Binary
DLL False
Size 8.13MB
trid 66.9% Inno Setup installer
25.3% Win32 EXE PECompact compressed 2.7% Win32 Executable
1.2% Win16/32 Executable Delphi generic 1.2% OS/2 Executable
type PE
wordsize 32
Subsystem Windows GUI
Hashes
md5 0050cf38192915f0d6a8458cb9c9b805
sha1 808872806850f8dbb63b4ec2c3fb1fea7aa30524
crc32 0xdf5044e9
sha224 3ded75127a9722945314da5ca225e0ba52d510ff2741e263874bdeb3
sha256 55db0d8cd7c01ffde1f0e7935ef959519c6a4939f77d333a70d44f98a34850f d
sha384 0710c9dfeae51442732baf34ab90ee567d1b9445a38b1a2beef30f2ec7bface 6832b3adf0f865ffcd8adfa323a823ea6
sha512 389fb15fd02166e5c2aceb8c754e499f3be9222e5f1464665d2c32d07a57b1 89b4a54f2d3212ba4071b7b726807a360555ddc89f3347622d1a26b33da03 8cd30
ssdeep 196608:790eMDKBangOE+htJvgbjNERrYw8QQdQgTXevik4dnslV:5M8angZ+
hmNERkwTA7Jdnsr
Report #7151
Creation Date: Feb. 20, 2020, 4:43 p.m.
Last Update: Feb. 20, 2020, 7:39 p.m.
File:
Wmpdg.exe Results:
Community
Google False
HashLib False
YARA
Matches IP, Borland, Dropper_Strings, Borland_Delphi_30_, CRC32_poly_Constant, B ASE64_table, escalate_priv, borland_delphi, Delphi_FormShow, network_dns , BobSoftMiniDelphiBoBBobSoft, CRC32_table, Microsoft_Visual_Cpp_v50v60 _MFC, BobSoft_Mini_Delphi_BoB_BobSoft_additional, win_token, IsPE32, win _hook, contentis_base64, network_tcp_socket, screenshot, network_tcp_list en, Borland_Delphi_v40_v50, keylogger, win_files_operation, Borland_Delph i_40_additional, IsPacked, Borland_Delphi_40, Delphi_Random, IsWindowsG UI, network_udp_sock, anti_dbg, Borland_Delphi_Setup_Module, Borland_De lphi_DLL, url, win_registry, Delphi_CompareCall, Borland_Delphi_30_additio nal, Borland_Delphi_v30, System_Tools, Big_Numbers2, Big_Numbers1
Suspicious True
Strings
List
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:34:39.444</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r
df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:46:42.673</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:41:42.036</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:42:50.925</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:37:07.574</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:41:56.596</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:35:23.291</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:39:49.861</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:33:33.716</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:38:17.992</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:37:41.724</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:38:57.255</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:41:31.949</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-14T21:21:33.364</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:41:25.458</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:40:06.894</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-14T21:05:10.932</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:40:24.564</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:36:14.660</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:38:33.508</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:39:23.463</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat
or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.
1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:42:32.601</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>
Foremost
Matches 8113.jpg, 129 KB, 8374.jpg, 127 KB, 8630.jpg, 160 KB, 8962.jpg, 159 KB, 9 283.jpg, 215 KB, 9715.jpg, 249 KB, 10216.jpg, 264 KB, 10747.jpg, 260 KB, 11269.jpg, 196 KB, 11664.jpg, 196 KB, 12059.jpg, 170 KB, 12403.jpg, 180 KB, 12765.jpg, 225 KB, 13217.jpg, 221 KB, 13661.jpg, 206 KB, 14077.jpg, 1 73 KB, 14426.jpg, 216 KB, 14860.jpg, 180 KB, 15223.jpg, 159 KB, 15543.jp g, 166 KB, 15877.jpg, 61 KB, 16002.jpg, 64 KB, 16132.jpg, 69 KB, 16273.jp g, 58 KB, 16392.jpg, 60 KB, 16516.jpg, 60 KB
Suspicious True
Heuristics
IPs hasIPs: True
Allowed: 255.255.255.255, 1, record, 127.0.0.1, 1, localhost.
