Report #7295

(1)

Binary

DLL False

Size 2.11MB

trid 52.9% Win32 Executable

23.5% Generic Win/DOS Executable 23.5% DOS Executable Generic

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 2a017522193c9304b4223ad263b5e437

sha1 bb0f685a57f6e90b9611b9da8e7b281a004f158a

crc32 0xae907125

sha224 0cb138ff3d07fccac3dcba098b0e38a44752e2d1e863905879065ef6

sha256 827da43e3b5a3644bde6dfeed55179abb2b6c9a92c1913769b4ffda4d5d7a 002

sha384 d680b068e2fbac28828a19556dbe5a4aa053b0df09bd6108d8753702d65a1 b37f9f6b91afffe13d469f3a66972e6d057

sha512 b771fa56dc91bb92e3ec0bd5318ff7be4079f8c36d6c960853f0abe339c385b 84e888da8bb91700f7f9d4ac23b8dd03947c37da626fd387951aaf5a171bfb cf7

ssdeep 49152:wKKb52r6biTkbtIJYa8gwWvf70q5VWy7EeNAIem:wKKVgOhSYa8gwWv DPtQARem

Community

Report #7295

Creation Date: Feb. 21, 2020, 3:57 p.m.

Last Update: Feb. 21, 2020, 8:16 p.m.

File:

Demostrativo Débito.exe Results:

(2)

Google False

HashLib False

YARA

Matches domain, win_private_profile, ThreadControl__Context, CRC32_poly_Constant , VC8_Microsoft_Corporation, DebuggerException__SetConsoleCtrl, Check_O utputDebugStringA_iat, CRC32_table, TEAN, win_files_operation, IsPacked, c ontentis_base64, screenshot, IP, win_mutex, keylogger, VirtualPC_Detection , IsPE32, maldoc_find_kernel32_base_method_1, vmdetect, IsWindowsGUI, anti_dbg, DebuggerHiding__Active, Microsoft_Visual_Cpp_8

Suspicious True

Strings

List

t.Ht Font.Name Font.Style Font.Name Font.Style m.ao

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group rm.Fm

LS.Fj b.Mm wJ.nL CG.NP

C:\boost\1.47\include\boost/exception/detail/exception_ptr.hpp z.PG

b.nZ C.sae 1.0.0.0 1.0.0.0

Error: Access violation at 0x%1$08X (tried to %2% 0x%3$08X), program terminated. LastCP is '%4%'.

"m8&oAy DB8&oh ,N-H%

s?TJyV9E2 ,Ni=p=ln D$<SUVW D$<SUVW D$<SUVW D$<SUVW feg|m

%e7-I++*

name="Microsoft.Windows.Common-Controls"

?%e4A I%4au )%n@a

(3)

ty<%tA E%utA-

>%dSId

No such process

Sub-menu is not in menu No such device or address

DebugLog::Debug called with null object!

Division by zero read from WNov MSfD PSFh

August September ToolWin

Rx%Et F%AOn

Too many links Too many open files

Too many open files in system Too many open files

No such device Result too large signed

Resource device Assertion failed R :%F4+E

%s (%s, line %d)

%b %d %H : %M : %S %Y

%I : %M : %S %p File "%s", error %d Operation not permitted

Privileged instruction(Exception %s in module %s at %p.

Error reading %s%s%s: %s I/O error %d

(Error code %d)

No help found for %s#No context-sensitive help installed List count out of bounds (%d)

Ancestor for '%s' not found Cannot assign a %s to a %s

No help found for context$No topic-based help system installed Class %s not found

Property %s does not exist Resource %s not found [thunk]:

mscoree.dll ARMDEBUG=

*ShellAPI T$DRSSh

Error creating window class+Cannot focus a disabled or invisible window!Control '%s' has no parent window$Paren t given is not a parent of '%s'

publicKeyToken="6595b64144ccf1df"

`U.gL k.TO;

&Y.VI

Invalid stream format$''%s'' is not a valid component name

boost::too_few_args: format-string referred to more arguments than were passed boost::too_many_args: format-string referred to less arguments than were passed

- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d. Custom.

