Binary
DLL False
Size 3.03MB
trid 35.7% Win32 Executable
16.4% Win16/32 Executable Delphi generic 16.0% OS/2 Executable
15.8% Generic Win/DOS Executable 15.8% DOS Executable Generic
type PE
wordsize 0
Subsystem unknown
Hashes
md5 3d45b6699805ca1c2fae8b77ddee1354
sha1 069bf4d4088a54376fbf872859b1d03d3b4b9f54
crc32 0xc276ffdd
sha224 663b0fcd454e9cad0501697f0441625402d8f3a4039c3fa857ab31ed
sha256 92c4df23be53cc96b99d94799ecfbfb76a516e715f7b1c5a911ac47a51ba4b e7
sha384 9864d85a70c0e04320f805f14a7fc0938fe001be34f9eeabb138d6fd6c45354 8f7e07204e86bdf61d3ee8524f3d88c11
sha512 a294c0c3d9285e8e124ac2fb7b792ec431509131bc3e35b07825a22ac22b9 37e674ac2d66a81a7cb3ed70fc3ebf2d0465d848930968e80ba2778879446 0c5bc3
ssdeep 49152:/V37WmU6w3ACOxBAUOu0B4gOMC0l4l9e2EAqgRa1VO6pwJa3/ObuF gFOBcaWGRFe:46wUBrXGUlQwqgRa1V1ma3/RF8aXne
Report #7042
Creation Date: Feb. 20, 2020, 4:30 p.m.
Last Update: Feb. 20, 2020, 6:46 p.m.
File:
str.exe Results:
Community
Google False
HashLib False
YARA
Matches HasModified_DOS_Message, domain, HasDigitalSignature, url, contentis_ba se64, win_registry, IsPacked, HasOverlay, Big_Numbers1, IsPE32, IsWindow sGUI, FSG_v110_Eng_dulekxt_
Suspicious True
Strings
List
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q 2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t 2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
https://secure.comodo.net/CPS0C
ehttp://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0 i.AW
9IU.AG Ae.om n.FO
http://ocsp.comodoca.com0 http://ocsp.comodoca.com0
Lhttp://pki-crl.symauth.com/ca_219679623e6b4fa507d638cbeba72ecb/LatestCRL.crl07 +http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
.http://crl.thawte.com/ThawteTimestampingCA.crl0 +http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
c.Ca e.pG f.GW f.uG Sl.bS fP.KI p.su d.lb J.kw d.kH q.pE 6.kW s.IQ j.MN M'Ut.sA*
windowscodecs.dll winspool.drv
comctl32.dll wtsapi32.dll msimg32.dll
~(kernel32.dll
#95user32.dll version.dll v(gdi32.dll winmm.dll SHFolder.dll
http://ts-ocsp.ws.symantec.com07 8:\6
8u8A:H:w:
5"efD TGg1hWI::
!R(ct
<{':
E(wh Lpg|E h"fDCUM 5?D0Th<g%A
$gvwlYYFh
|eeogFh HM%dW7_
iR5=%%5
%e80~0
@%e9~
g4!u%i4c a1uT%%
8@:%aI A@%2o
%EA.1 tre%%
m2tGF
%FR"\d>gB
%AoM$a\i 9!9%9A9E9g9 f8E%s
%EY3h 3tO%G 6%6A6i6 7n4%e Rdl4WD 1%2a2s2 5%5A5O5b5w5 a%sH5f2 o"%pef
;%afi t]%*ir RV/%GT
$>/%E
;%hE&
A%|eW) (%EIb {.S%i r/N%A LaVi%%
`%EFo oW%i:
%gW#Ua
/D%Eh I%n[\
56t4%e
L48 qNWmwsock32.dll f%ecG]B
@kLa%Au khLh'%sW n%eDllP{
Foremost
Matches 0.exe, 3 MB
Suspicious True
Heuristics
IPs hasIPs: False
Allowed Suspicious
hasAllowed: False hasSuspicious: False
URLs Allowed
hasURLs: False Suspicious
hasAllowed: False hasSuspicious: False
Files Allowed
hasFiles: False Suspicious
hasAllowed: False hasSuspicious: False
Binary
Sizes RVA
RVA: 16
Suspicious: False Code
Size: 1271808 Suspicious: False Image
Address: 13107200 Suspicious: False Stack
Stack: 16384 Suspicious: False Headers
Headers: 1536
Suspicious: False Suspicious: False
Symbols Number
Number: 0
Suspicious: True Pointer
Pointer: 0
Suspicious: True Directories Number: 16 Suspicious: False
Checksum Value: 3213197
Suspicous: False
Sections Allowed: .text, .itext, .data, .bss, .idata, .didata, .tls, .rdata, .vmp0, .vmp1, .ne wimp, .vmp2, .vmp3, .reloc
Suspicious
hasAllowed: True hasSections: True hasSuspicious: False
Versions OS
Version: 5
Suspicious: False Image
Version: True Suspicious: 5 Linker
Version: 2.25 Suspicious: False Subsystem
Version: 5.0 Suspicious: False Suspicious: False
EntryPoint Address: 6281129
Suspicious: False
Anomalies Anomalies
hasAnomalies: False
