Report #691

Binary

DLL False

Size 2.83MB

trid 32.0% InstallShield setup

30.9% Win32 EXE PECompact compressed 10.5% Win32 Executable Delphi generic 9.7% Windows screen saver

7.4% DOS Borland compiled Executable

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 b570303eaf845b41b2193b0c9c207e3d

sha1 bb7a96d21ad0efbb8d09d62e110b707798be66ec

crc32 0x4c2fb04a

sha224 09524effc9edbc7d74071368b5a32bea6da32decddf562664482d328

sha256 9a14ade3f0fecba2b9709375f9bc179216fb957a9cf1bf9459f06eab0628880 e

sha384 cc497a4f55e63c02f7f0995d673a793256434040ca6b2bc94a319d0f211a44 184cf4b86e6bccbd664586273dda927145

sha512 945c90ac869524642b61e08a67dd0a5ddf8037aea035ff05793d49f3c530e3 6cd21fc7cce6fe41cdb9ff124001238016b6c14019f1da9717a7c77784b2313 b2e

ssdeep 49152:NpnzHY0DHbgxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9 SD+swIO3:NpzTHP5jKNOj+7

Report #691

Creation Date: Oct. 19, 2019, 2:21 a.m.

Last Update: Oct. 19, 2019, 5:39 a.m.

File:

039 Results:

Community

Google True

HashLib False

YARA

Matches IP, Borland, win_private_profile, Dropper_Strings, migrate_apc, Intel_Virtuali zation_Wizard_exe, Borland_Delphi_30_, HasOverlay, BASE64_table, escalat e_priv, Delphi_DecodeDate, borland_delphi, Delphi_FormShow, network_dns , spreading_share, BobSoftMiniDelphiBoBBobSoft, create_service, antisb_thr eatExpert, Microsoft_Visual_Cpp_v50v60_MFC, BobSoft_Mini_Delphi_BoB_Bo bSoft_additional, network_http, cred_local, win_token, IsPE32, win_files_ope ration, win_hook, disable_dep, contentis_base64, network_tcp_socket, SEH_

_vectored, screenshot, network_tcp_listen, Borland_Delphi_v40_v50, keylog ger, win_mutex, Borland_Delphi_40_additional, DebuggerCheck__GlobalFlag s, Misc_Suspicious_Strings, DebuggerException__SetConsoleCtrl, Borland_D elphi_40, Delphi_Random, Borland_Delphi_v60_v70, IsWindowsGUI, Check_

Dlls, DebuggerHiding__Thread, network_udp_sock, Delphi_Copy, anti_dbg, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, DebuggerCheck__Quer yInfo, url, android_meterpreter, win_registry, Typical_Malware_String_Transf orms, Delphi_CompareCall, network_dga, Delphi_StrToInt, Advapi_Hash_API, Borland_Delphi_30_additional, Borland_Delphi_v30, Big_Numbers5, System _Tools, create_com_service, powershell, Big_Numbers0

Suspicious True

Strings

List

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3 /">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xa p/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap /1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/

xap/1.0/mm/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.

0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/

">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1 .0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com /photoshop/1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com /photoshop/1.0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c

om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

qhttp://ns.adobe.com/xap/1.0/

qhttp://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/

1.1/">

<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

Foremost

Matches 0.exe, 846 KB

Suspicious True

Heuristics

IPs hasIPs: False Allowed Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed

hasURLs: False Suspicious

hasAllowed: False hasSuspicious: False

Files Allowed: MAPI32.DLL, WS2_32.DLL, user32.dll, uxtheme.dll, comctl32.dll, i mm32.dll, advapi32.dll, gdi32.dll, oleaut32.dll, kernel32.dll, vcltest3.dll, co mdlg32.dll, version.dll

hasFiles: True Suspicious

hasAllowed: True hasSuspicious: False

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 333312 Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 16384 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 4

Suspicious: False Image

Version: True Suspicious: 4 Linker

Version: 2.25 Suspicious: False Subsystem

Version: 4.0 Suspicious: False Suspicious: False

EntryPoint Address: 535792

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

Libraries Allowed: mapi32.dll, ws2_32.dll, user32.dll, uxtheme.dll, comctl32.dll, imm 32.dll, advapi32.dll, gdi32.dll, oleaut32.dll, kernel32.dll, comdlg32.dll, versi on.dll

hasLibs: True

Suspicious: vcltest3.dll hasAllowed: True hasSuspicious: True

Timestamp Past: True

Valid: True

Value: 1992-03-26 19:42:49 Future: False

Compilation Packed: True

Missing: False

Packers: BobSoft Mini Delphi -> BoB / BobSoft Compiled: True

Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.