(4)

..

No argument for format '%s'"Variant method calls not supported - abort() has been called

&Ignore)Cannot change Visible in OnShow or OnHide"Cannot make a visible window modal IsProcessorFeaturePresent

Invalid variant operation%Invalid variant operation (%s%.8x) File "%s", function "%s"

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%S tring list does not allow duplicates

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Foremost

Matches 0.exe, 2 MB

Suspicious True

Heuristics

IPs hasIPs: False

Allowed Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed

hasURLs: False Suspicious

hasAllowed: False hasSuspicious: False

Files Allowed: ADVAPI32.DLL, mscoree.dll, KERNEL32.DLL, wUSER32.DLL, SHELL 32.dll, COMCTL32.DLL, USER32.dll, ComDlg32.dll, GDI32.dll

hasFiles: True Suspicious

hasAllowed: True hasSuspicious: False

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 1380352 Suspicious: False Image

Address: 133234688 Suspicious: False Stack

Stack: 16384

(5)

Suspicious: False Headers

Headers: 4096 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 2265737

Suspicous: False

Sections Allowed: .text, .itext, .data, .bss, .idata, .tls, .rdata, .reloc, .text1, .adata, .dat a1, .reloc1, .pdata, .rsrc

Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 4

Suspicious: False Image

Version: True Suspicious: 4 Linker

Version: 83.82 Suspicious: False Subsystem

Version: 4.0 Suspicious: False Suspicious: False

EntryPoint Address: 1022798

Suspicious: False

Anomalies Anomalies

hasAnomalies: False

Libraries Allowed: advapi32.dll, mscoree.dll, kernel32.dll, shell32.dll, comctl32.dll, u ser32.dll, comdlg32.dll, gdi32.dll

hasLibs: True

Suspicious: wuser32.dll

(6)

hasAllowed: True hasSuspicious: True

Timestamp Past: False

Valid: True

Value: 2016-09-01 22:01:08 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation XOR: False

Fuzzing: False

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks False

Tricks

AVclass

banload 1

VirusTotal

md5 2a017522193c9304b4223ad263b5e437

sha1 bb0f685a57f6e90b9611b9da8e7b281a004f158a

SCANS (DETECTION RATE = 43.86%)

AVG result: Generic16_c.MZA

update: 20160914 version: 16.0.0.4656 detected: True

(7)

CMC update: 20160912 version: 1.1.0.977 detected: False

Bkav result: W32.eHeur.Malware08

K7GW result: Trojan-Downloader ( 004e1cf41 )

update: 20160914 version: 9.238.20869 detected: True

ALYac update: 20160914

version: 1.0.1.9 detected: False

Avast result: Win32:Trojan-gen

Avira result: TR/Dldr.Banload.tyzyq

Baidu update: 20160914

Cyren update: 20160914

DrWeb update: 20160914

GData result: Win32.Trojan.Agent.PLT757

update: 20160914 version: 25 detected: True

Panda update: 20160913

version: 4.6.4.2

(8)

detected: False

VBA32 update: 20160913

VIPRE result: Trojan.Win32.Generic!BT

update: 20160914 version: 52300 detected: True

Zoner update: 20160914

version: 1.0 detected: False

AVware result: Trojan.Win32.Generic!BT

ClamAV update: 20160913

Comodo update: 20160912

version: 25750 detected: False

F-Prot update: 20160914

Ikarus result: Trojan-Downloader.Win32.Banload update: 20160914

version: T3.2.1.6.0 detected: True

McAfee result: Artemis!2A017522193C

Rising result: Malware.Heuristic!ET (rdm+)

(9)

Sophos result: Mal/Generic-S update: 20160914 version: 4.98.0 detected: True

Yandex update: 20160913

Zillya update: 20160914

Alibaba update: 20160914

Arcabit update: 20160914

Tencent update: 20160914

ViRobot update: 20160914

Ad-Aware result: Trojan.Generic.18015547

AegisLab update: 20160914

Emsisoft update: 20160914

F-Secure update: 20160914

(10)

