Binary
DLL True
Size 712.50KB
trid 42.4% Win32 Executable Delphi generic
19.7% Win32 Dynamic Link Library 13.5% Win32 Executable
6.2% Win16/32 Executable Delphi generic 6.0% OS/2 Executable
type PE
wordsize 32
Subsystem Windows GUI
Hashes
md5 51c1b0a69308dd936fdd68182e14fc7d
sha1 6b70e98896a364767744f49e16d696d949de2378
crc32 0x448dcb02
sha224 509913c45c21f1646ddb4c0cff8b2acb7ec8f8d5f30867d2491b54f0
sha256 4c946669a5b15db73a644d04b96ea02caa0e9bd775f33a9b35a64f1b96934 d74
sha384 6fa006fec92b46f85da8de279df1e68fea01fd8b15322db5c565cc6e0763b89 f637f22a6c7f25caf8f6a768b622db7bd
sha512 e9396b9aa5691ac62fbc0ac955631bc901469ac678740c333ed69950e0879 59c9fbd9b003078a128ae6c572048611084fb91b6dbf112d9a783fadd68d73 f1472
ssdeep 12288:crc6VkuZ2aUqt1x+fB9jz/pkOCbXG6HtFlJD/i4ZTCvX5:cdxP/Sz/GP1NF v6UTM
Report #9218
Creation Date: March 10, 2020, 5:09 p.m.
Last Update: March 11, 2020, 3:53 a.m.
File:
alkflkdjkljdf.tmp.exe Results:
Community
Google False
HashLib False
YARA
Matches domain, Borland, Borland_Delphi_30_, Delphi_DecodeDate, screenshot, Micr osoft_Visual_Cpp_v50v60_MFC, win_files_operation, IsPE32, win_hook, borla nd_delphi_dll, Borland_Delphi_v40_v50, keylogger, contentis_base64, Borla nd_Delphi_40_additional, Borland_Delphi_40, IsWindowsGUI, Delphi_FormSh ow, IsDLL, Delphi_Copy, Borland_Delphi_Setup_Module, Borland_Delphi_DLL , win_registry, Delphi_CompareCall, Delphi_StrToInt, Borland_Delphi_30_add itional, Borland_Delphi_v30
Suspicious True
Strings
List
t.Ht
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group System\CurrentControlSet\Control\Keyboard Layouts\%.8x
crypt32.dll
D:\(EVO)\outlook\OutlookXP.pas P.rsrc
SOFTWARE\Borland\Delphi\RTL Delphi%.8X
Software\Borland\Locales Software\Borland\Delphi\Locales comctl32.dll
comctl32.dll olepro32.dll comctl32.dll comctl32.dll comctl32.dll version.dll coletor.dll pstorec.dll vcltest3.dll uxtheme.dll
^OutlookXP F OutlookXP F OutlookXP F OutlookXP OutlookXP Username
TOutlookApplication TOutlookApplication
OnDeleteError OnDeleteError
1 1'11161B1L1U1a1k1w1 ControlOfs%.8X%.8X WndProcPtr%.8X%.8X ClientWidthP4E fkCalculated Calculated
TRecordsetReasonEvent JumpID("","%s")
0%0A0I0g0 Uh%0A
Missing %s property(CommandText does not return a result set{Error creating object. Please verify that the Micros oft Data Access Components 2.1 (or later) have been properly installed=Events are not supported with server side TableDirect cursors'Unsupported field type (%s) in field %s;A connection component is required for async ExecuteO ptions5Cannot perform a requery after connection has changed
CharsetP4E CaptionP4E CaptionP4E CaptionP4E TEventReason TEventReason TEventReason TEventReason TEventReason
DefaultInterface is NULL. Component is not connected to Server. You must call 'Connect' or 'ConnectTo' before this operation
Apartment AfterDelete AfterDelete
Sub-menu is not in menu Uh%oC
ilReadCommitted
/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converti ng variant of type (%s) into type (%s)
Division by zero ToolWin
Rebuild BeforeDelete erDelete Selected paSigned FullRepaint RecordsAffected TaskbarCreated bsSizeToolWin BeforeDelete August September UhV%A
Record not found like
Delete record Next record
Recordset is not open Too many open files Connected
Assertion failed COLUMN%d
ilReadUncommitted ButtonSizeP4E
%s (%s, line %d)
)TOutlookApplicationAdvancedSearchComplete SQL not supported: %s
No help found for %s#No context-sensitive help installed$No topic-based help system installed Error reading %s%s%s: %s
I/O error %d
List count out of bounds (%d)
PLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Ancestor for '%s' not found '%s' is not a valid date Cannot assign a %s to a %s Class %s not found
Property %s does not exist Resource %s not found OnWillExecute
DBN_DELETE
Foremost
Matches 0.dll, 712 KB
Suspicious True
Heuristics
IPs hasIPs: False
Allowed Suspicious