0, Borland Delphi v6.0 - v7.0

MainPacker: BobSoft Mini Delphi -> BoB / BobSoft

Obfuscation XOR: True

Fuzzing: True

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret none: 107

.rsrc: 130

nopsequence none: 10

pushpopmath none: 8

.rsrc: 37 .idata: 12 .reloc: 31

garbagebytes none: 94

.rsrc: 34

hookdetection none: 2

.rsrc: 4 .reloc: 3

software breakpoint .rsrc: 1 .reloc: 4

programcontrolflowchange none: 94 .rsrc: 34

cpuinstructionsresultscomparison none: 28 .rsrc: 8

AVclass

loki 1

VirusTotal

md5 b570303eaf845b41b2193b0c9c207e3d

sha1 bb7a96d21ad0efbb8d09d62e110b707798be66ec

SCANS (DETECTION RATE = 84.29%)

AVG result: Win32:Malware-gen

update: 20190929 version: 18.4.3895.0 detected: True

CMC update: 20190321

version: 1.1.0.977 detected: False

MAX result: malware (ai score=89)

update: 20190929 version: 2019.9.16.1 detected: True

APEX result: Malicious

update: 20190928 version: 5.67 detected: True

Bkav update: 20190927

version: 1.3.0.10239 detected: False

K7GW result: Spyware ( 005435701 )

