Binary
DLL True
Size 499.42KB
trid 38.4% Win32 Dynamic Link Library
26.3% Win32 Executable 11.8% OS/2 Executable
11.6% Generic Win/DOS Executable 11.6% DOS Executable Generic
type PE
wordsize 32
Subsystem Windows GUI
Hashes
md5 04832e5f55f8bd536f8e619775f3cd01
sha1 1d5c27233cc5a6392afed5550eaf2fa26ce9d63f
crc32 0xb658665e
sha224 28306b4be5795cd2a465548f306d06b4128f09131b80efe1720e57dd
sha256 567218a1a5ca29885446ae4bbeead2a6e0440ef2d61afda582fcc58f29bccd b7
sha384 9ec0435941461afbd315d3f5344f299f225b4d473be77e13830d634e90f851 7de738001d7643e803057d90d7f05d1d02
sha512 7b56acc6114dfdf248e2fd3d2a7c63d05842904af71f0f225e86540afd200d7 daa7846d4ceedd4b02e5de04043c8ef47a08927a4d1354f505eeb78befd62b 316
ssdeep 6144:rCaNXuEbJYvia8XU4mwfXlGnMhVtoH53lOMc6UFXT8+Xjyc70NAOXL9g q8V77F1D:rzpGvtYoH5VOMc6UFD8/q0N1Uh1ng
Report #3541
Creation Date: Nov. 17, 2019, 3:25 p.m.
Last Update: Nov. 17, 2019, 7:30 p.m.
File:
mcbrwsr2.dll Results:
Community
Google False
HashLib False
YARA
Matches domain, IP, Borland_Delphi_30_, HasDebugData, Borland_Delphi_30_additio nal, HasRichSignature, Microsoft_Visual_Cpp_v50v60_MFC, win_files_operati on, IsPE32, contentis_base64, Borland_Delphi_v40_v50, win_token, win_mut ex, keylogger, maldoc_find_kernel32_base_method_1, IsWindowsGUI, IsDLL, anti_dbg, Borland_Delphi_DLL, url, win_registry, HasOverlay, MD5_Constant s, Borland_Delphi_v30, Big_Numbers1
Suspicious True
Strings
List
http://www.mcafee.com 0 http://www.mcafee.com 0
%http://s.symcb.com/universal-root.crl0 mcafee12.tt.omtrdc.net
mcafeemobilesecurity.com mcafee.com
http://sf.symcb.com/sf.crt0 http://sf.symcb.com/sf.crl0a http://sv.symcb.com/sv.crl0a http://sv.symcb.com/sv.crt0 https://d.symcb.com/rpa0 https://d.symcb.com/rpa0 hackerwatch.org
https://d.symcb.com/rpa0@
https://d.symcb.com/cps0%
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
https://d.symcb.com/cps0%
https://d.symcb.com/cps0%
http://s1.symcb.com/pca3-g5.crl0 googleapis.com
gstatic.com google.com aol.com
E:\BuildEngineSpace\Temp\4e498123-debb-4737-9a25-bdd32de07c76\UNIQUE_BUILDFOLDER_1\build\Win32\Relea se\mcbrwsr2.pdb
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 /http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
.http://crl.thawte.com/ThawteTimestampingCA.crl0 +http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
2Terms of use at https://www.verisign.com/rpa (c)101.0, 2Terms of use at https://www.verisign.com/rpa (c)101.0, 2Terms of use at https://www.verisign.com/rpa (c)101.0,
#http://logo.verisign.com/vslogo.gif04 Software\McAfeeInstaller
#http://crl.verisign.com/pca3-g5.crl04 https://www.verisign.com/cps0*
https://www.verisign.com/rpa0 t.SV
cdecompress.cpp CoMcBrowser2.cpp CoMcBrowser3.cpp SOFTWARE\McAfee CRYPT32.dll sCabinet.dll
SOFTWARE\McAfee\Logging\Controller SOFTWARE\McAfee\Logging\Provider SOFTWARE\McAfee\MSC\AppInfo\Substitute
Program Files\Common Files\McAfee\Platform\Core\trusted.js SOFTWARE\McAfee\Platform
Software\McAfee\SystemCore SOFTWARE\McAfee\CoreUI SOFTWARE\McAfee\Logging SOFTWARE\McAfee.logging http://sv.symcd.com0&
http://sf.symcd.com0&
http://s2.symcb.com0 http://s.symcd.com06 mfevtpa.dll
Software\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1 Software\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.0 Software\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2 CoMcBrowser2::OnNewWindow3 called. bstrUrlContext = %s, bstrUrl = %s Logging\internal_logging.cpp
log.ini VERSION.dll WININET.dll mclogs.etl McBrwsr2.dll mcbrwsr2.dll WINTRUST.dll
Protocol not ssl - don't trust - %s
\advapi32.dll atlthunk.dll
Software\Microsoft\Internet Explorer