Suspicious
hasAllowed: True hasSuspicious: False
URLs Allowed: http://www.w3.org/1999/02/22-rdf-syntax-ns#
hasURLs: True
Suspicious: http://www.iec.ch, http://purl.org/dc/elements/1.1/, http://ns.a dobe.com/xap/1.0/
hasAllowed: True hasSuspicious: True
Files Allowed: user32.dll, owship6.dll, kernel32.dll, uxtheme.dll, winhttp.dll, win sta.dll, NTDLL.DLL, wtsapi32.dll, DWMAPI.dll, crypt32.dll, userenv.dll, Mouse A.dll, PSAPI.dll, comctl32.dll, aw_sas32.dll, wsock32.dll, ole32.dll, imm32.dll , wininet.dll, advapi32.dll, oleaut32.dll, olepro32.dll, ws2_32.dll, msvcrt.dll, msimg32.dll, gdi32.dll, umi.dll, windowscodecs.dll, version.dll, mpr.dll, shell 32.dll
hasFiles: True
Suspicious: *.log, System.Zip hasAllowed: True
hasSuspicious: True
Binary
Sizes RVA
RVA: 16
Suspicious: False
Code
Size: 5126144 Suspicious: False Image
Address: 4194304 Suspicious: False Stack
Stack: 16384 Suspicious: False Headers
Headers: 1024 Suspicious: False Suspicious: False
Symbols Number
Number: 0
Suspicious: True Pointer
Pointer: 0
Suspicious: True Directories Number: 16 Suspicious: False
Checksum Value: 0
Suspicous: True
Sections Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsr c
Suspicious
hasAllowed: True hasSections: True hasSuspicious: False
Versions OS
Version: 5
Suspicious: False Image
Version: True Suspicious: 5 Linker
Version: 2.25 Suspicious: False Subsystem
Version: 5.0 Suspicious: False Suspicious: False
EntryPoint Address: 3399372
Suspicious: False
Anomalies Anomalies: The header checksum and the calculated checksum do not ma
tch.
hasAnomalies: True
Libraries Allowed: user32.dll, kernel32.dll, uxtheme.dll, winhttp.dll, winsta.dll, ntdll.
dll, wtsapi32.dll, dwmapi.dll, crypt32.dll, userenv.dll, psapi.dll, comctl32.dll, wsock32.dll, ole32.dll, imm32.dll, wininet.dll, advapi32.dll, oleaut32.dll, ole pro32.dll, ws2_32.dll, msvcrt.dll, msimg32.dll, gdi32.dll, windowscodecs.dll, version.dll, mpr.dll, shell32.dll
hasLibs: True
Suspicious: owship6.dll, mousea.dll, aw_sas32.dll, umi.dll hasAllowed: True
hasSuspicious: True
Timestamp Past: False
Valid: True
Value: 2017-02-08 14:43:37 Future: False
Compilation Packed: True
Missing: False
Packers: BobSoft Mini Delphi -> BoB / BobSoft Compiled: True
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.
