• Nenhum resultado encontrado

Report #335

N/A
N/A
Info
Descarregar agora
Protected

Academic year: 2023

Share "Report #335"

Copied!
16
0
0

Carregando.... (Ver texto completo agora)

Descarregar agora ( 16 páginas )

Texto

(1)

Binary

DLL False

Size 2.34MB

trid 26.8% InstallShield setup

25.8% Win32 EXE PECompact compressed 19.4% Win32 Executable MS Visual C++

17.2% Win64 Executable

4.0% Win32 Dynamic Link Library

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 bdc95081431ac5a57c627333b9469115

sha1 fd19debe8f7dbec35939b9c1edcb519fbcfd3d6e

crc32 0xff892e74

sha224 8de4ec62252593b0c03c2b6b06bcf233964e45173fb544ea2f4d7cd7

sha256 01af2b435c53d006378c8b5353849e33e38f4c4233dac45b48813bf802eb45 05

sha384 389b8530c5a7fe92e10b76d02e7de197bb81ec3bdde5ae729fb51e212c5e4 8850f4a3d4acb57b14d76d466e06d2515b2

sha512 18dc98dba29b02091e3d4f9736f5288bbc565801e37ae110764677c128733 48b1f8658f5e676a504fef331fdc647b13a133036eef87afe9a92094298adb9 3159

ssdeep 49152:7PdIMoKUSgxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9S D+swIOTz:7PdzSy5jKNOj+7

Report #335

Creation Date: Oct. 12, 2019, 1:47 a.m.

Last Update: Oct. 12, 2019, 2:50 a.m.

File:

031 Results:

(2)

Community

Google False

HashLib False

YARA

Matches IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, Bor land_Delphi_30_, SharedStrings, BASE64_table, escalate_priv, DebuggerExc eption__SetConsoleCtrl, Check_OutputDebugStringA_iat, network_dns, spre ading_share, network_tcp_listen, create_service, antisb_threatExpert, Micro soft_Visual_Cpp_v50v60_MFC, cred_local, network_http, win_token, IsPE32, win_files_operation, win_hook, disable_dep, contentis_base64, network_tcp _socket, SEH__vectored, screenshot, Borland_Delphi_v40_v50, keylogger, w in_mutex, Borland_Delphi_40_additional, DebuggerCheck__GlobalFlags, Mis c_Suspicious_Strings, Borland_Delphi_40, migrate_apc, IsWindowsGUI, Chec k_Dlls, DebuggerHiding__Thread, network_udp_sock, anti_dbg, Borland_Del phi_Setup_Module, Borland_Delphi_DLL, DebuggerCheck__QueryInfo, url, an droid_meterpreter, win_registry, Typical_Malware_String_Transforms, HasOv erlay, network_dga, Advapi_Hash_API, Borland_Delphi_30_additional, Borlan d_Delphi_v30, Big_Numbers5, System_Tools, create_com_service, powershe ll, Big_Numbers0

Suspicious True

Strings

List

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3 /">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

(3)

1.3/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xa p/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap /1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.

0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/

xap/1.0/mm/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

(4)

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/

">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1 .0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com /photoshop/1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com

(5)

/photoshop/1.0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

qhttp://ns.adobe.com/xap/1.0/

qhttp://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/

1.1/">

<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

Foremost

Matches 0.exe, 343 KB

Suspicious True

Heuristics

IPs hasIPs: True

Allowed: 3.9.139.161, 1, ec2-3-9-139-161.eu-west-2.compute.amazonaws.

(6)

com.

Suspicious

hasAllowed: True hasSuspicious: False

URLs Allowed

hasURLs: False Suspicious

hasAllowed: False hasSuspicious: False

Files Allowed: ADVAPI32.dll, msvcrt.dll, ntdll.dll, NMM.dll, KERNEL32.dll, GDI32.d ll, USER32.dll

hasFiles: True Suspicious

hasAllowed: True hasSuspicious: False

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 296448 Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 4096 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 392668

Suspicous: False

Sections Allowed: .text, .data, .rdata, .bss, .idata, .crt, .tls, .rsrc

(7)

Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 4

Suspicious: False Image

Version: False Suspicious: 4 Linker

Version: 2.23 Suspicious: False Subsystem

Version: 4.0 Suspicious: False Suspicious: False

EntryPoint Address: 11212

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

Libraries Allowed: advapi32.dll, msvcrt.dll, ntdll.dll, kernel32.dll, gdi32.dll, user32.dl l

hasLibs: True Suspicious: nmm.dll hasAllowed: True hasSuspicious: True

Timestamp Past: False

Valid: True

Value: 2011-04-27 11:15:48 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0

Obfuscation XOR: True

Fuzzing: False

PEDetector

(8)

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret .data: 69

.rsrc: 2 .text: 4 .rdata: 65

nopsequence .text: 207

pushpopmath .data: 46

.text: 1 .rdata: 40

ss register .rdata: 1

garbagebytes .data: 24

.text: 4 .rdata: 26

hookdetection .data: 3

.rdata: 2

software breakpoint .data: 2

fakeconditionaljumps .data: 1 .text: 2 .rdata: 1

programcontrolflowchange .data: 23 .text: 4 .rdata: 25

cpuinstructionsresultscomparison .data: 3 .rdata: 1

(9)