Libraries Allowed
hasLibs: False Suspicious
hasAllowed: False hasSuspicious: False
Timestamp Past: False Valid: False Value: 0 Future: False
Compilation Packed: False
Missing: True Packers
Compiled: False Compilers
Obfuscation XOR: False
Fuzzing: False
PEDetector
Matches None
Suspicious False
Disassembly
hasTricks False
Tricks
AVclass
None 1
VirusTotal
md5 3d45b6699805ca1c2fae8b77ddee1354
sha1 069bf4d4088a54376fbf872859b1d03d3b4b9f54
SCANS (DETECTION RATE = 69.84%)
AVG result: Win32:DangerousSig [Trj]
update: 20180629 version: 18.4.3895.0 detected: True
CMC update: 20180629
version: 1.1.0.977 detected: False
MAX result: malware (ai score=100) update: 20180630
version: 2017.11.15.1 detected: True
Bkav update: 20180629
version: 1.3.0.9466 detected: False
K7GW result: Unwanted-Program ( 005146e21 )
update: 20180630 version: 10.51.27609 detected: True
ALYac result: Trojan.Generic.22217041
update: 20180629 version: 1.1.1.5 detected: True
Avast result: Win32:DangerousSig [Trj]
update: 20180629 version: 18.4.3895.0 detected: True
Avira result: TR/Crypt.XPACK.Gen
update: 20180629 version: 8.3.3.6 detected: True
Baidu result: Win32.Trojan.WisdomEyes.16070401.9500.9903 update: 20180628
version: 1.0.0.2 detected: True
Cyren result: W32/Trojan.RFLH-1431
update: 20180629 version: 6.0.0.4 detected: True
DrWeb result: Trojan.PWS.Banker1.22823
update: 20180629 version: 7.0.33.6080 detected: True
GData result: Trojan.Generic.22217041
update: 20180629
version: A:25.17629B:25.12609
detected: True
Panda result: Trj/Genetic.gen
update: 20180629 version: 4.6.4.2 detected: True
VBA32 result: TrojanPSW.Banker
update: 20180629 version: 3.12.32.0 detected: True
VIPRE result: Trojan.Win32.Generic!BT
update: 20180630 version: 67766 detected: True
Zoner update: 20180629
version: 1.0 detected: False
AVware result: Trojan.Win32.Generic!BT
update: 20180629 version: 1.6.0.52 detected: True
ClamAV update: 20180629
version: 0.99.2.0 detected: False
Comodo result: UnclassifiedMalware
update: 20180630 version: 29260 detected: True
F-Prot update: 20180630
version: 4.7.1.166 detected: False
Ikarus result: Trojan.Win32.VMProtect
update: 20180629 version: 0.1.5.2 detected: True
McAfee result: Packed-GV!3D45B6699805
update: 20180629 version: 6.0.6.653
detected: True
Sophos result: Mal/Generic-S
update: 20180629 version: 4.98.0 detected: True
Yandex update: 20180629
version: 5.5.1.3 detected: False
Zillya result: Downloader.BanloadCRTD.Win32.11978 update: 20180629
version: 2.0.0.3584 detected: True
Arcabit result: Trojan.Generic.D1530151
update: 20180629 version: 1.0.0.831 detected: True
Endgame result: malicious (high confidence) update: 20180612
version: 2.1.3 detected: True
TACHYON update: 20180629
version: 2018-06-29.02 detected: False
Tencent result: Win32.Trojan.Inject.Llhl update: 20180630
version: 1.0.0.1 detected: True
ViRobot update: 20180629
version: 2014.3.20.0 detected: False
Webroot update: 20180630
version: 1.0.0.403 detected: False
eGambit update: 20180630
detected: False
Ad-Aware result: Trojan.Generic.22217041 update: 20180629
version: 3.0.5.370 detected: True
AegisLab update: 20180629
version: 4.2 detected: False
Emsisoft result: Trojan-Spy.Banker (A)
update: 20180629 version: 4.0.2.899 detected: True
F-Secure result: Trojan.Generic.22217041
update: 20180630 version: 11.0.19100.45 detected: True
Fortinet result: W32/Generic.GV!tr
update: 20180629 version: 5.4.247.0 detected: True
Invincea result: heuristic
update: 20180601 version: 6.3.5.26121 detected: True
Jiangmin result: Trojan.Generic.azgku
update: 20180630 version: 16.0.100 detected: True