Fortinet result: W32/Banload.XBU!tr.dldr update: 20160914

version: 5.4.233.0 detected: True

Invincea update: 20160912

Jiangmin update: 20160914

version: 16.0.100 detected: False

Kingsoft update: 20160914

Symantec result: Trojan.Gen

nProtect update: 20160914

version: 2016-09-14.02 detected: False

AhnLab-V3 result: Malware/Win32.Generic.N2101178400 update: 20160914

Antiy-AVL update: 20160914

Kaspersky update: 20160914

Microsoft result: TrojanDownloader:Win32/Banload.BFQ update: 20160914

Qihoo-360 result: Trojan.Generic

(11)

TheHacker update: 20160911

version: 6.8.0.5.1063 detected: False

ESET-NOD32 result: Win32/TrojanDownloader.Banload.XBU update: 20160914

version: 14119 detected: True

TrendMicro result: TROJ_GEN.R00JC0DIB16

BitDefender result: Trojan.Generic.18015547 update: 20160914

version: 7.2 detected: True

CrowdStrike result: malicious_confidence_69% (W) update: 20160725

version: 1.0 detected: True

K7AntiVirus result: Trojan-Downloader ( 004e1cf41 ) update: 20160914

version: 9.238.20869 detected: True

Malwarebytes update: 20160914

CAT-QuickHeal update: 20160914

NANO-Antivirus update: 20160913

MicroWorld-eScan update: 20160914 version: 12.0.250.0

(12)

detected: False

SUPERAntiSpyware update: 20160914 version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: BehavesLike.Win32.Dropper.vc update: 20160913

version: v2015 detected: True

TrendMicro-HouseCall result: TROJ_GEN.R00JC0DIB16 update: 20160914

total 57

sha256 827da43e3b5a3644bde6dfeed55179abb2b6c9a92c1913769b4ffda4d5d7a 002

scan_id 827da43e3b5a3644bde6dfeed55179abb2b6c9a92c1913769b4ffda4d5d7a 002-1473852796

resource 2a017522193c9304b4223ad263b5e437

permalink https://www.virustotal.com/file/827da43e3b5a3644bde6dfeed55179abb2b6 c9a92c1913769b4ffda4d5d7a002/analysis/1473852796/

positives 25

scan_date 2016-09-14 11:33:16

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wbem\wbemcomn.dll

21/2/2020 - 19:45:43.80 Ope

n 1 4 8

C:\mal

ware.e C:\Windows\SysWOW64\wbemcomn.dll

(13)

9 0 xe

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wbemcomn.dll

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wbem\Logs

21/2/2020 - 19:45:43.80 9

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wbem\Logs

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

C:\CRYPTSP.dll

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\cryptsp.dll

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\cryptsp.dll

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\rsaenh.dll

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.80 Ope

n 1 4 8

C:\mal

ware.e C:\Windows\SysWOW64\rsaenh.dll

(14)

9 0 xe

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.82 5

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.82 5

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:43.82 5

Ope n

1 4 8 0

C:\mal ware.e xe

C:\RpcRtRemote.dll

21/2/2020 - 19:45:43.82 5

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll

21/2/2020 - 19:45:43.82 5

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

21/2/2020 - 19:45:43.82 5

Ope n

1 4 8

C:\mal ware.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll

(15)

0

21/2/2020 - 19:45:43.82 5

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

21/2/2020 - 19:45:44.43

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wbem\wbemsvc.dll

21/2/2020 - 19:45:44.43

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wbem\wbemsvc.dll

21/2/2020 - 19:45:44.90

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wbem\fastprox.dll

21/2/2020 - 19:45:44.90

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wbem\fastprox.dll

21/2/2020 - 19:45:44.90

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wbem\NTDSAPI.dll

21/2/2020 - 19:45:44.90

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\ntdsapi.dll

21/2/2020 - 19:45:44.90

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\ntdsapi.dll

21/2/2020 - 19:45:45.73 1

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.INI

21/2/2020 - 19:45:45.73 1

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.INI

21/2/2020 - 19:45:45.73 1

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

(16)

