• Nenhum resultado encontrado

Report #7151

N/A
N/A
Protected

Academic year: 2023

Share "Report #7151"

Copied!
18
0
0

Texto

(1)

Binary

DLL False

Size 8.13MB

trid 66.9% Inno Setup installer

25.3% Win32 EXE PECompact compressed 2.7% Win32 Executable

1.2% Win16/32 Executable Delphi generic 1.2% OS/2 Executable

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 0050cf38192915f0d6a8458cb9c9b805

sha1 808872806850f8dbb63b4ec2c3fb1fea7aa30524

crc32 0xdf5044e9

sha224 3ded75127a9722945314da5ca225e0ba52d510ff2741e263874bdeb3

sha256 55db0d8cd7c01ffde1f0e7935ef959519c6a4939f77d333a70d44f98a34850f d

sha384 0710c9dfeae51442732baf34ab90ee567d1b9445a38b1a2beef30f2ec7bface 6832b3adf0f865ffcd8adfa323a823ea6

sha512 389fb15fd02166e5c2aceb8c754e499f3be9222e5f1464665d2c32d07a57b1 89b4a54f2d3212ba4071b7b726807a360555ddc89f3347622d1a26b33da03 8cd30

ssdeep 196608:790eMDKBangOE+htJvgbjNERrYw8QQdQgTXevik4dnslV:5M8angZ+

hmNERkwTA7Jdnsr

Report #7151

Creation Date: Feb. 20, 2020, 4:43 p.m.

Last Update: Feb. 20, 2020, 7:39 p.m.

File:

Wmpdg.exe Results:

(2)

Community

Google False

HashLib False

YARA

Matches IP, Borland, Dropper_Strings, Borland_Delphi_30_, CRC32_poly_Constant, B ASE64_table, escalate_priv, borland_delphi, Delphi_FormShow, network_dns , BobSoftMiniDelphiBoBBobSoft, CRC32_table, Microsoft_Visual_Cpp_v50v60 _MFC, BobSoft_Mini_Delphi_BoB_BobSoft_additional, win_token, IsPE32, win _hook, contentis_base64, network_tcp_socket, screenshot, network_tcp_list en, Borland_Delphi_v40_v50, keylogger, win_files_operation, Borland_Delph i_40_additional, IsPacked, Borland_Delphi_40, Delphi_Random, IsWindowsG UI, network_udp_sock, anti_dbg, Borland_Delphi_Setup_Module, Borland_De lphi_DLL, url, win_registry, Delphi_CompareCall, Borland_Delphi_30_additio nal, Borland_Delphi_v30, System_Tools, Big_Numbers2, Big_Numbers1

Suspicious True

Strings

List

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

(3)

IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch IEC http://www.iec.ch

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:34:39.444</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r

(4)

df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:46:42.673</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:41:42.036</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:42:50.925</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:37:07.574</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:41:56.596</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:35:23.291</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:39:49.861</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:33:33.716</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:38:17.992</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:37:41.724</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

(5)

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:38:57.255</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:41:31.949</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-14T21:21:33.364</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-02-07T02:41:25.458</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:40:06.894</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-14T21:05:10.932</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:40:24.564</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:36:14.660</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:38:33.508</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:39:23.463</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat

(6)

or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><r df:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.

1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.co m/xap/1.0/"><xmp:CreateDate>2017-01-30T00:42:32.601</xmp:CreateDate></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:creat or><rdf:Seq xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li>Renata</rdf:li></rdf:Seq>

Foremost

Matches 8113.jpg, 129 KB, 8374.jpg, 127 KB, 8630.jpg, 160 KB, 8962.jpg, 159 KB, 9 283.jpg, 215 KB, 9715.jpg, 249 KB, 10216.jpg, 264 KB, 10747.jpg, 260 KB, 11269.jpg, 196 KB, 11664.jpg, 196 KB, 12059.jpg, 170 KB, 12403.jpg, 180 KB, 12765.jpg, 225 KB, 13217.jpg, 221 KB, 13661.jpg, 206 KB, 14077.jpg, 1 73 KB, 14426.jpg, 216 KB, 14860.jpg, 180 KB, 15223.jpg, 159 KB, 15543.jp g, 166 KB, 15877.jpg, 61 KB, 16002.jpg, 64 KB, 16132.jpg, 69 KB, 16273.jp g, 58 KB, 16392.jpg, 60 KB, 16516.jpg, 60 KB

Suspicious True

Heuristics

IPs hasIPs: True

Allowed: 255.255.255.255, 1, record, 127.0.0.1, 1, localhost.

