious: 0
Image
Address: 4194304
Suspicious: 0
Stack
Stack: 4096
Suspicious: 0
Headers
Headers: 4096
Suspicious: 0
Suspicious: 0

Symbols
Number
Number: 0
Suspicious: 1
Pointer
Pointer: 0
Suspicious: 1
Directories
Number: 16
Suspicious: 0

Checksum
Value: 0
Suspicous: 1

Sections
Allowed: .rsrc
Suspicious: upx0, upx1
hasAllowed: 1
hasSections: 1
hasSuspicious: 1

Versions
OS
Version: 6
Suspicious: 0
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 12.0
Suspicious: 0
Subsystem
Version: 6.0
Suspicious: 0
Suspicious: 0

EntryPoint
Address: 904400
Suspicious: 0

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: 1

Libraries
Allowed: kernel32.dll, gdi32.dll, advapi32.dll, user32.dll
hasLibs: 1
Suspicious
hasAllowed: 1
hasSuspicious: 0

Timestamp
Past: 0
Valid: 1
Value: 2015-03-11 12:11:45
Future: 0

Compilation
Packed: 1
Missing: 0
Packers: UPX 2.93 (LZMA), UPX v3.0 (EXE_LZMA) -> Markus Oberhumer & Laszlo Molnar & John Reiser, UPX -> www.upx.sourceforge.net
Compiled: 0
Compilers
MainPacker: UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Obfuscation
XOR: 0
Fuzzing: 0

Disassembly
hasTricks
1
Tricks
pushret
none: 348
.rsrc: 4

nopsequence
none: 2

pushpopmath
none: 160

ss register
none: 4

garbagebytes
none: 137
.rsrc: 1

hookdetection
none: 18

software breakpoint
none: 8

fakeconditionaljumps
none: 11
.rsrc: 1

programcontrolflowchange
none: 127
.rsrc: 1

cpuinstructionsresultscomparison
none: 7
.rsrc: 5

AVclass
None
1
VirusTotal
md5
57c4ea10ebec721058068e05461feb88
sha1
3b86b8e3e2b3b2c5b1b958136df5569c41652cae
SCANS (DETECTION RATE = 49.30%)
AVG
update: 20190610
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=98)
update: 20190610
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190610
version: 5.26
detected: True check_circle

Bkav
update: 20190610
version: 1.3.0.10239
detected: False cancel

K7GW
result: Unwanted-Program ( 004de98f1 )
update: 20190610
version: 11.49.31179
detected: True check_circle

ALYac
update: 20190610
version: 1.1.1.5
detected: False cancel

Avast
update: 20190610
version: 18.4.3895.0
detected: False cancel

Avira
update: 20190610
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.UWID-9274
update: 20190610
version: 6.2.0.1
detected: True check_circle

DrWeb
update: 20190610
version: 7.0.34.11020
detected: False cancel

GData
result: Win32.Application.Agent.B3CH39
update: 20190610
version: A:25.22322B:25.15288
detected: True check_circle

Panda
update: 20190610
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190610
version: 4.0.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
version: None
detected: True check_circle

Zoner
result: Trojan.Win32.48371
update: 20190609
version: 1.0
detected: True check_circle

ClamAV
result: Win.Trojan.Sality-75435
update: 20190610
version: 0.101.2.0
detected: True check_circle

Comodo
update: 20190610
version: 31000
detected: False cancel

F-Prot
update: 20190610
version: 4.7.1.166
detected: False cancel

Ikarus
result: not-a-virus:Keygen.AutoCad
update: 20190610
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic PUP.x
update: 20190610
version: 6.0.6.653
detected: True check_circle

Rising
update: 20190610
version: 25.0.0.24
detected: False cancel

Sophos
result: Generic PUA DL (PUA)
update: 20190610
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Kryptik!Vo6TqRUmAbc
update: 20190607
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20190610
version: 2.0.0.3829
detected: False cancel

Acronis
update: 20190610
version: 1.0.1.51
detected: False cancel

Alibaba
result: HackTool:Win32/Keygen.2360436f
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
update: 20190610
version: 1.0.0.846
detected: False cancel

Babable
update: 20190424
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20190610
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (moderate confidence)
update: 20190522
version: 3.0.12
detected: True check_circle

FireEye
result: Generic.mg.57c4ea10ebec7210
update: 20190610
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190610
version: 2019-06-10.03
detected: False cancel

Tencent
update: 20190610
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190610
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190610
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190610
version: v4.3.6
detected: False cancel

Ad-Aware
update: 20190610
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190610
version: 4.2
detected: False cancel

Emsisoft
update: 20190610
version: 2018.4.0.1029
detected: False cancel

F-Secure
update: 20190610
version: 12.0.86.52
detected: False cancel

Fortinet
result: Riskware/Keygen_OX
update: 20190610
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190525
version: 6.3.6.26157
detected: True check_circle

Kingsoft
update: 20190610
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190610
version: 1.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20190522
version: 3.1.62.789
detected: True check_circle

AhnLab-V3
result: Unwanted/Win32.KeyGen.R269332
update: 20190610
version: 3.15.2.24317
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.TSGeneric
update: 20190610
version: 3.0.0.1
detected: True check_circle

Kaspersky
update: 20190610
version: 15.0.1.13
detected: False cancel

MaxSecure
result: Trojan.Malware.7164915.susgen
update: 20190608
version: 1.0.0.1
detected: True check_circle

Microsoft
result: HackTool:Win32/Keygen
update: 20190610
version: 1.1.16000.6
detected: True check_circle

Qihoo-360
update: 20190610
version: 1.0.0.1120
detected: False cancel

Trustlook
update: 20190610
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190610
version: 1.0
detected: False cancel

Cybereason
result: malicious.3e2b3b
update: 20190417
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Keygen.OX potentially unsafe
update: 20190610
version: 19499
detected: True check_circle

TrendMicro
result: CRCK_KEYGEN.ANZ
update: 20190610
version: 10.0.0.1040
detected: True check_circle

BitDefender
update: 20190610
version: 7.2
detected: False cancel

CrowdStrike
result: win/malicious_confidence_60% (W)
update: 20190212
version: 1.0
detected: True check_circle

K7AntiVirus
result: Unwanted-Program ( 004de98f1 )
update: 20190610
version: 11.49.31179
detected: True check_circle

SentinelOne
result: DFI - Suspicious PE
update: 20190604
version: 1.0.27.333
detected: True check_circle

Avast-Mobile
update: 20190610
version: 190610-00
detected: False cancel

Malwarebytes
result: RiskWare.Tool.HCK
update: 20190610
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20190610
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: PUA.Mauvaise.S1946051
update: 20190610
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20190610
version: 1.0.134.24826
detected: False cancel

MicroWorld-eScan
update: 20190610
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
result: Hack.Tool/Gen-KeyGen
update: 20190604
version: 5.6.0.1032
detected: True check_circle

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.fc
update: 20190610
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: CRCK_KEYGEN.ANZ
update: 20190610
version: 10.0.0.1040
detected: True check_circle

total
71
sha256
e362d19ceff298f378a884bf44b0b3978813d24309c0f0a200d1f82c72611ebd
scan_id
e362d19ceff298f378a884bf44b0b3978813d24309c0f0a200d1f82c72611ebd-1560189065
resource
57c4ea10ebec721058068e05461feb88
positives
35
scan_date
2019-06-10 17:51:05
verbose_msg
Scan finished, information embedded
response_code
1
Results
Random Forest
detected: TBD
confidence: TBD