21/2/2020 - 19:45:46.12 2

Rea d

1 4 8 0

C:\mal ware.e

xe C:\malware.exe

21/2/2020 - 19:45:46.12 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

21/2/2020 - 19:45:46.13 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

21/2/2020 - 19:45:46.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\

21/2/2020 - 19:45:46.13 7

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\

21/2/2020 - 19:45:46.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\inetmib1.dll

21/2/2020 - 19:45:46.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\inetmib1.dll

21/2/2020 - 19:45:46.20 0

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\inetmib1.dll

21/2/2020 - 19:45:46.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\IPHLPAPI.DLL

21/2/2020 - 19:45:46.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

21/2/2020 - 19:45:46.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

(17)

21/2/2020 - 19:45:46.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\WINNSI.DLL

21/2/2020 - 19:45:46.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\winnsi.dll

21/2/2020 - 19:45:46.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\winnsi.dll

21/2/2020 - 19:45:46.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\snmpapi.dll

21/2/2020 - 19:45:46.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\snmpapi.dll

21/2/2020 - 19:45:46.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\snmpapi.dll

21/2/2020 - 19:45:46.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\ProgramData

21/2/2020 - 19:45:46.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\ProgramData

21/2/2020 - 19:45:46.66 8

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\ProgramData

21/2/2020 - 19:45:46.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\ProgramData\TEMP

21/2/2020 - 19:45:46.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\ProgramData\TEMP

(18)

21/2/2020 - 19:45:46.66 8

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\ProgramData\TEMP

21/2/2020 - 19:45:46.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\ProgramData\TEMP\RAIDTest

21/2/2020 - 19:45:46.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

\Device\HarddiskVolume2

21/2/2020 - 19:45:46.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:46.71 5

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:46.76 2

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:46.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:46.85 6

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:46.90 3

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:46.95 0

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:46.99 7

Ope n

1 4 8 0

C:\mal ware.e xe

1

(19)

21/2/2020 - 19:45:47.18 4

Ope n

4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:47.23 1

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:47.27 8

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:47.32 5

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:47.37 2

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:47.41 8

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:47.46 5

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:47.51 2

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:47.55 9

Ope n

1 4 8 0

C:\mal ware.e xe

C:\ProgramData\TEMP

21/2/2020 - 19:45:47.55 9

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\ProgramData\TEMP

21/2/2020 - 19:45:47.55 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 -

1

4 C:\mal

(20)

19:45:47.55 9

Writ e

8 0

ware.e xe

21/2/2020 - 19:45:47.57 5

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.INI

21/2/2020 - 19:45:47.65 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Temp\CC2242BE.TMP

21/2/2020 - 19:45:47.65 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows

21/2/2020 - 19:45:47.65 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows

21/2/2020 - 19:45:47.65 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\

21/2/2020 - 19:45:47.65 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\

21/2/2020 - 19:45:47.65 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

21/2/2020 - 19:45:47.65 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

21/2/2020 - 19:45:47.65 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows

21/2/2020 - 19:45:47.65 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows

21/2/2020 - 1

C:\mal

(21)

19:45:47.65 3

Ope n

4 8 0

ware.e xe

C:\Windows\SysWOW64

21/2/2020 - 19:45:47.65 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

21/2/2020 - 19:45:47.65 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Temp

21/2/2020 - 19:45:47.65 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Temp

21/2/2020 - 19:45:47.65 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Temp\5AA4E1824BF17FDE.T MP

21/2/2020 - 19:45:47.71 5

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.INI

21/2/2020 - 19:45:47.71 5

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.INI

21/2/2020 - 19:45:47.71 5

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Temp\5AA4E182.RRef

21/2/2020 - 19:45:47.74 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\SHFolder.dll

21/2/2020 - 19:45:47.74 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\shfolder.dll