AVclass

kovter 1

VirusTotal

md5 bdc95081431ac5a57c627333b9469115

sha1 fd19debe8f7dbec35939b9c1edcb519fbcfd3d6e

SCANS (DETECTION RATE = 75.71%)

AVG result: Win32:Malware-gen

update: 20190912 version: 18.4.3895.0 detected: True

CMC update: 20190321

version: 1.1.0.977 detected: False

MAX result: malware (ai score=82)

update: 20190912 version: 2018.9.12.1 detected: True

APEX result: Malicious

update: 20190910 version: 5.62 detected: True

Bkav update: 20190911

version: 1.3.0.10239 detected: False

K7GW result: Trojan ( 0050b0231 )

update: 20190911 version: 11.66.31978 detected: True

ALYac result: Trojan.GenericKD.4800676

update: 20190912 version: 1.1.1.5 detected: True

Avast result: Win32:Malware-gen

(10)

update: 20190912 version: 18.4.3895.0 detected: True

Avira result: HEUR/AGEN.1018722

update: 20190912 version: 8.3.3.8 detected: True

Baidu update: 20190318

version: 1.0.0.2 detected: False

Cyren result: W32/Kovter.T.gen!Eldorado

update: 20190912 version: 6.2.0.1 detected: True

DrWeb result: Trojan.SpyBot.703

update: 20190912 version: 7.0.41.7240 detected: True

GData result: Win32.Trojan.Kovter.MUKZJH

update: 20190912

version: A:25.23353B:26.16009 detected: True

Panda result: Trj/CI.A

update: 20190911 version: 4.6.4.2 detected: True

VBA32 result: BScope.Trojan.Bagsu

update: 20190911 version: 4.0.0 detected: True

VIPRE result: Trojan.Win32.Kovter.ab (v)

update: 20190912 version: 77812 detected: True

Zoner update: 20190911

version: 1.0.0.1 detected: False

(11)

ClamAV update: 20190911 version: 0.101.4.0 detected: False

Comodo update: 20190912

version: 31462 detected: False

F-Prot result: W32/Kovter.T.gen!Eldorado

update: 20190912 version: 4.7.1.166 detected: True

Ikarus result: Trojan.Win32.Crypt

update: 20190911 version: 0.1.5.2 detected: True

McAfee result: GenericRXBE-ZR!BDC95081431A

update: 20190912 version: 6.0.6.653 detected: True

Rising result: Ransom.Tovicrypt!8.9F4B (TFE:2:xno2oS6q7gQ) update: 20190912

version: 25.0.0.24 detected: True

Sophos result: Mal/Generic-S

update: 20190912 version: 4.98.0 detected: True

Yandex result: Trojan.Agent!jro3XfNjwFk

update: 20190910 version: 5.5.2.24 detected: True

Zillya result: Trojan.Kryptik.Win32.1417972

update: 20190911 version: 2.0.0.3898 detected: True

Acronis result: suspicious

update: 20190904 version: 1.1.1.56 detected: True

(12)

Alibaba result: Trojan:Win32/Kovter.cb7515d5 update: 20190527

version: 0.3.0.5 detected: True

Arcabit result: Trojan.Generic.D4940A4

update: 20190912 version: 1.0.0.856 detected: True

Cylance result: Unsafe

update: 20190912 version: 2.3.1.101 detected: True

Endgame result: malicious (high confidence) update: 20190819

version: 3.0.14 detected: True

FireEye result: Generic.mg.bdc95081431ac5a5

update: 20190912 version: 29.7.0.0 detected: True

TACHYON update: 20190912

version: 2019-09-12.02 detected: False

Tencent update: 20190912

version: 1.0.0.1 detected: False

ViRobot result: Trojan.Win32.Z.Kovter.2451570 update: 20190911

version: 2014.3.20.0 detected: True

Webroot update: 20190912

version: 1.0.0.403 detected: False

eGambit result: Trojan.Generic

update: 20190912 version: v5.0.5 detected: True

(13)

Ad-Aware result: Trojan.GenericKD.4800676 update: 20190912

version: 3.0.5.370 detected: True

AegisLab result: Trojan.Win32.Generic.4!c update: 20190912

version: 4.2 detected: True

Emsisoft result: Trojan.GenericKD.4800676 (B) update: 20190912

version: 2018.12.0.1641 detected: True

F-Secure result: Heuristic.HEUR/AGEN.1018722

update: 20190912 version: 12.0.86.52 detected: True

Fortinet result: W32/GenKryptik.ACZR!tr

update: 20190912 version: 5.4.247.0 detected: True

Invincea update: 20190904

version: 6.3.6.26157 detected: False

Jiangmin update: 20190912

version: 16.0.100 detected: False

Kingsoft update: 20190912

version: 2013.8.14.323 detected: False

Paloalto result: generic.ml

update: 20190912 version: 1.0 detected: True

Symantec result: Ransom.Kovter

update: 20190912 version: 1.10.0.0 detected: True

(14)