Kingsoft update: 20180630
version: 2013.8.14.323 detected: False
Paloalto result: generic.ml
update: 20180630 version: 1.0 detected: True
Symantec result: ML.Attribute.HighConfidence update: 20180629
version: 1.6.0.0 detected: True
AhnLab-V3 update: 20180629 version: 3.12.1.21240 detected: False
Antiy-AVL result: Trojan/Win32.AGeneric update: 20180630
version: 3.0.0.1 detected: True
Kaspersky result: HEUR:Trojan.Win32.Generic update: 20180630
version: 15.0.1.13 detected: True
Microsoft result: TrojanDownloader:Win32/Banload update: 20180629
version: 1.1.15000.2 detected: True
Qihoo-360 update: 20180630
version: 1.0.0.1120 detected: False
TheHacker update: 20180628
version: 6.8.0.5.3218 detected: False
ZoneAlarm result: HEUR:Trojan.Win32.Generic update: 20180629
version: 1.0 detected: True
Cybereason result: malicious.99805c
update: 20180225 version: 1.2.27 detected: True
ESET-NOD32 result: a variant of Win32/Packed.VMProtect.AB update: 20180629
version: 17636 detected: True
BitDefender result: Trojan.Generic.22217041 update: 20180629
version: 7.2 detected: True
CrowdStrike result: malicious_confidence_100% (D) update: 20180530
version: 1.0 detected: True
K7AntiVirus result: Unwanted-Program ( 005146e21 ) update: 20180629
version: 10.51.27609 detected: True
SentinelOne result: static engine - malicious update: 20180618
version: 1.0.17.225 detected: True
Avast-Mobile update: 20180629
version: 180628-10 detected: False
Malwarebytes update: 20180629
version: 2.1.1.1115 detected: False
TotalDefense update: 20180629
version: 37.1.62.1 detected: False
CAT-QuickHeal result: Trojan.IGENERIC update: 20180629 version: 14.00 detected: True
NANO-Antivirus result: Trojan.Win32.Banker1.eqdecu update: 20180629
version: 1.0.116.23366 detected: True
MicroWorld-eScan result: Trojan.Generic.22217041 update: 20180629
version: 14.0.297.0 detected: True
SUPERAntiSpyware update: 20180630 version: 5.6.0.1032 detected: False
McAfee-GW-Edition result: Packed-GV!3D45B6699805 update: 20180629
version: v2017.2786 detected: True
total 63
sha256 92c4df23be53cc96b99d94799ecfbfb76a516e715f7b1c5a911ac47a51ba4b e7
scan_id 92c4df23be53cc96b99d94799ecfbfb76a516e715f7b1c5a911ac47a51ba4b e7-1530322158
resource 3d45b6699805ca1c2fae8b77ddee1354
permalink https://www.virustotal.com/file/92c4df23be53cc96b99d94799ecfbfb76a516 e715f7b1c5a911ac47a51ba4be7/analysis/1530322158/
positives 44
scan_date 2018-06-30 01:29:18
verbose_msg Scan finished, information embedded
response_code 1
File
Trace
Process
Trace
Analysis
Reason Blue Screen
Status Execution Failed
Results 0
Registry
Trace
File Summary
Created Identified: False
Deleted Identified: False
Process Summary
Created Identified: False
Deleted Identified: False
Registry Summary
Proxy Identified: False
AutoRun Identified: False
Created Identified: False
Deleted Identified: False
Browsers Identified: False
Internet Identified: False
DNS
Query
Response
TCP
Info
UDP
Info
HTTP
Info
Summary
DNS False
TCP False
UDP False
HTTP False
Results
BINARY
KNN (K=3, NFS-BRMalware) confidence: 100.00%
suspicious: True
Decision Tree (NFS-BRMalware) confidence: 100.00%
suspicious: True
SVC (Kernel=Linear, NFS-BRMalware) confidence: 95.02%
suspicious: True
MalConv (Ember: Raw Bytes, Threshold=0.5) confidence: 73.31%
suspicious: True
Random Forest (100 estimators, NFS-BRMalware) confidence: 77.00%
suspicious: True
Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35) confidence: 50.97%
suspicious: True
LightGDM (Ember: File Characteristics, Threshold=0.8336) confidence: 23.77%
suspicious: False