21/2/2020 - 19:45:47.74 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\shfolder.dll

21/2/2020 - Ope

1

4 C:\mal

(22)

19:45:47.98 1

n 8

0

ware.e xe

C:\malware.exe

21/2/2020 - 19:45:47.98 1

Unk now n

1 4 8 0

C:\mal ware.e

xe C:\malware.exe

21/2/2020 - 19:45:47.98 1

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.PTB

21/2/2020 - 19:45:47.98 1

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.PTB.DLL

21/2/2020 - 19:45:47.98 1

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.PT

21/2/2020 - 19:45:47.98 1

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.PT.DLL

21/2/2020 - 19:45:47.98 1

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\uxtheme.dll

21/2/2020 - 19:45:47.98 1

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:45:48.28

Ope n

1 4 8 0

C:\mal ware.e xe

C:\dwmapi.dll

21/2/2020 - 19:45:48.28

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dwmapi.dll

21/2/2020 - 19:45:48.28

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dwmapi.dll

21/2/2020 - Ope 1

4 C:\mal

(23)

19:45:48.28 n 8 0

ware.e xe

C:\Windows\Fonts\StaticCache.dat

21/2/2020 - 19:45:48.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Fonts\StaticCache.dat StaticCache.dat

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\uxtheme.dll.Config

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.exe.Local

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-controls_

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d

21/2/2020 - 19:46:49.59

Unk now n

1 4 8 0

C:\mal ware.e xe

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d

21/2/2020 - 19:46:49.59

Unk now n

1 4 8 0

C:\mal ware.e xe

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local

21/2/2020 - 19:46:49.59

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - Ope 1

4 C:\mal

ware.e C:\Users\Behemot\AppData\Local\ah211fsxacxa3a

(24)

19:46:49.59 n 8 0

xe

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\ah211fsxacxa3a

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.59

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.59

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\ah211fsxacxa3a\weather.zli b

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

C:\api-ms-win-downlevel-shlwapi-l2-1-0.dll

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.

dll

21/2/2020 - 19:46:49.59

Unk now n

1 4 8 0

C:\mal ware.e xe

dll

api-ms-win-downlev el-shlwapi-l2-1-0.dll

21/2/2020 - 19:46:49.59

Ope n

1 4 8 0

C:\mal ware.e xe

dll

21/2/2020 - Unk 1

4 C:\mal

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0. api-ms-win-downlev

(25)

19:46:49.75 now n

8 0

ware.e xe

dll el-shlwapi-l2-1-0.dll

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Secur32.dll

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\secur32.dll

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\secur32.dll

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files

21/2/2020 - 19:46:49.75

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\api-ms-win-downlevel-advapi32-l2-1-0.dll

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1- 0.dll

21/2/2020 - 19:46:49.75

Unk now n

1 4 8 0

C:\mal ware.e xe

api-ms-win-downlev el-advapi32-l2-1-0.d ll

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.75

Unk now n

1 4 8 0

C:\mal ware.e xe

api-ms-win-downlev el-advapi32-l2-1-0.d ll

21/2/2020 - Ope 1

4 C:\mal

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar

(26)

19:46:49.75 n 8 0

ware.e xe

y Internet Files\counters.dat

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\winhttp.dll

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\winhttp.dll

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\webio.dll

21/2/2020 - 19:46:49.75

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\webio.dll

21/2/2020 - 19:46:49.90

Ope n

1 4 8 0

C:\mal ware.e xe

C:\DNSAPI.dll

21/2/2020 - 19:46:49.90

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dnsapi.dll

21/2/2020 - 19:46:49.90

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dnsapi.dll

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\mswsock.dll

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\mswsock.dll

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wship6.dll

21/2/2020 - 19:46:49.13 Ope

1

4 C:\mal

ware.e C:\Windows\SysWOW64\wship6.dll

(27)

7 n 8 0

xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

21/2/2020 - 19:46:49.13 7

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files\Content.IE5

21/2/2020 - 19:46:49.13

Unk now

1 4 8

C:\mal

ware.e C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files\Content.IE5

(28)