update: 20190929 version: 11.69.32117 detected: True

ALYac result: Trojan.GenericKD.40810436

update: 20190929 version: 1.1.1.5 detected: True

Avast result: Win32:Malware-gen

update: 20190929 version: 18.4.3895.0 detected: True

Avira result: HEUR/AGEN.1037366 update: 20190929

version: 8.3.3.8 detected: True

Baidu update: 20190318

version: 1.0.0.2 detected: False

Cyren result: W32/Loki.QEYB-5266

update: 20190929 version: 6.2.2.2 detected: True

DrWeb result: Trojan.PWS.Stealer.23680

update: 20190929 version: 7.0.41.7240 detected: True

GData result: Trojan.GenericKD.40810436

update: 20190929

version: A:25.23537B:26.16139 detected: True

Panda result: Trj/Agent.FTW

update: 20190929 version: 4.6.4.2 detected: True

VBA32 result: BScope.Trojan.Fuerboos

update: 20190927 version: 4.1.0 detected: True

VIPRE update: 20190928

version: 78206 detected: False

Zoner result: Trojan.Win32.72824

update: 20190928 version: 1.0.0.1 detected: True

ClamAV result: Win.Malware.Loki-6773870-0

update: 20190929 version: 0.101.4.0 detected: True

Comodo result: TrojWare.Win32.Stealer.A@7zzhr6 update: 20190929

version: 31542 detected: True

F-Prot result: W32/Loki.X

update: 20190929 version: 4.7.1.166 detected: True

Ikarus result: Worm.Win32.AutoRun

update: 20190929 version: 0.1.5.2 detected: True

McAfee result: Trojan-FQIO!B570303EAF84

update: 20190929 version: 6.0.6.653 detected: True

Rising result: Trojan.Injector!1.AFE3 (CLASSIC) update: 20190929

version: 25.0.0.24 detected: True

Sophos result: Mal/Fareit-V

update: 20190929 version: 4.98.0 detected: True

Yandex result: Trojan.Injector!H3/OLZ6Q5K8

update: 20190927 version: 5.5.2.24 detected: True

Zillya result: Trojan.Stealer.Win32.2873

update: 20190927 version: 2.0.0.3912 detected: True

Acronis result: suspicious

update: 20190923 version: 1.1.1.58 detected: True

Alibaba result: TrojanSpy:Win32/Injector.e14c8c12 update: 20190527

version: 0.3.0.5 detected: True

Arcabit result: Trojan.Generic.D26EB7C4

update: 20190929 version: 1.0.0.857 detected: True

Cylance result: Unsafe

update: 20190929 version: 2.3.1.101 detected: True

Endgame result: malicious (high confidence) update: 20190918

version: 3.0.15 detected: True

FireEye result: Generic.mg.b570303eaf845b41

update: 20190929 version: 29.7.0.0 detected: True

TACHYON update: 20190929

version: 2019-09-29.02 detected: False

Tencent update: 20190929

version: 1.0.0.1 detected: False

ViRobot result: Trojan.Win32.Z.Stealer.2965647 update: 20190929

version: 2014.3.20.0 detected: True

Webroot result: W32.Trojan.Gen

update: 20190929 version: 1.0.0.403 detected: True

Ad-Aware result: Trojan.GenericKD.40810436

update: 20190929 version: 3.0.5.370 detected: True

AegisLab result: Trojan.Win32.Stealer.l!c

update: 20190929 version: 4.2 detected: True

Emsisoft result: Trojan.GenericKD.40810436 (B) update: 20190929

version: 2018.12.0.1641 detected: True

F-Secure result: Heuristic.HEUR/AGEN.1037366

update: 20190929 version: 12.0.86.52 detected: True

Fortinet result: W32/Injector.EHDJ!tr

update: 20190929 version: 5.4.247.0 detected: True

Invincea update: 20190904

version: 6.3.6.26157 detected: False

Jiangmin result: Trojan-Spy.Stealer.e

update: 20190929 version: 16.0.100 detected: True

Kingsoft update: 20190929

version: 2013.8.14.323 detected: False

Paloalto result: generic.ml

update: 20190929 version: 1.0 detected: True

Symantec result: Infostealer.Lokibot

update: 20190928 version: 1.10.0.0 detected: True

Trapmine result: malicious.high.ml.score update: 20190826

version: 3.1.81.800 detected: True

AhnLab-V3 result: Win-Trojan/Delphiless.Exp update: 20190929

version: 3.16.2.25355 detected: True

Antiy-AVL result: Trojan[Spy]/Win32.Stealer update: 20190926

version: 3.0.0.1 detected: True

Kaspersky result: HEUR:Trojan-Spy.Win32.Stealer.gen update: 20190929

version: 15.0.1.13 detected: True

MaxSecure result: Trojan.Malware.73793603.susgen update: 20190928

version: 1.0.0.1 detected: True

Microsoft result: PWS:Win32/Fareit.Delph.AD!MTB update: 20190929

version: 1.1.16400.2 detected: True

Qihoo-360 result: Win32/Trojan.Spy.3e9

update: 20190929 version: 1.0.0.1120 detected: True

ZoneAlarm result: HEUR:Trojan-Spy.Win32.Stealer.gen update: 20190929

version: 1.0 detected: True

Cybereason result: malicious.eaf845

update: 20190616 version: 1.2.449 detected: True

ESET-NOD32 result: a variant of Win32/Injector.ECBO update: 20190929

version: 20098 detected: True

TrendMicro result: TrojanSpy.Win32.LOKI.SMAL01.hp update: 20190929

version: 11.0.0.1006

detected: True

BitDefender result: Trojan.GenericKD.40810436 update: 20190929

version: 7.2 detected: True

CrowdStrike result: win/malicious_confidence_90% (W) update: 20190702

version: 1.0 detected: True

K7AntiVirus result: Spyware ( 005435701 ) update: 20190929

version: 11.69.32117 detected: True

SentinelOne result: DFI - Malicious PE update: 20190807 version: 1.0.31.22 detected: True

Avast-Mobile update: 20190929

version: 190929-00 detected: False

Malwarebytes result: Spyware.PasswordStealer update: 20190929

version: 2.1.1.1115 detected: True

TotalDefense update: 20190929

version: 37.1.62.1 detected: False

CAT-QuickHeal result: Trojan.Fuerboos update: 20190929 version: 14.00 detected: True

NANO-Antivirus result: Trojan.Win32.Stealer.fkuvfb update: 20190929

version: 1.0.134.24859 detected: True

MicroWorld-eScan result: Trojan.GenericKD.40810436 update: 20190929

version: 14.0.297.0 detected: True

SUPERAntiSpyware update: 20190927

version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: BehavesLike.Win32.Fareit.vh update: 20190929

version: v2017.3010 detected: True

TrendMicro-HouseCall result: TrojanSpy.Win32.LOKI.SMAL01.hp update: 20190929

version: 10.0.0.1040 detected: True

total 70

sha256 9a14ade3f0fecba2b9709375f9bc179216fb957a9cf1bf9459f06eab0628880 e

scan_id 9a14ade3f0fecba2b9709375f9bc179216fb957a9cf1bf9459f06eab0628880 e-1569768309

resource b570303eaf845b41b2193b0c9c207e3d

permalink https://www.virustotal.com/file/9a14ade3f0fecba2b9709375f9bc179216fb9 57a9cf1bf9459f06eab0628880e/analysis/1569768309/

positives 59

scan_date 2019-09-29 14:45:09

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

Process

Trace

Analysis

Reason Blue Screen

Status Execution Failed

Results 0

Registry

Trace

File Summary

Created Identified: False

Deleted Identified: False

Process Summary

Created Identified: False

Deleted Identified: False

Registry Summary

Proxy Identified: False

AutoRun Identified: False

Created Identified: False

Deleted Identified: False

Browsers Identified: False

Internet Identified: False

DNS

Query

Response

TCP

Info

UDP

Info

HTTP

Info

Summary

DNS False

TCP False

UDP False

HTTP False

Results

KNN (K=3, NFS-BRMalware) confidence: 100.00%

suspicious: True

Decision Tree (NFS-BRMalware) confidence: 100.00%

suspicious: True

SVC (Kernel=Linear, NFS-BRMalware) confidence: 87.86%

suspicious: False

Random Forest (100 estimators, NFS-BRMalware) confidence: 63.00%

suspicious: True