Manalyzer.org submissions
https://manalyzer.org/rss.xml
2024-03-19T13:38:25.737735Z
https://manalyzer.org/static/favicon.ico
https://manalyzer.org/static/logo/logo.png
Manalyze
26cdfb86cd604de98186a2c671069357
/report/26cdfb86cd604de98186a2c671069357
2024-03-19T13:38:25.737735Z
JusticeRage
<img src="/static/icons/26cdfb86cd604de98186a2c671069357.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_CUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2024-Mar-19 12:37:09
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
English - United Kingdom
<br/>
English - United States
<br/>
</td>
</tr>
<tr>
<th align="left">TLS Callbacks</th>
<td>
2 callback(s) detected.
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
Epic Games, Inc.
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
Fortnite - Battle Royale Game
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
5.7
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
fortnite
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
© 2024 Epic Games, Inc.
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
Fortnite.exe
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
Fortnite
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
4.3
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>The PE contains functions most legitimate programs don't use.</td>
<td>
<samp>
Memory manipulation functions often used by packers:
<br/><ul>
<li>VirtualAlloc</li>
<li>VirtualProtect</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>The PE is possibly a dropper.</td>
<td>
<samp>
Resources amount for 77.1235% of the executable.
</samp>
</td>
</tr>
<tr>
<td>The PE is digitally signed.</td>
<td>
<samp>
Signer: 6112cc80-a49a-4fea-b35e-26d164e7bbd3
<br/> </samp>
<samp>
Issuer: 6112cc80-a49a-4fea-b35e-26d164e7bbd3
</samp>
</td>
</tr>
<tr>
<td>No VirusTotal score.</td>
<td>
<samp>
This file has never been scanned on VirusTotal.
</samp>
</td>
</tr>
</tbody>
</table>
4a089b0e1603056dc479b71fe8234086
/report/4a089b0e1603056dc479b71fe8234086
2024-03-19T12:53:03.475621Z
JusticeRage
<img src="/static/icons/4a089b0e1603056dc479b71fe8234086.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_CUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2024-Mar-19 11:52:04
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
English - United Kingdom
<br/>
English - United States
<br/>
</td>
</tr>
<tr>
<th align="left">TLS Callbacks</th>
<td>
2 callback(s) detected.
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
Epic Games, Inc.
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
Fortnite - Battle Royale Game
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
5.7
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
fortnite
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
© 2024 Epic Games, Inc.
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
Fortnite.exe
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
Fortnite
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
4.3
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>The PE is possibly a dropper.</td>
<td>
<samp>
Resources amount for 77.1298% of the executable.
</samp>
</td>
</tr>
<tr>
<td>The PE is digitally signed.</td>
<td>
<samp>
Signer: 6112cc80-a49a-4fea-b35e-26d164e7bbd3
<br/> </samp>
<samp>
Issuer: 6112cc80-a49a-4fea-b35e-26d164e7bbd3
</samp>
</td>
</tr>
<tr>
<td>No VirusTotal score.</td>
<td>
<samp>
This file has never been scanned on VirusTotal.
</samp>
</td>
</tr>
</tbody>
</table>
a0cd8aa1cd7cc61d41977cceacd7d4f6
/report/a0cd8aa1cd7cc61d41977cceacd7d4f6
2024-03-19T12:21:43.936753Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_I386
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2023-Dec-12 20:20:51
</td>
</tr>
<tr>
<th align="left">TLS Callbacks</th>
<td>
3 callback(s) detected.