\wininet.dll o.dll
trusted.tmp McUtil.dll urlmon.dll urlmon.dll installed=%d
Protocol not ssl - it's insecure - %s http://ts-ocsp.ws.symantec.com07
http://ts-ocsp.ws.symantec.com0;
McAfee SecurityCenter http://ocsp.verisign.com0 fr-be
fr-ca fr-ch operator ""
McAfee.{E4367DA7-2B80-47f3-86D2-7626A18FC6F4}
ret:%d 5%5E5S5l5
m_pWebBrowser (%p) ref count = %ld
%s: Registered Logging Handler 0x%08X cannot be replaced with 0x%08X
Foremost
Matches 0.dll, 476 KB
Suspicious True
Heuristics
IPs hasIPs: True
Allowed
Suspicious: 5.5.7.3, 0, Unknown, 1.3.6.1, 0, Unknown hasAllowed: False
hasSuspicious: True
URLs Allowed: http://crl.microsoft.com/pki/crl/products/microsoftcodeverifroot.cr l0
hasURLs: True
Suspicious: http://s.symcb.com/universal-root.crl0, http://ocsp.verisign.co m0, https://www.verisign.com/rpa, https://www.verisign.com/rpa0, http://s1.
symcb.com/pca3-g5.crl0, http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0, https://d.symcb.com/cps0%, http://sv.symcb.com/sv.crl0a, http://s.symcd.co m06, http://crl.verisign.com/pca3-g5.crl04, http://sf.symcb.com/sf.crl0a, htt p://ts-ocsp.ws.symantec.com0;, https://d.symcb.com/rpa0@, https://d.symc b.com/rpa0, https://www.verisign.com/cps0, http://sv.symcb.com/sv.crt0, ht tp://crl.thawte.com/thawtetimestampingca.crl0, http://sv.symcd.com0&, htt p://www.symauth.com/cps0(, http://www.mcafee.com, http://s2.symcb.com 0, http://ocsp.thawte.com0, https://d.symcb.com/rpa0., http://ts-crl.ws.sym antec.com/tss-ca-g2.crl0(, http://www.symauth.com/rpa00, http://sf.symcb.
com/sf.crt0, http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(, http://logo.
verisign.com/vslogo.gif04, http://sf.symcd.com0&, http://ts-aia.ws.symantec .com/tss-ca-g2.cer0<, http://ts-ocsp.ws.symantec.com07
hasAllowed: True hasSuspicious: True
Files Allowed: \advapi32.dll, mcbrwsr2.dll, mscoree.dll, Advapi32.dll, KERNEL32.
DLL, o.dll, sCabinet.dll, McUtil.dll, \wininet.dll, User32.dll, mfevtpa.dll, urlmo n.dll, SHELL32.dll, atlthunk.dll, CRYPT32.dll, OLEAUT32.dll, VERSION.dll, PS API.DLL, WININET.dll, ole32.dll, WINTRUST.dll, SHLWAPI.dll, McBrowser2.DLL hasFiles: True
Suspicious: trusted.tmp hasAllowed: True hasSuspicious: True
Binary
Sizes RVA
RVA: 16
Suspicious: False Code
Size: 155136 Suspicious: False Image
Address: 1648361472 Suspicious: False Stack
Stack: 4096 Suspicious: False Headers
Headers: 1024 Suspicious: False Suspicious: False
Symbols Number
Number: 0
Suspicious: True Pointer
Pointer: 0
Suspicious: True Directories Number: 16 Suspicious: False
Checksum Value: 531831
Suspicous: False
Sections Allowed: .text, .rdata, .data, .gfids, .tls, .rsrc, .reloc Suspicious
hasAllowed: True hasSections: True hasSuspicious: False
Versions OS
Version: 6
Suspicious: False Image
Version: True Suspicious: 6 Linker
Version: 14.0 Suspicious: False Subsystem
Version: 6.0
Suspicious: False Suspicious: False
EntryPoint Address: 191237
Suspicious: False
Anomalies Anomalies: The export table TimeDateStamp and the file header TimeDat eStamp do not march.
hasAnomalies: True
Libraries Allowed: mscoree.dll, advapi32.dll, kernel32.dll, user32.dll, urlmon.dll, shel l32.dll, crypt32.dll, oleaut32.dll, version.dll, psapi.dll, wininet.dll, ole32.dll, wintrust.dll, shlwapi.dll
hasLibs: True
Suspicious: \advapi32.dll, mcbrwsr2.dll, o.dll, scabinet.dll, mcutil.dll, \wini net.dll, mfevtpa.dll, atlthunk.dll, mcbrowser2.dll
hasAllowed: True hasSuspicious: True
Timestamp Past: False
Valid: True
Value: 2016-12-21 02:42:58 Future: False
Compilation Packed: False
Missing: False Packers
Compiled: True
Compilers: Borland Delphi 3.0 (???)