Suspicious

hasAllowed: True hasSuspicious: False

URLs Allowed: http://www.w3.org/1999/02/22-rdf-syntax-ns#

hasURLs: True

Suspicious: http://www.iec.ch, http://purl.org/dc/elements/1.1/, http://ns.a dobe.com/xap/1.0/

hasAllowed: True hasSuspicious: True

Files Allowed: user32.dll, owship6.dll, kernel32.dll, uxtheme.dll, winhttp.dll, win sta.dll, NTDLL.DLL, wtsapi32.dll, DWMAPI.dll, crypt32.dll, userenv.dll, Mouse A.dll, PSAPI.dll, comctl32.dll, aw_sas32.dll, wsock32.dll, ole32.dll, imm32.dll , wininet.dll, advapi32.dll, oleaut32.dll, olepro32.dll, ws2_32.dll, msvcrt.dll, msimg32.dll, gdi32.dll, umi.dll, windowscodecs.dll, version.dll, mpr.dll, shell 32.dll

hasFiles: True

Suspicious: *.log, System.Zip hasAllowed: True

hasSuspicious: True

Binary

Sizes RVA

RVA: 16

Suspicious: False

(7)

Code

Size: 5126144 Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 16384 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsr c

Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 5

Suspicious: False Image

Version: True Suspicious: 5 Linker

Version: 2.25 Suspicious: False Subsystem

Version: 5.0 Suspicious: False Suspicious: False

EntryPoint Address: 3399372

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma

(8)

tch.

hasAnomalies: True

Libraries Allowed: user32.dll, kernel32.dll, uxtheme.dll, winhttp.dll, winsta.dll, ntdll.

dll, wtsapi32.dll, dwmapi.dll, crypt32.dll, userenv.dll, psapi.dll, comctl32.dll, wsock32.dll, ole32.dll, imm32.dll, wininet.dll, advapi32.dll, oleaut32.dll, ole pro32.dll, ws2_32.dll, msvcrt.dll, msimg32.dll, gdi32.dll, windowscodecs.dll, version.dll, mpr.dll, shell32.dll

hasLibs: True

Suspicious: owship6.dll, mousea.dll, aw_sas32.dll, umi.dll hasAllowed: True

hasSuspicious: True

Timestamp Past: False

Valid: True

Value: 2017-02-08 14:43:37 Future: False

Compilation Packed: True

Missing: False

Packers: BobSoft Mini Delphi -> BoB / BobSoft Compiled: True

Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.

0, Borland Delphi v6.0 - v7.0

MainPacker: BobSoft Mini Delphi -> BoB / BobSoft

Obfuscation XOR: False

Fuzzing: True

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret .data: 16

.rsrc: 1778 .text: 97 .itext: 8

nopsequence .data: 1

.itext: 1

(9)

pushpopmath .data: 10 .rsrc: 777 .text: 68 .idata: 17 .reloc: 234

ss register .rsrc: 15

garbagebytes .data: 8

.rsrc: 1033 .text: 80 .itext: 8

hookdetection .data: 1

.rsrc: 63 .text: 2 .reloc: 20

software breakpoint .rsrc: 23 .text: 13 .reloc: 77

fakeconditionaljumps .rsrc: 119

programcontrolflowchange .data: 8 .rsrc: 916 .text: 80 .itext: 8

cpuinstructionsresultscomparison .data: 13 .rsrc: 17 .text: 43 .reloc: 1

AVclass

bestafera 1

VirusTotal

md5 0050cf38192915f0d6a8458cb9c9b805

sha1 808872806850f8dbb63b4ec2c3fb1fea7aa30524

(10)

SCANS (DETECTION RATE = 55.71%)

AVG result: Win32:Rootkit-gen [Rtk]

update: 20190601 version: 18.4.3895.0 detected: True

CMC update: 20190321

version: 1.1.0.977 detected: False

MAX result: malware (ai score=85)

update: 20190601 version: 2018.9.12.1 detected: True

APEX update: 20190530

version: 5.22 detected: False

Bkav update: 20190531

version: 1.3.0.10239 detected: False

K7GW result: Spyware ( 00504efc1 )

update: 20190601 version: 11.47.31093 detected: True

ALYac result: Trojan.Generic.20466867

update: 20190601 version: 1.1.1.5 detected: True

Avast result: Win32:Rootkit-gen [Rtk]

update: 20190601 version: 18.4.3895.0 detected: True

Avira result: HEUR/AGEN.1004378

update: 20190601 version: 8.3.3.8 detected: True

Baidu update: 20190318

version: 1.0.0.2 detected: False

(11)