7 n 0 xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

21/2/2020 - 19:46:49.13 7

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cooki es

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13

Unk now

1 4 8

C:\mal

ware.e C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cooki es

(29)

7 n 0 xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

21/2/2020 - 19:46:49.13 7

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.13 7

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.15 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History

21/2/2020 - 19:46:49.15 3

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.15 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.15 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\H istory.IE5

21/2/2020 - 19:46:49.15 3

Unk now n

1 4 8

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\H istory.IE5

(30)

0

21/2/2020 - 19:46:49.24 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\netprofm.dll

21/2/2020 - 19:46:49.24 7

Ope n

1 4 8 0

C:\mal ware.e

xe C:\Windows\SysWOW64\netprofm.dll

21/2/2020 - 19:46:49.24 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\nlaapi.dll

21/2/2020 - 19:46:49.24 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\nlaapi.dll

21/2/2020 - 19:46:49.29 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\dhcpcsvc6.DLL

21/2/2020 - 19:46:49.29 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll

21/2/2020 - 19:46:49.29 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

21/2/2020 - 19:46:49.29 3

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll

21/2/2020 - 19:46:49.29 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

21/2/2020 - 19:46:49.34 0

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\WSHTCPIP.DLL

21/2/2020 - 19:46:49.34 0

Ope n

1 4 8

C:\mal ware.e xe

(31)

0

21/2/2020 - 19:46:49.34 0

Ope n

1 4 8 0

C:\mal ware.e xe

C:\dhcpcsvc.DLL

21/2/2020 - 19:46:49.34 0

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc.dll

21/2/2020 - 19:46:49.34 0

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc.dll

21/2/2020 - 19:46:49.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\rasadhlp.dll

21/2/2020 - 19:46:49.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\rasadhlp.dll

21/2/2020 - 19:46:49.38 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\rasadhlp.dll

21/2/2020 - 19:46:49.43 4

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\npmproxy.dll

21/2/2020 - 19:46:49.43 4

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\npmproxy.dll

21/2/2020 - 19:46:49.60 6

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\FWPUCLNT.DLL

21/2/2020 - 19:46:49.60 6

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\FWPUCLNT.DLL

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wininet.dll

(32)

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\malware.exe.Local

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d

21/2/2020 - 19:46:49.66 8

Unk now n

1 4 8 0

C:\mal ware.e xe

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\ws2_32.dll

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\ws2_32.dll

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.66 8

Ope n

1 4 8 0

C:\mal ware.e xe

(33)

21/2/2020 - 19:46:49.68 4

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.68 4

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wshqos.dll

21/2/2020 - 19:46:49.68 4

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.68 4

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.68 4

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.68 4

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.68 4

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.68 4

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:49.68 4

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:50.60 6

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:46:50.60 6

Ope n

1 4 8 0

C:\mal ware.e xe

1

(34)

21/2/2020 - 19:46:52.73 1

Ope n

4 8 0

C:\mal ware.e xe

21/2/2020 - 19:47:52.74 7

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\ah211fsxacxa3a\jgtrashu.ex e

21/2/2020 - 19:48:52.77 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\ah211fsxacxa3a\mrweed.ex e

21/2/2020 - 19:48:52.77 8

Ope n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\ah211fsxacxa3a\omoufer.ex e

21/2/2020 - 19:48:53.80 9

Ope n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Monitor

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - Unk 1

C:\mal

(35)

19:48:53.90 3

now n

4 8 0

ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - Unk 1

C:\mal

(36)

19:48:53.90 3

now n

4 8 0

ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Windows\Fonts\StaticCache.dat StaticCache.dat

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files\counters.dat

21/2/2020 - 19:48:53.90 3

Unk now n

1 4 8 0

C:\mal ware.e xe

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d

Process

Trace

Analysis

Reason Finished

Status Sucessfully Executed

Results 1

Registry

Trace

(37)

21/2/2020 - 19:45:46.66 8

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Age nt\CurrentVersion\Parameters