Obfuscation XOR: False
Fuzzing: False
PEDetector
Matches None
Suspicious False
Disassembly
hasTricks False
Tricks
AVclass
None 1
VirusTotal
md5 04832e5f55f8bd536f8e619775f3cd01
sha1 1d5c27233cc5a6392afed5550eaf2fa26ce9d63f
SCANS (DETECTION RATE = 0.00%)
AVG update: 20190910
version: 18.4.3895.0 detected: False
CMC update: 20190321
version: 1.1.0.977 detected: False
MAX update: 20190911
version: 2018.9.12.1 detected: False
APEX update: 20190910
version: 5.62 detected: False
Bkav update: 20190910
version: 1.3.0.10239 detected: False
K7GW update: 20190910
version: 11.66.31970 detected: False
ALYac update: 20190910
version: 1.1.1.5 detected: False
Avast update: 20190910
version: 18.4.3895.0 detected: False
Avira update: 20190910
version: 8.3.3.8 detected: False
Baidu update: 20190318 version: 1.0.0.2 detected: False
Cyren update: 20190911
version: 6.2.0.1 detected: False
DrWeb update: 20190911
version: 7.0.41.7240 detected: False
GData update: 20190910
version: A:25.23340B:26.15999 detected: False
Panda update: 20190910
version: 4.6.4.2 detected: False
VBA32 update: 20190910
version: 4.0.0 detected: False
Zoner update: 20190911
version: 1.0.0.1 detected: False
ClamAV update: 20190910
version: 0.101.4.0 detected: False
F-Prot update: 20190910
version: 4.7.1.166 detected: False
Ikarus update: 20190910
version: 0.1.5.2 detected: False
McAfee update: 20190910
version: 6.0.6.653 detected: False
Rising update: 20190911 version: 25.0.0.24 detected: False
Sophos update: 20190911
version: 4.98.0 detected: False
Yandex update: 20190910
version: 5.5.2.24 detected: False
Zillya update: 20190910
version: 2.0.0.3897 detected: False
Acronis update: 20190904
version: 1.1.1.56 detected: False
Alibaba update: 20190527
version: 0.3.0.5 detected: False
Arcabit update: 20190910
version: 1.0.0.856 detected: False
Cylance update: 20190911
version: 2.3.1.101 detected: False
Endgame update: 20190819
version: 3.0.14 detected: False
FireEye update: 20190910
version: 29.7.0.0 detected: False
TACHYON update: 20190910
version: 2019-09-10.02 detected: False
Tencent update: 20190911
version: 1.0.0.1 detected: False
ViRobot update: 20190910
version: 2014.3.20.0 detected: False
Webroot update: 20190911
version: 1.0.0.403 detected: False
eGambit update: 20190911
version: v5.0.5 detected: False
Ad-Aware update: 20190910
version: 3.0.5.370 detected: False
AegisLab update: 20190910
version: 4.2 detected: False
Emsisoft update: 20190911
version: 2018.12.0.1641 detected: False
F-Secure update: 20190906
version: 12.0.86.52 detected: False
Fortinet update: 20190911
version: 5.4.247.0 detected: False
Invincea update: 20190904
version: 6.3.6.26157 detected: False
Jiangmin update: 20190911
version: 16.0.100 detected: False
Kingsoft update: 20190911
version: 2013.8.14.323
detected: False
Paloalto update: 20190911
version: 1.0 detected: False
Symantec update: 20190910
version: 1.10.0.0 detected: False
Trapmine update: 20190826
version: 3.1.81.800 detected: False
AhnLab-V3 update: 20190910
version: 3.16.1.25089 detected: False
Antiy-AVL update: 20190910
version: 3.0.0.1 detected: False
Kaspersky update: 20190911
version: 15.0.1.13 detected: False
Microsoft update: 20190911
version: 1.1.16300.1 detected: False
Qihoo-360 update: 20190911
version: 1.0.0.1120 detected: False
ZoneAlarm update: 20190910
version: 1.0 detected: False
ESET-NOD32 update: 20190910
version: 19995 detected: False
TrendMicro update: 20190910
version: 11.0.0.1006 detected: False
BitDefender update: 20190910 version: 7.2 detected: False
CrowdStrike update: 20190702
version: 1.0 detected: False
K7AntiVirus update: 20190910
version: 11.66.31969 detected: False
SentinelOne update: 20190807
version: 1.0.31.22 detected: False
Avast-Mobile update: 20190910
version: 190910-00 detected: False
Malwarebytes update: 20190910
version: 2.1.1.1115 detected: False
TotalDefense update: 20190910
version: 37.1.62.1 detected: False
CAT-QuickHeal update: 20190909
version: 14.00 detected: False
NANO-Antivirus update: 20190910
version: 1.0.134.24859 detected: False
MicroWorld-eScan update: 20190910 version: 14.0.297.0 detected: False
SUPERAntiSpyware update: 20190906 version: 5.6.0.1032 detected: False
McAfee-GW-Edition update: 20190910 version: v2017.3010 detected: False
TrendMicro-HouseCall update: 20190911 version: 10.0.0.1040 detected: False
total 67
sha256 567218a1a5ca29885446ae4bbeead2a6e0440ef2d61afda582fcc58f29bccd b7