Cyren update: 20190601 version: 6.2.0.1 detected: False

DrWeb update: 20190601

version: 7.0.34.11020 detected: False

GData result: Trojan.Generic.20466867

update: 20190601

version: A:25.22209B:25.15223 detected: True

Panda result: Trj/GdSda.A

update: 20190601 version: 4.6.4.2 detected: True

VBA32 result: TrojanBanker.BestaFera

update: 20190531 version: 4.0.0 detected: True

Zoner update: 20190531

version: 1.0 detected: False

ClamAV update: 20190601

version: 0.101.2.0 detected: False

Comodo update: 20190601

version: 30956 detected: False

F-Prot update: 20190601

version: 4.7.1.166 detected: False

Ikarus result: Trojan-Spy.Agent

update: 20190601 version: 0.1.5.2 detected: True

(12)

McAfee result: Artemis!0050CF381929 update: 20190601

version: 6.0.6.653 detected: True

Rising result: Spyware.Banker!8.8D (CLOUD)

update: 20190601 version: 25.0.0.24 detected: True

Sophos result: Mal/Generic-S

update: 20190601 version: 4.98.0 detected: True

Yandex result: Trojan.PWS.BestaFera!

update: 20190601 version: 5.5.2.24 detected: True

Zillya result: Trojan.Banker.Win32.105706

update: 20190531 version: 2.0.0.3823 detected: True

Acronis update: 20190531

version: 1.0.1.49 detected: False

Alibaba update: 20190527

version: 0.3.0.5 detected: False

Arcabit result: Trojan.Generic.D1384CB3

update: 20190601 version: 1.0.0.846 detected: True

Babable update: 20190424

version: 9107201 detected: False

Cylance result: Unsafe

update: 20190601 version: 2.3.1.101 detected: True

(13)

Endgame result: malicious (high confidence) update: 20190522

version: 3.0.12 detected: True

FireEye result: Generic.mg.0050cf38192915f0

update: 20190601 version: 29.7.0.0 detected: True

TACHYON update: 20190601

version: 2019-06-01.02 detected: False

Tencent result: Win32.Trojan-spy.Banker.Bxg update: 20190601

version: 1.0.0.1 detected: True

ViRobot update: 20190601

version: 2014.3.20.0 detected: False

Webroot update: 20190601

version: 1.0.0.403 detected: False

Ad-Aware result: Trojan.Generic.20466867

update: 20190601 version: 3.0.5.370 detected: True

AegisLab result: Trojan.Win32.BestaFera.7!c update: 20190601

version: 4.2 detected: True

Emsisoft result: Trojan.Generic.20466867 (B) update: 20190601

version: 2018.4.0.1029 detected: True

F-Secure result: Heuristic.HEUR/AGEN.1004378

update: 20190601 version: 12.0.86.52 detected: True

(14)

Fortinet update: 20190601 version: 5.4.247.0 detected: False

Invincea update: 20190525

version: 6.3.6.26157 detected: False

Jiangmin result: Trojan.Banker.BestaFera.dge update: 20190529

version: 16.0.100 detected: True

Kingsoft update: 20190601

version: 2013.8.14.323 detected: False

Paloalto update: 20190601

version: 1.0 detected: False

Symantec result: ML.Attribute.HighConfidence update: 20190601

version: 1.9.0.0 detected: True

AhnLab-V3 result: Trojan/Win32.BestaFera.C1793766 update: 20190601

version: 3.15.2.24317 detected: True

Antiy-AVL result: Trojan[Banker]/Win32.BestaFera update: 20190601

version: 3.0.0.1 detected: True

Kaspersky result: Trojan-Banker.Win32.BestaFera.yml update: 20190601

version: 15.0.1.13 detected: True

Microsoft result: TrojanSpy:Win32/Banker

update: 20190601 version: 1.1.15900.4 detected: True

Qihoo-360 result: Win32/Trojan.a8d

(15)