hasAllowed: False hasSuspicious: False
URLs Allowed
hasURLs: False Suspicious
hasAllowed: False hasSuspicious: False
Files Allowed: user32.dll, kernel32.dll, uxtheme.dll, gdi32.dll, crypt32.dll, coleto r.dll, vcltest3.dll, pstorec.dll, MAPI32.DLL, version.dll, comctl32.dll, shell32.d ll, mtxex.dll, ole32.dll, imm32.dll, advapi32.dll, oleaut32.dll, olepro32.dll hasFiles: True
Suspicious
hasAllowed: True hasSuspicious: False
Binary
Sizes RVA
RVA: 16
Suspicious: False Code
Size: 103424 Suspicious: False Image
Address: 4194304 Suspicious: False Stack
Stack: 0
Suspicious: True Headers
Headers: 1024 Suspicious: False Suspicious: True
Symbols Number
Number: 0
Suspicious: True Pointer
Pointer: 0
Suspicious: True Directories Number: 16 Suspicious: False
Checksum Value: 0
Suspicous: True
Sections Allowed: code, data, bss, .idata, .edata, .reloc, .rsrc Suspicious
hasAllowed: True hasSections: True hasSuspicious: False
Versions OS
Version: 4
Suspicious: False Image
Version: True Suspicious: 4 Linker
Version: 2.25 Suspicious: False Subsystem
Version: 4.0 Suspicious: False Suspicious: False
EntryPoint Address: 628716
Suspicious: False
Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.
hasAnomalies: True
Libraries Allowed: user32.dll, kernel32.dll, uxtheme.dll, gdi32.dll, crypt32.dll, pstore c.dll, mapi32.dll, version.dll, comctl32.dll, shell32.dll, mtxex.dll, ole32.dll, i mm32.dll, advapi32.dll, oleaut32.dll, olepro32.dll
hasLibs: True
Suspicious: coletor.dll, vcltest3.dll hasAllowed: True
hasSuspicious: True
Timestamp Past: True
Valid: True
Value: 1992-06-19 19:22:17 Future: False
Compilation Packed: False
Missing: False Packers
Compiled: True
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.
0, Borland Delphi v6.0 - v7.0
Obfuscation XOR: False
Fuzzing: True
PEDetector
Matches None
Suspicious False
Disassembly
hasTricks True
Tricks
pushret none: 99
pushpopmath none: 12
.rsrc: 4 .reloc: 43
garbagebytes none: 98
hookdetection none: 6 .reloc: 3
software breakpoint none: 5 .reloc: 13
programcontrolflowchange none: 98
cpuinstructionsresultscomparison none: 17 .rsrc: 11
AVclass
banload 1
VirusTotal
md5 51c1b0a69308dd936fdd68182e14fc7d
sha1 6b70e98896a364767744f49e16d696d949de2378
SCANS (DETECTION RATE = 65.15%)
AVG result: FileRepMetagen [Malware]
update: 20180325 version: 18.2.3827.0 detected: True
CMC update: 20180324
version: 1.1.0.977 detected: False
MAX result: malware (ai score=87)
update: 20180325 version: 2017.11.15.1 detected: True
Bkav update: 20180325
version: 1.3.0.9466 detected: False
K7GW result: Trojan ( 7000000f1 )
update: 20180325 version: 10.42.26601 detected: True
ALYac result: Gen:Variant.Zusy.120768 update: 20180325
version: 1.1.1.5 detected: True
Avast result: FileRepMetagen [Malware]
update: 20180325 version: 18.2.3827.0 detected: True
Avira result: TR/Rogue.729600.3
update: 20180324 version: 8.3.3.6 detected: True
Baidu update: 20180323
version: 1.0.0.2 detected: False
Cyren result: W32/Trojan.LRAI-5281
update: 20180325 version: 5.4.30.7 detected: True
DrWeb result: Trojan.Siggen6.24420
update: 20180325 version: 7.0.28.2020 detected: True
GData result: Gen:Variant.Zusy.120768
update: 20180325
version: A:25.16495B:25.11872 detected: True
Panda result: Trj/Genetic.gen
update: 20180324 version: 4.6.4.2 detected: True
VBA32 result: TScope.Trojan.Delf
update: 20180323 version: 3.12.28.0 detected: True
VIPRE result: Trojan.Win32.Generic!BT
update: 20180325
version: 65508 detected: True
Zoner update: 20180325
version: 1.0 detected: False
AVware result: Trojan.Win32.Generic!BT
update: 20180325 version: 1.5.0.42 detected: True
ClamAV update: 20180325
version: 0.99.2.0 detected: False
Comodo update: 20180325
version: 28741 detected: False
F-Prot update: 20180325
version: 4.7.1.166 detected: False
Ikarus result: Trojan-Downloader.Win32.Banload update: 20180324
version: 0.1.5.2 detected: True
