Binary
DLL False
Size 160.00KB
trid 41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library 5.9% Win32 Executable
2.6% OS/2 Executable
type PE
wordsize 32
Subsystem Windows CLI
Hashes
md5 a51d90f2f9394f5ea0a3acae3bd2b219
sha1 20fea1314dbed552d5fedee096e2050369172ee1
crc32 0xd8c6c1c
sha224 4dea7ee5d626fa2c05b26ee2839277501ebc47adc1e1bbdbc6bb8057
sha256 ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044 f
sha384 3f08577cbc7c4e2e7a226b02c55998325731ab7219302e4c5f2bb1b243026 6d89149304e31ce3b28efe20d51854de613
sha512 c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e273 90cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa98 5bf6
ssdeep 3072:6nkCMZlG+fHlDum7uVouWEHR92dZH5TTY8A7GyH367uPlDKw:6kCMn dv8WiYZH5A8sGw367Y+
Report #7699
Creation Date: Feb. 27, 2020, 5:20 p.m.
Last Update: Feb. 27, 2020, 10:52 p.m.
File:
_1x9P0g94QW6sZaKacXmH.exe Results:
Community
Google False
HashLib False
YARA
Matches Microsoft_Visual_Cpp_v50v60_MFC_additional, Microsoft_Visual_Cpp, domai n, DebuggerException__SetConsoleCtrl, Armadillo_v171_additional, IsPE32, win_token, contentis_base64, Armadillo_v171, win_registry, Microsoft_Visua l_Cpp_v50v60_MFC, IsConsole, Microsoft_Visual_Cpp_v60, CRC32_poly_Cons tant, win_files_operation, Microsoft_Visual_Cpp_50, escalate_priv, HasRichSi gnature
Suspicious True
Strings
List
Mapi32.dll Encrypted
there is no such archive 7-Zip cannot load Mapi32.dll Commented
can't decompress folder
stdout mode and email mode cannot be combined Created
switch is not full is not file
7-Zip cannot find the code that works with archives.
MB, # %s %3d
I won't write compressed data to a terminal Software\7-zip
KB/s %% MIPS MIPS RAM %s
Can not open file as archive x: eXtract files with full paths [Content]
<Commands>
Compressed:
SeLockMemoryPrivilege Archives:
Archive Errors:
PSShL@
Dict Compressing | Decompressing CPU hardware threads:
7z.dll
Compressing Compressed
BERROR: Can not delete output file B7zCon.sfx
GetProcAddress PhysicalDrive PhysicalDrive PSSh
Extracting
OpenProcessToken Multivolume DeviceIoControl VirtualAlloc MapViewOfFile
Incorrect command line LoadLibraryA
RemoveDirectoryW CreateFileW
MoveFileA LoadLibraryExA FreeLibrary
GetModuleFileNameA RemoveDirectoryA SetFileTime FindFirstFileA MoveFileW
GetModuleHandleA RegOpenKeyExA SetFilePointer RegQueryValueExA CreateDirectoryA CreateFileA FindNextFileA FindNextFileW FindFirstFileW DeleteFileW DeleteFileA CreateDirectoryW WriteFile
CRC Failed in encrypted file. Wrong password?
Everything is Ok
7-Zip cannot delete the file switch must be single 7-Zip cannot move the file ReadFile
7-Zip cannot open file Creating archive 3EEf
already exists. Overwrite with
I won't write data and program's messages to same terminal Volumes
GetTickCount
Data Error in encrypted file. Wrong password?
Can not open encrypted archive. Wrong password?
cannot find archive Host OS
Volume fprintf
-m{Parameters}: set compression Method
Usage: 7z <command> [<switches>...] <archive_name> [<file_names>...]