update: 20190601 version: 1.0.0.1120 detected: True

TheHacker update: 20190601

version: 6.8.0.5.4249 detected: False

Trustlook update: 20190601

version: 1.0 detected: False

ZoneAlarm result: Trojan-Banker.Win32.BestaFera.yml update: 20190601

version: 1.0 detected: True

Cybereason result: malicious.819291

update: 20190417 version: 1.2.449 detected: True

ESET-NOD32 result: Win32/Spy.Banker.ADRJ update: 20190601

version: 19453 detected: True

TrendMicro update: 20190601

version: 10.0.0.1040 detected: False

BitDefender result: Trojan.Generic.20466867 update: 20190601

version: 7.2 detected: True

CrowdStrike update: 20190212

version: 1.0 detected: False

K7AntiVirus result: Spyware ( 00504efc1 ) update: 20190529

version: 11.46.31063 detected: True

SentinelOne result: DFI - Malicious PE update: 20190511

(16)

version: 1.0.26.329 detected: True

Avast-Mobile update: 20190531

version: 190531-00 detected: False

Malwarebytes update: 20190601

version: 2.1.1.1115 detected: False

TotalDefense update: 20190601

version: 37.1.62.1 detected: False

CAT-QuickHeal update: 20190601

version: 14.00 detected: False

NANO-Antivirus update: 20190601

version: 1.0.134.24826 detected: False

MicroWorld-eScan result: Trojan.Generic.20466867 update: 20190601

version: 14.0.297.0 detected: True

SUPERAntiSpyware update: 20190528

version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: BehavesLike.Win32.Generic.rc update: 20190601

version: v2017.3010 detected: True

TrendMicro-HouseCall update: 20190601 version: 10.0.0.1040 detected: False

total 70

sha256 55db0d8cd7c01ffde1f0e7935ef959519c6a4939f77d333a70d44f98a34850f d

(17)

scan_id 55db0d8cd7c01ffde1f0e7935ef959519c6a4939f77d333a70d44f98a34850f d-1559426199

resource 0050cf38192915f0d6a8458cb9c9b805

permalink https://www.virustotal.com/file/55db0d8cd7c01ffde1f0e7935ef959519c6a4 939f77d333a70d44f98a34850fd/analysis/1559426199/

positives 39

scan_date 2019-06-01 21:56:39

verbose_msg Scan finished, information embedded

response_code 1

Results

BINARY

KNN (K=3, NFS-BRMalware) confidence: 100.00%

suspicious: True

Decision Tree (NFS-BRMalware) confidence: 100.00%

suspicious: True

SVC (Kernel=Linear, NFS-BRMalware) confidence: 40.19%

suspicious: False

MalConv (Ember: Raw Bytes, Threshold=0.5) confidence: 94.99%

suspicious: True

Random Forest (100 estimators, NFS-BRMalware) confidence: 61.00%

suspicious: True

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35) confidence: 72.82%

suspicious: True

LightGDM (Ember: File Characteristics, Threshold=0.8336) confidence: 84.54%

suspicious: True

(18)

Referências

Documentos relacionados

relacionados localizados ou Não Localizados, anote os Bens não relacionados e localizados que estão fisicamente na unidade, mas não constam no

Além das cargas gravitacionais atuam, também, sobre os modelos estruturais, os carregamentos devidos à ação do vento e devido à protensão aplicada na corda

Frente à necessidade de estabelecer procedimentos simplificados para o licenciamento ambiental no OTP, realiza ações verificação por meio de um Sistema de Indicadores

Os médios fornecedores das mesoregiões de Assis, São José do Rio Preto e Ribeirão Preto também se utilizam da mão de obra fornecida pela usina para o cultivo da cana. Na colheita

Dupla função: comu- tação manual para funcionamento AV P+/P- a) Selecção de ca- nais passo a passo b) Ajuste da linha de menu +/- a) Volume de som mais/menos b)

A nova Instrução Normativa nº 21 de 11 de agosto de 2006 que dispõe sobre a instituição da versão 2.0 do Padrão TISS para a troca de informações entre operadoras de

A distribuidora poderá optar pela linha de vida fixa na escada, desde que tenha um conjunto de resgate para trabalho em altura disponível para um raio de até 150

Retirada do Veículo do Local de Trabalho. Cumprir o procedimento FECO-S-07 014 – Abertura e Fechamento de Chave Fusível ou Seccionadora Tipo Faca utilizando quando necessário,