McAfee result: GenericR-CRI!51C1B0A69308
update: 20180325 version: 6.0.6.653 detected: True
Rising result: Malware.Undefined!8.C (TFE:5:83XcbJdwQMU) update: 20180325
version: 25.0.0.1 detected: True
Sophos result: Mal/Generic-S
update: 20180325 version: 4.98.0 detected: True
Yandex result: Trojan.Agent!MC1kWBFMmgU
update: 20180324 version: 5.5.1.3
detected: True
Zillya result: Downloader.Banload.Win32.59907
update: 20180323 version: 2.0.0.3519 detected: True
Arcabit result: Trojan.Zusy.D1D7C0
update: 20180325 version: 1.0.0.831 detected: True
Cylance result: Unsafe
update: 20180325 version: 2.3.1.101 detected: True
Endgame result: malicious (high confidence) update: 20180316
version: 2.0.5 detected: True
Tencent result: Win32.Trojan-downloader.Banload.Svrd update: 20180325
version: 1.0.0.1 detected: True
ViRobot update: 20180324
version: 2014.3.20.0 detected: False
eGambit update: 20180325
version: v4.3.5 detected: False
Ad-Aware result: Gen:Variant.Zusy.120768
update: 20180325 version: 3.0.3.1010 detected: True
AegisLab result: Troj.Downloader.W32.Banload.cvwn!c update: 20180325
version: 4.2 detected: True
Emsisoft result: Gen:Variant.Zusy.120768 (B) update: 20180325
version: 4.0.2.899 detected: True
F-Secure result: Gen:Variant.Zusy.120768
update: 20180325 version: 11.0.19100.45 detected: True
Fortinet result: W32/Banload.CVWN!tr.dldr
update: 20180325 version: 5.4.247.0 detected: True
Invincea update: 20180121
version: 6.3.4.26036 detected: False
Jiangmin result: Trojan.Generic.jdwc
update: 20180325 version: 16.0.100 detected: True
Kingsoft update: 20180325
version: 2013.8.14.323 detected: False
Paloalto update: 20180325
version: 1.0 detected: False
Symantec result: Trojan.Gen
update: 20180324 version: 1.5.0.0 detected: True
nProtect update: 20180325
version: 2018-03-25.01 detected: False
AhnLab-V3 result: Trojan/Win32.Gen.C695524 update: 20180324
version: 3.12.0.20130 detected: True
Antiy-AVL result: Trojan[Downloader]/Win32.Banload update: 20180325
version: 3.0.0.1
detected: True
Kaspersky result: HEUR:Trojan.Win32.Generic update: 20180325
version: 15.0.1.13 detected: True
Microsoft result: TrojanDownloader:Win32/Banload update: 20180325
version: 1.1.14600.4 detected: True
Qihoo-360 update: 20180325
version: 1.0.0.1120 detected: False
TheHacker update: 20180319
version: 6.8.0.5.2551 detected: False
ZoneAlarm result: HEUR:Trojan.Win32.Generic update: 20180325
version: 1.0 detected: True
ESET-NOD32 update: 20180325
version: 17111 detected: False
TrendMicro result: TROJ_DLOADR.YYMT
update: 20180325 version: 9.862.0.1074 detected: True
WhiteArmor update: 20180324
detected: False
BitDefender result: Gen:Variant.Zusy.120768 update: 20180325
version: 7.2 detected: True
CrowdStrike update: 20170201
version: 1.0 detected: False
K7AntiVirus result: Trojan ( 7000000f1 ) update: 20180325
version: 10.42.26601 detected: True
SentinelOne update: 20180225
version: 1.0.15.206 detected: False
Avast-Mobile update: 20180324
version: 180324-00 detected: False
Malwarebytes update: 20180325
version: 2.1.1.1115 detected: False
TotalDefense update: 20180325
version: 37.1.62.1 detected: False
CAT-QuickHeal result: TrojanDownloader.Banload update: 20180324
version: 14.00 detected: True
NANO-Antivirus result: Trojan.Win32.Banload.dljdin update: 20180325
version: 1.0.100.22043 detected: True
MicroWorld-eScan result: Gen:Variant.Zusy.120768 update: 20180325
version: 14.0.297.0 detected: True
SUPERAntiSpyware update: 20180325 version: 5.6.0.1032 detected: False
McAfee-GW-Edition result: BehavesLike.Win32.Dropper.bh update: 20180324
version: v2015 detected: True
TrendMicro-HouseCall result: TROJ_DLOADR.YYMT update: 20180325
version: 9.950.0.1006 detected: True
total 66
sha256 4c946669a5b15db73a644d04b96ea02caa0e9bd775f33a9b35a64f1b96934 d74
scan_id 4c946669a5b15db73a644d04b96ea02caa0e9bd775f33a9b35a64f1b96934 d74-1521955582