7z.exe
-u[-][p#][q#][r#][x#][y#][z#][!newArchiveName]: Update options Processing archive:
-v{Size}[b|k|m|g]: Create volumes -ssw: compress shared files
.?AUCArchiveCommandLineException@@
-sfx[{name}]: Create SFX archive
-ax[r[-|0]]{@listfile|!wildcard}: eXclude archives -ai[r[-|0]]{@listfile|!wildcard}: Include archives -p{Password}: set Password
a: Add files to archive -t{Type}: Set type of archive
Foremost
Matches 0.exe, 160 KB
Suspicious True
Heuristics
IPs hasIPs: False
Allowed Suspicious
hasAllowed: False hasSuspicious: False
URLs Allowed
hasURLs: False Suspicious
hasAllowed: False hasSuspicious: False
Files Allowed: 7-Zip cannot load Mapi32.dll, Mapi32.dll, MSVCRT.dll, ADVAPI32.dl l, kernel32.dll, USER32.dll, OLEAUT32.dll, 7z.dll
hasFiles: True Suspicious
hasAllowed: True hasSuspicious: False
Binary
Sizes RVA
RVA: 16
Suspicious: False Code
Size: 44544
Suspicious: False Image
Address: 4194304 Suspicious: False Stack
Stack: 4096 Suspicious: False Headers
Headers: 1024 Suspicious: False Suspicious: False
Symbols Number
Number: 0
Suspicious: True Pointer
Pointer: 0
Suspicious: True Directories Number: 16 Suspicious: False
Checksum Value: 0
Suspicous: True
Sections Allowed: .text, .rdata, .data, .rsrc Suspicious
hasAllowed: True hasSections: True hasSuspicious: False
Versions OS
Version: 4
Suspicious: False Image
Version: True Suspicious: 4 Linker
Version: 6.0 Suspicious: False Subsystem
Version: 4.0 Suspicious: False Suspicious: False
EntryPoint Address: 118988
Suspicious: False
Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.
hasAnomalies: True
Libraries Allowed: mapi32.dll, msvcrt.dll, advapi32.dll, kernel32.dll, user32.dll, olea ut32.dll
hasLibs: True
Suspicious: 7-zip cannot load mapi32.dll, 7z.dll hasAllowed: True
hasSuspicious: True
Timestamp Past: False
Valid: True
Value: 2010-11-18 14:08:03 Future: False
Compilation Packed: False
Missing: False Packers
Compiled: True
Compilers: Microsoft Visual C++ v6.0, Microsoft Visual C++ 5.0, Microsoft Visual C++
MainPacker: Armadillo v1.71
Obfuscation XOR: False
Fuzzing: False
PEDetector
Matches None
Suspicious False
Disassembly
hasTricks True
Tricks
pushret .text: 2
nopsequence .text: 17
pushpopmath .data: 7
.text: 4 .rdata: 2
garbagebytes .text: 2
software breakpoint .text: 4
programcontrolflowchange .text: 2
AVclass
None 1
VirusTotal
md5 a51d90f2f9394f5ea0a3acae3bd2b219
sha1 20fea1314dbed552d5fedee096e2050369172ee1
SCANS (DETECTION RATE = 0.00%)
AVG update: 20200225
version: 18.4.3895.0 detected: False
CMC update: 20190321
version: 1.1.0.977 detected: False
MAX update: 20200226
version: 2019.9.16.1 detected: False
APEX update: 20200225
version: 5.122 detected: False
Bkav update: 20200221
version: 1.3.0.9899 detected: False
K7GW update: 20200225
version: 11.96.33379 detected: False
ALYac update: 20200225
version: 1.1.1.5 detected: False
Avast update: 20200225
version: 18.4.3895.0 detected: False
Baidu update: 20190318 version: 1.0.0.2 detected: False
Cyren update: 20200225
version: 6.2.2.2 detected: False
DrWeb update: 20200225
version: 7.0.44.12030 detected: False
GData update: 20200225
version: A:25.24988B:26.17814 detected: False
Panda update: 20200225
version: 4.6.4.2 detected: False
VBA32 update: 20200225
version: 4.3.0 detected: False
VIPRE update: 20200225
version: 81800 detected: False
Zoner update: 20200224
version: 1.0.0.1 detected: False
ClamAV update: 20200225
version: 0.102.2.0 detected: False
Comodo update: 20200225
version: 32129 detected: False
F-Prot update: 20200225
version: 4.7.1.166 detected: False
McAfee update: 20200225 version: 6.0.6.653 detected: False
Rising update: 20200225
version: 25.0.0.24 detected: False
Sophos update: 20200225
version: 4.98.0 detected: False
Yandex update: 20200223
version: 5.5.2.24 detected: False
Zillya update: 20200225
version: 2.0.0.4034 detected: False
Acronis update: 20200225
version: 1.1.1.73 detected: False
Alibaba update: 20190527
version: 0.3.0.5 detected: False
Arcabit update: 20200225
version: 1.0.0.869 detected: False
Cylance update: 20200226