scan_id 567218a1a5ca29885446ae4bbeead2a6e0440ef2d61afda582fcc58f29bccd b7-1568159060
resource 04832e5f55f8bd536f8e619775f3cd01
permalink https://www.virustotal.com/file/567218a1a5ca29885446ae4bbeead2a6e04 40ef2d61afda582fcc58f29bccdb7/analysis/1568159060/
positives 0
scan_date 2019-09-10 23:44:20
verbose_msg Scan finished, information embedded
response_code 1
File
Trace
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\rpcss.dll
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\rpcss.dll
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Un kno
2 0 7
C:\Windows\Sys WOW64\rundll3
2.exe C:\malware.exe
wn 6
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\Globalization\Sorting\SortDefault.nls
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\Globalization\Sorting\SortDefault.nls SortDefau lt.nls
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe.manifest
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe.123.Manifest
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe.124.Manifest
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
6
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\AppPatch\sysmain.sdb
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor\Malware
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
262
Re ad
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
278
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\ui\SwDRM.dll
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
278
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
278
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
2
17/11/2019 - 18:45:43.
278
Un kno wn
0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
278
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\malware.exe
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-1.DLL
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\shell32.dll
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\SysWOW64\rundll32.exe.Local
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6 595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
Un 2
17/11/2019 - 18:45:43.
278
kno wn
0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6 595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6 595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6 595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\c omctl32.dll
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6 595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\c omctl32.dll
17/11/2019 - 18:45:43.
278
Op en
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\WindowsShell.Manifest
17/11/2019 - 18:45:43.
278
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\WindowsShell.Manifest
WindowsS hell.Manif est
17/11/2019 - 18:45:43.
309
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows
17/11/2019 - 18:45:43.
309
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Monitor
17/11/2019 - 18:45:43.
309
Un kno wn
2 0 7 6
C:\Windows\Sys WOW64\rundll3 2.exe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6 595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
17/11/2019 - 18:45:43.
450
Un kno wn
1 4 8 0
C:\Windows\Syst em32\rundll32.e xe
C:\Monitor
Process
Trace
17/11/2019 - 18:45:43.3 09
Terminat e
148 0
C:\Windows\System32\rundll32.
exe
207 6
C:\Windows\SysWOW64\rundll32.
exe
Analysis
Reason Finished
Status Sucessfully Executed
Results 1
Registry
Trace
File Summary
Created Identified: False
Deleted Identified: False
Process Summary
Created Identified: False
Deleted Identified: True
Registry Summary
Proxy Identified: False
AutoRun Identified: False
Created Identified: False
Deleted Identified: False
Browsers Identified: False
Internet Identified: False
DNS
Query
Response
TCP
Info
UDP
Info
HTTP
Info
Summary
DNS False
TCP False
UDP False
HTTP False
Results
BINARY
KNN (K=3, NFS-BRMalware) confidence: 100.00%
suspicious: False
Decision Tree (NFS-BRMalware) confidence: 100.00%
suspicious: False
SVC (Kernel=Linear, NFS-BRMalware) confidence: 99.93%
suspicious: False
MalConv (Ember: Raw Bytes, Threshold=0.5) confidence: 57.83%
suspicious: False
Random Forest (100 estimators, NFS-BRMalware) confidence: 88.00%
suspicious: False
Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35) confidence: 52.05%
suspicious: True
LightGDM (Ember: File Characteristics, Threshold=0.8336) confidence: 100.00%
suspicious: False