TrapPollTim eMilliSecs

21/2/2020 - 19:45:47.55 9

Wr ite

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Licenses

{R7C0DB87 2A3F777C0 }

21/2/2020 - 19:45:47.55 9

Wr ite

1 4 8 0

C:\mal ware.e xe

{K7C0DB87 2A3F777C0 }

21/2/2020 - 19:45:47.55 9

D el et e

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13

397-5A48-1675-C705-EF936762E65A} 0

21/2/2020 - 19:45:47.55 9

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}

21/2/2020 - 19:45:47.55 9

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}\InprocServer32

21/2/2020 - 19:45:47.55 9

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}\InprocServer32

ThreadingM odel

21/2/2020 - 19:45:47.55 9

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}\MiscStatus

21/2/2020 - 19:45:47.55 9

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}\MiscStatus\1

21/2/2020 - 19:45:47.55 9

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}\ProgID

21/2/2020 - 19:45:47.57 5

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}\ToolboxBitmap32

1

(38)

21/2/2020 - 19:45:47.57 5

Wr ite

4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}\TypeLib

21/2/2020 - 19:45:47.57 5

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}\Version

21/2/2020 - 19:45:47.57 5

Wr ite

1 4 8 0

C:\mal ware.e xe

\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9B13 397-5A48-1675-C705-EF936762E65A}\VersionIndependentProgID

21/2/2020 - 19:45:47.65 3

Wr ite

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Licenses {I5AA4E182

4BF17FDE}

21/2/2020 - 19:45:47.65 3

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:45:47.71 5

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:45:47.71 5

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:45:47.98 1

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:45:47.98 1

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:46:2.918

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:46:2.918

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 1

C:\mal

(39)

19:46:18.90 3

Wr ite

4 8 0

ware.e xe

4BF17FDE}

21/2/2020 - 19:46:18.90 3

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:46:34.93 4

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:46:34.93 4

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:46:49.90

Wr ite

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zo neMap

ProxyBypas s

21/2/2020 - 19:46:49.90

Wr ite

1 4 8 0

C:\mal ware.e xe

IntranetNa me

21/2/2020 - 19:46:49.90

Wr ite

1 4 8 0

C:\mal ware.e xe

UNCAsIntra net

21/2/2020 - 19:46:49.90

Wr ite

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zo

neMap AutoDetect

21/2/2020 - 19:46:49.90

Wr ite

1 4 8 0

C:\mal ware.e xe

ProxyBypas s

21/2/2020 - 19:46:49.90

Wr ite

1 4 8 0

C:\mal ware.e xe

IntranetNa me

21/2/2020 - 19:46:49.90

Wr ite

1 4 8 0

C:\mal ware.e xe

UNCAsIntra net

21/2/2020 - Wr 1

4 C:\mal

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zo

(40)

19:46:49.90 ite 8 0

ware.e xe

neMap AutoDetect

21/2/2020 - 19:46:49.90

Wr ite

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnable

21/2/2020 - 19:46:49.90

D el et e

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServer

21/2/2020 - 19:46:49.90

D el et e

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyOverri de

21/2/2020 - 19:46:49.90

D el et e

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings AutoConfig URL

21/2/2020 - 19:46:49.90

D el et e

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings AutoDetect

21/2/2020 - 19:46:49.90

Wr ite

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Co nnections

SavedLegac ySettings

21/2/2020 - 19:46:49.13 7

Wr ite

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

\Cache\Content CachePrefix

21/2/2020 - 19:46:49.13 7

Wr ite

1 4 8 0

C:\mal ware.e xe

\Cache\Cookies CachePrefix

21/2/2020 - 19:46:49.13 7

Wr ite

1 4 8 0

C:\mal ware.e xe

\Cache\History CachePrefix

21/2/2020 - 19:46:49.43 4

Wr ite

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wp ad\52-54-00-83-08-f3

WpadDecisi onReason

21/2/2020 - 19:46:49.43 Wr

1

4 C:\mal

ware.e HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wp WpadDecisi

(41)