version: 2.3.1.101 detected: False
Endgame update: 20200131
version: 3.0.16 detected: False
FireEye update: 20200225
version: 29.7.0.0 detected: False
Sangfor update: 20200221
version: 1.0 detected: False
TACHYON update: 20200225
version: 2020-02-25.02 detected: False
Tencent update: 20200226
version: 1.0.0.1 detected: False
ViRobot update: 20200225
version: 2014.3.20.0 detected: False
Webroot update: 20200226
version: 1.0.0.403 detected: False
eGambit update: 20200226
detected: False
Ad-Aware update: 20200225
version: 3.0.5.370 detected: False
Emsisoft update: 20200225
version: 2018.12.0.1641 detected: False
F-Secure update: 20200225
version: 12.0.86.52 detected: False
Fortinet update: 20200225
version: 6.2.142.0 detected: False
Invincea update: 20200219
version: 6.3.6.26157 detected: False
Jiangmin update: 20200225
version: 16.0.100 detected: False
Kingsoft update: 20200226 version: 2013.8.14.323 detected: False
Paloalto update: 20200226
version: 1.0 detected: False
Trapmine update: 20200123
version: 3.2.22.914 detected: False
AhnLab-V3 update: 20200225
version: 3.17.1.26513 detected: False
Antiy-AVL update: 20200225
version: 3.0.0.1 detected: False
Kaspersky update: 20200225
version: 15.0.1.13 detected: False
MaxSecure update: 20200225
version: 1.0.0.1 detected: False
Microsoft update: 20200225
version: 1.1.16800.2 detected: False
Qihoo-360 update: 20200226
version: 1.0.0.1120 detected: False
ZoneAlarm update: 20200225
version: 1.0 detected: False
Cybereason update: 20190616
version: 1.2.449 detected: False
ESET-NOD32 update: 20200225 version: 20900 detected: False
TrendMicro update: 20200225
version: 11.0.0.1006 detected: False
BitDefender update: 20200225
version: 7.2 detected: False
CrowdStrike update: 20190702
version: 1.0 detected: False
K7AntiVirus update: 20200225
version: 11.96.33379 detected: False
SentinelOne update: 20200220
version: 2.0.0.2603 detected: False
Avast-Mobile update: 20200225
version: 200225-00 detected: False
Malwarebytes update: 20200225
version: 3.6.4.335 detected: False
CAT-QuickHeal update: 20200225
version: 14.00 detected: False
NANO-Antivirus update: 20200225
version: 1.0.134.25032 detected: False
BitDefenderTheta update: 20200211 version: 7.2.37796.0 detected: False
MicroWorld-eScan update: 20200225
version: 14.0.409.0 detected: False
SUPERAntiSpyware update: 20200221 version: 5.6.0.1032 detected: False
McAfee-GW-Edition update: 20200225 version: v2017.3010 detected: False
TrendMicro-HouseCall update: 20200225 version: 10.0.0.1040 detected: False
total 68
sha256 ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044 f
scan_id ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044 f-1582672117
resource a51d90f2f9394f5ea0a3acae3bd2b219
permalink https://www.virustotal.com/file/ac9674feb8f2fad20c1e046de67f899419276 ae79a60e8cc021a4bf472ae044f/analysis/1582672117/
positives 0
scan_date 2020-02-25 23:08:37
verbose_msg Scan finished, information embedded
response_code 1
File
Trace
Process
Trace
Analysis
Reason Blue Screen
Status Execution Failed
Results 0
Registry
Trace
File Summary
Created Identified: False
Deleted Identified: False
Process Summary
Created Identified: False
Deleted Identified: False
Registry Summary
Proxy Identified: False
AutoRun Identified: False
Created Identified: False
Deleted Identified: False
Browsers Identified: False
Internet Identified: False
DNS
Query
Response
TCP
Info
UDP
Info
HTTP
Info
Summary
DNS False
TCP False
UDP False
HTTP False
Results
BINARY
KNN (K=3, NFS-BRMalware) confidence: 100.00%
suspicious: False
Decision Tree (NFS-BRMalware) confidence: 100.00%
suspicious: False
SVC (Kernel=Linear, NFS-BRMalware) confidence: 71.54%
suspicious: False
MalConv (Ember: Raw Bytes, Threshold=0.5) confidence: 98.84%
suspicious: True
Random Forest (100 estimators, NFS-BRMalware) confidence: 50.00%
suspicious: False
Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35) confidence: 62.91%
suspicious: True
LightGDM (Ember: File Characteristics, Threshold=0.8336) confidence: 100.00%
suspicious: False