Trapmine result: malicious.high.ml.score update: 20190826

version: 3.1.81.800 detected: True

AhnLab-V3 result: Trojan/Win32.Poweliks.R211930 update: 20190911

version: 3.16.1.25089 detected: True

Antiy-AVL result: Trojan/Win32.Poweliks update: 20190912

version: 3.0.0.1 detected: True

Kaspersky result: HEUR:Trojan.Win32.Generic update: 20190912

version: 15.0.1.13 detected: True

Microsoft result: Trojan:Win32/Kovter.I update: 20190912

version: 1.1.16300.1 detected: True

Qihoo-360 update: 20190912

version: 1.0.0.1120 detected: False

ZoneAlarm result: HEUR:Trojan.Win32.Generic update: 20190912

version: 1.0 detected: True

Cybereason result: malicious.1431ac

update: 20190616 version: 1.2.449 detected: True

ESET-NOD32 result: a variant of Win32/Kryptik.FRCN update: 20190912

version: 20005 detected: True

TrendMicro result: TROJ_GEN.R002C0DI619

update: 20190912 version: 11.0.0.1006

(15)

detected: True

BitDefender result: Trojan.GenericKD.4800676 update: 20190912

version: 7.2 detected: True

CrowdStrike result: win/malicious_confidence_100% (W) update: 20190702

version: 1.0 detected: True

K7AntiVirus result: Trojan ( 0050b0231 ) update: 20190912

version: 11.66.31985 detected: True

SentinelOne result: DFI - Malicious PE update: 20190807 version: 1.0.31.22 detected: True

Avast-Mobile update: 20190911

version: 190911-02 detected: False

Malwarebytes update: 20190912

version: 2.1.1.1115 detected: False

TotalDefense update: 20190912

version: 37.1.62.1 detected: False

CAT-QuickHeal result: Trojan.Generic update: 20190909 version: 14.00 detected: True

NANO-Antivirus result: Virus.Win32.Gen.ccmw update: 20190912

version: 1.0.134.24859 detected: True

MicroWorld-eScan result: Trojan.GenericKD.4800676 update: 20190912

version: 14.0.297.0

(16)

detected: True

SUPERAntiSpyware update: 20190906

version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: GenericRXBE-ZR!BDC95081431A update: 20190911

version: v2017.3010 detected: True

TrendMicro-HouseCall result: TROJ_GEN.R002C0DI619 update: 20190912

version: 10.0.0.1040 detected: True

total 70

sha256 01af2b435c53d006378c8b5353849e33e38f4c4233dac45b48813bf802eb45 05

scan_id 01af2b435c53d006378c8b5353849e33e38f4c4233dac45b48813bf802eb45 05-1568270761

resource bdc95081431ac5a57c627333b9469115

permalink https://www.virustotal.com/file/01af2b435c53d006378c8b5353849e33e38f 4c4233dac45b48813bf802eb4505/analysis/1568270761/

positives 53

scan_date 2019-09-12 06:46:01

verbose_msg Scan finished, information embedded

response_code 1

Results

Random Forest detected: TBD confidence: TBD

Referências

Descarregar agora ( PDF - 16 páginas - 98.33 KB )

Documentos relacionados

Report #453

Files Allowed: kernel32.dll, USER32.dll, mscoree.dll, GDI32.dll hasFiles:

Report #13925

report.log COMCTL32.dll MSVCR110.dll WS2_32.dll WININET.dll ,&amp;combase.dll WINTRUST.dll data\surfaud.dat WINMM.dll WINMM.dll UxTheme.dll iphlpapi.dll dbghelp.dll

Report #7211

Libraries Allowed: mapi32.dll, mtxex.dll, ws2_32.dll, user32.dll, uxtheme.dll, dwmap i.dll, wininet.dll, ole32.dll, imm32.dll, advapi32.dll, comctl32.dll, shfolder.dll,

Report #582

Files Allowed: rarext64.dll, rarext.dll, riched20.dll, KERNEL32.DLL, cabinet.dll, U nAceV2.Dll, Wkernel32.dll, mscoree.dll, \SOFTWARE\Microsoft\Windows\Curr

Report #9218

Files Allowed: user32.dll, kernel32.dll, uxtheme.dll, gdi32.dll, crypt32.dll, coleto r.dll, vcltest3.dll, pstorec.dll, MAPI32.DLL, version.dll, comctl32.dll, shell32.d ll,

Report #432

Files Allowed: 2ntdll.dll, WININET.dll, shlwapi.dll, MSVCR110.dll, CRYPT32.dll, SH ELL32.dll, user32.dll, ADVAPI32.dll, PSAPI.DLL, kernel32.dll, GDI32.dll, msvc rt.dll,

Report #11795

Files Allowed: KERNEL32.DLL, Crypt32.dll, riched32.dll, riched20.dll, mscoree.dl l, ADVAPI32.dll, SHLWAPI.dll, OLEAUT32.dll, SHELL32.dll, GDI32.dll, COMCTL 32.dll,

Report #317

Files Allowed: kernel32.dll, ntdll.dll, psapi.dll, mscoree.dll, dnsapi.dll,