4 ite 8 0

xe ad\52-54-00-83-08-f3 onTime

21/2/2020 - 19:46:49.43 4

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadDecisi on

21/2/2020 - 19:46:49.43 4

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadDetect edUrl

21/2/2020 - 19:46:49.99 7

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:46:49.99 7

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:46:50.79 3

Wr ite

1 4 8 0

C:\mal ware.e xe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wp ad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}

WpadDecisi onReason

21/2/2020 - 19:46:50.79 3

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadDecisi onTime

21/2/2020 - 19:46:50.79 3

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadDecisi on

21/2/2020 - 19:46:50.79 3

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadNetwo rkName

21/2/2020 - 19:46:50.79 3

D el et e

1 4 8 0

C:\mal ware.e xe

WpadDetect edUrl

21/2/2020 - 19:46:50.79 3

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadDecisi onReason

21/2/2020 - 19:46:50.79 Wr

ite 1 4 8

C:\mal

ware.e HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wp ad\52-54-00-83-08-f3

WpadDecisi onTime

(42)

3 0 xe

21/2/2020 - 19:46:50.79 3

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadDecisi on

21/2/2020 - 19:46:50.79 3

D el et e

1 4 8 0

C:\mal ware.e xe

WpadDetect edUrl

21/2/2020 - 19:46:50.79 3

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadDecisi onReason

21/2/2020 - 19:46:50.79 3

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadDecisi onTime

21/2/2020 - 19:46:50.79 3

Wr ite

1 4 8 0

C:\mal ware.e xe

WpadDecisi on

21/2/2020 - 19:46:50.79 3

D el et e

1 4 8 0

C:\mal ware.e xe

WpadDetect edUrl

21/2/2020 - 19:47:5.950

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:47:5.950

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:47:20.96 5

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:47:20.96 5

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:47:36.93 4

Wr ite

1 4 8

C:\mal ware.e xe

4BF17FDE}

(43)

0

21/2/2020 - 19:47:36.93 4

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:47:51.95 0

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:47:51.95 0

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:48:7.965

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:48:7.965

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:48:23.96 5

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:48:23.96 5

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:48:39.93 4

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:48:39.93 4

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

21/2/2020 - 19:48:53.80 9

Wr ite

1 4 8 0

C:\mal ware.e xe

4BF17FDE}

21/2/2020 - 19:48:53.80 9

Wr ite

1 4 8 0

C:\mal ware.e xe

{05AA4E18 24BF17FDE }

(44)

File Summary

Created Identified: True

Deleted Identified: False

Process Summary

Created Identified: False

Deleted Identified: False

Registry Summary

Proxy Identified: False

AutoRun Identified: False

Created Identified: True

Deleted Identified: True

Browsers Identified: False

Internet Identified: True

DNS

Query

localhost gateway:50273 cromosgraf.com.br.

localhost gateway:DNS cromosgraf.com.br.

Response

gateway:DNS localhost cromosgraf.com.br. 177.70.106.140

(45)

TCP

Info

localhost:65191 177.70.106.140:80 177.70.106.140:80 localhost:65191

UDP

Info

localhost:53 localhost:50273 localhost:68 255.255.255.255:67 localhost:67 localhost:68

localhost:50273 localhost:53

HTTP

Info

localhost GET cromosgraf.com.br /cromosgraf/hardwareliks.rar

Summary

DNS True

TCP True

UDP True

HTTP True

Results

BINARY

KNN (K=3, NFS-BRMalware) confidence: 100.00%

suspicious: True

(46)

Decision Tree (NFS-BRMalware) confidence: 100.00%

SVC (Kernel=Linear, NFS-BRMalware) confidence: 85.84%

suspicious: False

MalConv (Ember: Raw Bytes, Threshold=0.5) confidence: 79.55%

Random Forest (100 estimators, NFS-BRMalware) confidence: 69.00%

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35) confidence: 48.36%

LightGDM (Ember: File Characteristics, Threshold=0.8336) confidence: 99.61%

suspicious: False