resource 51c1b0a69308dd936fdd68182e14fc7d
permalink https://www.virustotal.com/file/4c946669a5b15db73a644d04b96ea02caa0 e9bd775f33a9b35a64f1b96934d74/analysis/1521955582/
positives 43
scan_date 2018-03-25 05:26:22
verbose_msg Scan finished, information embedded
response_code 1
File
Trace
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Re ad
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\ui\SwDRM.dll
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 Un 2 C:\Windows\Sys
- 2:45:42.
981
kno wn
0 7 6
WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
981
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\rundll32.exe.Local
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 2:45:42.
997
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\co mctl32.dll
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\co mctl32.dll
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\pstorec.dll
11/3/2020 Op 2
0 C:\Windows\Sys
- 2:45:42.
997
en 7 6
WOW64\rundll3 2.exe
C:\Windows\SysWOW64\pstorec.dll
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\atl.dll
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\atl.dll
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.PTB
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.PTB.DLL
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.PT
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.PT.DLL
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\shell32.dll
11/3/2020 - 2:45:42.
997
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\rundll32.exe.Local
11/3/2020 Op 2
0 C:\Windows\Sys C:\Windows\winsxs\x86_microsoft.windows.common-controls_65
- 2:45:42.
997
en 7 6
WOW64\rundll3 2.exe
95b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 2:45:43.
12
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 2:45:43.
12
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 2:45:43.
12
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\co mctl32.dll
11/3/2020 - 2:45:43.
12
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\co mctl32.dll
11/3/2020 - 2:45:43.
12
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\WindowsShell.Manifest
11/3/2020 - 2:45:43.
12
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\WindowsShell.Manifest
WindowsS hell.Manif est
11/3/2020 - 2:45:43.
28
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows
11/3/2020 - 2:45:43.
28
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor
11/3/2020 - 2:45:43.
28
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 2:45:43.
28
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_65 95b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 2:45:43.
Un kno
1
4 C:\Windows\Syst em32\rundll32.e
168 wn 8 0
xe C:\Monitor
Process
Trace
11/3/2020 - 2:45:43.
28
Terminat e
148 0
C:\Windows\System32\rundll32.e xe
207 6
C:\Windows\SysWOW64\rundll32.e xe
Analysis
Reason Finished
Status Sucessfully Executed
Results 1
Registry
Trace
File Summary
Created Identified: False
Deleted Identified: False
Process Summary
Created Identified: False
Deleted Identified: True
Registry Summary
Proxy Identified: False
AutoRun Identified: False
Created Identified: False
Deleted Identified: False
Browsers Identified: False
Internet Identified: False
DNS
Query
Response
TCP
Info
UDP
Info
HTTP
Info
Summary
DNS False
TCP False
UDP False
HTTP False
Results
BINARY
KNN (K=3, NFS-BRMalware) confidence: 100.00%
suspicious: True
Decision Tree (NFS-BRMalware) confidence: 100.00%
suspicious: True
SVC (Kernel=Linear, NFS-BRMalware) confidence: 77.52%
suspicious: False
MalConv (Ember: Raw Bytes, Threshold=0.5) confidence: 87.55%
suspicious: True
Random Forest (100 estimators, NFS-BRMalware) confidence: 56.00%
suspicious: True
Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35) confidence: 69.91%
suspicious: True
LightGDM (Ember: File Characteristics, Threshold=0.8336) confidence: 93.11%
suspicious: False