0, Borland Delphi v6.0 - v7.0
MainPacker: BobSoft Mini Delphi -> BoB / BobSoft
Obfuscation XOR: False
Fuzzing: True
PEDetector
Matches None
Suspicious False
Disassembly
hasTricks True
Tricks
pushret .data: 16
.rsrc: 1778 .text: 97 .itext: 8
nopsequence .data: 1
.itext: 1
pushpopmath .data: 10 .rsrc: 777 .text: 68 .idata: 17 .reloc: 234
ss register .rsrc: 15
garbagebytes .data: 8
.rsrc: 1033 .text: 80 .itext: 8
hookdetection .data: 1
.rsrc: 63 .text: 2 .reloc: 20
software breakpoint .rsrc: 23 .text: 13 .reloc: 77
fakeconditionaljumps .rsrc: 119
programcontrolflowchange .data: 8 .rsrc: 916 .text: 80 .itext: 8
cpuinstructionsresultscomparison .data: 13 .rsrc: 17 .text: 43 .reloc: 1
AVclass
bestafera 1
VirusTotal
md5 0050cf38192915f0d6a8458cb9c9b805
sha1 808872806850f8dbb63b4ec2c3fb1fea7aa30524
SCANS (DETECTION RATE = 55.71%)
AVG result: Win32:Rootkit-gen [Rtk]
update: 20190601 version: 18.4.3895.0 detected: True
CMC update: 20190321
version: 1.1.0.977 detected: False
MAX result: malware (ai score=85)
update: 20190601 version: 2018.9.12.1 detected: True
APEX update: 20190530
version: 5.22 detected: False
Bkav update: 20190531
version: 1.3.0.10239 detected: False
K7GW result: Spyware ( 00504efc1 )
update: 20190601 version: 11.47.31093 detected: True
ALYac result: Trojan.Generic.20466867
update: 20190601 version: 1.1.1.5 detected: True
Avast result: Win32:Rootkit-gen [Rtk]
update: 20190601 version: 18.4.3895.0 detected: True
Avira result: HEUR/AGEN.1004378
update: 20190601 version: 8.3.3.8 detected: True
Baidu update: 20190318
version: 1.0.0.2 detected: False
Cyren update: 20190601 version: 6.2.0.1 detected: False
DrWeb update: 20190601
version: 7.0.34.11020 detected: False
GData result: Trojan.Generic.20466867
update: 20190601
version: A:25.22209B:25.15223 detected: True
Panda result: Trj/GdSda.A
update: 20190601 version: 4.6.4.2 detected: True
VBA32 result: TrojanBanker.BestaFera
update: 20190531 version: 4.0.0 detected: True
Zoner update: 20190531
version: 1.0 detected: False
ClamAV update: 20190601
version: 0.101.2.0 detected: False
Comodo update: 20190601
version: 30956 detected: False
F-Prot update: 20190601
version: 4.7.1.166 detected: False
Ikarus result: Trojan-Spy.Agent
update: 20190601 version: 0.1.5.2 detected: True
McAfee result: Artemis!0050CF381929 update: 20190601
version: 6.0.6.653 detected: True
Rising result: Spyware.Banker!8.8D (CLOUD)
update: 20190601 version: 25.0.0.24 detected: True
Sophos result: Mal/Generic-S
update: 20190601 version: 4.98.0 detected: True
Yandex result: Trojan.PWS.BestaFera!
update: 20190601 version: 5.5.2.24 detected: True
Zillya result: Trojan.Banker.Win32.105706
update: 20190531 version: 2.0.0.3823 detected: True
Acronis update: 20190531
version: 1.0.1.49 detected: False
Alibaba update: 20190527
version: 0.3.0.5 detected: False
Arcabit result: Trojan.Generic.D1384CB3
update: 20190601 version: 1.0.0.846 detected: True
Babable update: 20190424
version: 9107201 detected: False
Cylance result: Unsafe
update: 20190601 version: 2.3.1.101 detected: True
Endgame result: malicious (high confidence) update: 20190522
version: 3.0.12 detected: True
FireEye result: Generic.mg.0050cf38192915f0
update: 20190601 version: 29.7.0.0 detected: True
TACHYON update: 20190601
version: 2019-06-01.02 detected: False
Tencent result: Win32.Trojan-spy.Banker.Bxg update: 20190601
version: 1.0.0.1 detected: True
ViRobot update: 20190601
version: 2014.3.20.0 detected: False
Webroot update: 20190601
version: 1.0.0.403 detected: False
Ad-Aware result: Trojan.Generic.20466867
update: 20190601 version: 3.0.5.370 detected: True
AegisLab result: Trojan.Win32.BestaFera.7!c update: 20190601
version: 4.2 detected: True
Emsisoft result: Trojan.Generic.20466867 (B) update: 20190601
version: 2018.4.0.1029 detected: True
F-Secure result: Heuristic.HEUR/AGEN.1004378
update: 20190601 version: 12.0.86.52 detected: True
Fortinet update: 20190601 version: 5.4.247.0 detected: False
Invincea update: 20190525
version: 6.3.6.26157 detected: False
Jiangmin result: Trojan.Banker.BestaFera.dge update: 20190529
version: 16.0.100 detected: True
Kingsoft update: 20190601
version: 2013.8.14.323 detected: False
Paloalto update: 20190601
version: 1.0 detected: False
Symantec result: ML.Attribute.HighConfidence update: 20190601
version: 1.9.0.0 detected: True
AhnLab-V3 result: Trojan/Win32.BestaFera.C1793766 update: 20190601
version: 3.15.2.24317 detected: True
Antiy-AVL result: Trojan[Banker]/Win32.BestaFera update: 20190601
version: 3.0.0.1 detected: True
Kaspersky result: Trojan-Banker.Win32.BestaFera.yml update: 20190601
version: 15.0.1.13 detected: True
Microsoft result: TrojanSpy:Win32/Banker
update: 20190601 version: 1.1.15900.4 detected: True
Qihoo-360 result: Win32/Trojan.a8d
update: 20190601 version: 1.0.0.1120 detected: True
TheHacker update: 20190601
version: 6.8.0.5.4249 detected: False
Trustlook update: 20190601
version: 1.0 detected: False
ZoneAlarm result: Trojan-Banker.Win32.BestaFera.yml update: 20190601
version: 1.0 detected: True
Cybereason result: malicious.819291
update: 20190417 version: 1.2.449 detected: True
ESET-NOD32 result: Win32/Spy.Banker.ADRJ update: 20190601
version: 19453 detected: True
TrendMicro update: 20190601
version: 10.0.0.1040 detected: False
BitDefender result: Trojan.Generic.20466867 update: 20190601
version: 7.2 detected: True
CrowdStrike update: 20190212
version: 1.0 detected: False
K7AntiVirus result: Spyware ( 00504efc1 ) update: 20190529
version: 11.46.31063 detected: True
SentinelOne result: DFI - Malicious PE update: 20190511
version: 1.0.26.329 detected: True
Avast-Mobile update: 20190531
version: 190531-00 detected: False
Malwarebytes update: 20190601
version: 2.1.1.1115 detected: False
TotalDefense update: 20190601
version: 37.1.62.1 detected: False
CAT-QuickHeal update: 20190601
version: 14.00 detected: False
NANO-Antivirus update: 20190601
version: 1.0.134.24826 detected: False
MicroWorld-eScan result: Trojan.Generic.20466867 update: 20190601
version: 14.0.297.0 detected: True
SUPERAntiSpyware update: 20190528
version: 5.6.0.1032 detected: False
McAfee-GW-Edition result: BehavesLike.Win32.Generic.rc update: 20190601
version: v2017.3010 detected: True
TrendMicro-HouseCall update: 20190601 version: 10.0.0.1040 detected: False
total 70
sha256 55db0d8cd7c01ffde1f0e7935ef959519c6a4939f77d333a70d44f98a34850f d
scan_id 55db0d8cd7c01ffde1f0e7935ef959519c6a4939f77d333a70d44f98a34850f d-1559426199
resource 0050cf38192915f0d6a8458cb9c9b805
permalink https://www.virustotal.com/file/55db0d8cd7c01ffde1f0e7935ef959519c6a4 939f77d333a70d44f98a34850fd/analysis/1559426199/
positives 39
scan_date 2019-06-01 21:56:39
verbose_msg Scan finished, information embedded
response_code 1
Results
BINARY
KNN (K=3, NFS-BRMalware) confidence: 100.00%
suspicious: True
Decision Tree (NFS-BRMalware) confidence: 100.00%
suspicious: True
SVC (Kernel=Linear, NFS-BRMalware) confidence: 40.19%
suspicious: False
MalConv (Ember: Raw Bytes, Threshold=0.5) confidence: 94.99%
suspicious: True
Random Forest (100 estimators, NFS-BRMalware) confidence: 61.00%
suspicious: True
Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35) confidence: 72.82%
suspicious: True
LightGDM (Ember: File Characteristics, Threshold=0.8336) confidence: 84.54%
suspicious: True