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Strings found in the binary may indicate undesirable behavior:</td>
<td>
<samp>
Miscellaneous malware strings:
<br/><ul>
<li>cmd.exe</li>
</ul>
</samp>
<samp>
Contains domain names:
<br/><ul>
<li>github.com</li>
<li>jgxgjk.lw.tk</li>
<li>z.za.jgxgjk.lw.tk</li>
<li>za.jgxgjk.lw.tk</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>Cryptographic algorithms detected in the binary:</td>
<td>
<samp>
Uses constants related to CRC32
</samp>
</td>
</tr>
<tr>
<td>The PE contains functions mostly used by malware.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>GetProcAddress</li>
<li>LoadLibraryA</li>
</ul>
</samp>
<samp>
Functions which can be used for anti-debugging purposes:
<br/><ul>
<li>CreateToolhelp32Snapshot</li>
<li>SwitchToThread</li>
</ul>
</samp>
<samp>
Can access the registry:
<br/><ul>
<li>RegCloseKey</li>
<li>RegEnumKeyExW</li>
<li>RegEnumValueW</li>
<li>RegOpenKeyExW</li>
<li>RegQueryInfoKeyW</li>
<li>RegQueryValueExW</li>
<li>RegSetValueExW</li>
</ul>
</samp>
<samp>
Possibly launches other programs:
<br/><ul>
<li>CreateProcessAsUserW</li>
<li>CreateProcessWithLogonW</li>
<li>CreateProcessWithTokenW</li>
<li>CreateProcessW</li>
</ul>
</samp>
<samp>
Uses Windows's Native API:
<br/><ul>
<li>NtOpenProcessToken</li>
<li>NtQueryInformationToken</li>
</ul>
</samp>
<samp>
Can create temporary files:
<br/><ul>
<li>CreateFileW</li>
<li>GetTempPathW</li>
</ul>
</samp>
<samp>
Leverages the raw socket API to access the Internet:
<br/><ul>
<li>WSACleanup</li>
<li>WSADuplicateSocketW</li>
<li>WSAGetLastError</li>
<li>WSARecv</li>
<li>WSASend</li>
<li>WSASocketW</li>
<li>WSAStartup</li>
<li>accept</li>
<li>bind</li>
<li>closesocket</li>
<li>connect</li>
<li>freeaddrinfo</li>
<li>getaddrinfo</li>
<li>getpeername</li>
<li>getsockname</li>
<li>getsockopt</li>
<li>ioctlsocket</li>
<li>listen</li>
<li>recv</li>
<li>recvfrom</li>
<li>select</li>
<li>send</li>
<li>sendto</li>
<li>setsockopt</li>
<li>shutdown</li>
</ul>
</samp>
<samp>
Functions related to the privilege level:
<br/><ul>
<li>AdjustTokenPrivileges</li>
<li>DuplicateTokenEx</li>
<li>OpenProcessToken</li>
<li>SHTestTokenMembership</li>
</ul>
</samp>
<samp>
Interacts with services:
<br/><ul>
<li>ChangeServiceConfigW</li>
<li>ControlService</li>
<li>CreateServiceW</li>
<li>DeleteService</li>
<li>EnumServicesStatusExW</li>
<li>OpenSCManagerW</li>
<li>OpenServiceW</li>
<li>QueryServiceConfig2W</li>
<li>QueryServiceConfigW</li>
<li>QueryServiceStatusEx</li>
</ul>
</samp>
<samp>
Enumerates local disk drives:
<br/><ul>
<li>GetDriveTypeW</li>
</ul>
</samp>
<samp>
Manipulates other processes:
<br/><ul>
<li>OpenProcess</li>
<li>Process32FirstW</li>
<li>Process32NextW</li>
<li>ReadProcessMemory</li>
</ul>
</samp>
<samp>
Can shut the system down or lock the screen:
<br/><ul>
<li>ExitWindowsEx</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 55/73 (Scanned on 2024-03-11 02:36:54)</td>
<td>
<samp>
ALYac:
Trojan.Ransom.Filecoder
<br/> </samp>
<samp>
APEX:
Malicious
<br/> </samp>
<samp>
AVG:
Win32:RansomX-gen [Ransom]
<br/> </samp>
<samp>
AhnLab-V3:
Ransomware/Win.BlackCat.C5340030
<br/> </samp>
<samp>
Alibaba:
Ransom:Win32/BlackCat.73f9a571
<br/> </samp>
<samp>
Antiy-AVL:
Trojan[Ransom]/Win32.BlackCat
<br/> </samp>
<samp>
Arcabit:
Trojan.Ransom.BlackCatALPHV.18
<br/> </samp>
<samp>
Avast:
Win32:RansomX-gen [Ransom]
<br/> </samp>
<samp>
Avira:
TR/Ransom.biwju
<br/> </samp>
<samp>
BitDefender:
Gen:Variant.Ransom.BlackCatALPHV.18
<br/> </samp>
<samp>
BitDefenderTheta:
Gen:NN.ZexaE.36802.@NW@aCnkGtg
<br/> </samp>
<samp>
Bkav:
W32.Common.4FF53EDA
<br/> </samp>
<samp>
CAT-QuickHeal:
Ransom.BlackCat.S32411087
<br/> </samp>
<samp>
ClamAV:
Win.Trojan.DNSchanger-10
<br/> </samp>
<samp>
CrowdStrike:
win/malicious_confidence_100% (W)
<br/> </samp>
<samp>
Cybereason:
malicious.1cd7cc
<br/> </samp>
<samp>
Cylance:
unsafe
<br/> </samp>
<samp>
Cynet:
Malicious (score: 100)
<br/> </samp>
<samp>
DeepInstinct:
MALICIOUS
<br/> </samp>
<samp>
DrWeb:
Trojan.Encoder.38342
<br/> </samp>
<samp>
ESET-NOD32:
a variant of Win32/Filecoder.BlackCat.E
<br/> </samp>
<samp>
Elastic:
malicious (high confidence)
<br/> </samp>
<samp>
Emsisoft:
Gen:Variant.Ransom.BlackCatALPHV.18 (B)
<br/> </samp>
<samp>
F-Secure:
Trojan.TR/Ransom.biwju
<br/> </samp>
<samp>
FireEye:
Gen:Variant.Ransom.BlackCatALPHV.18
<br/> </samp>
<samp>
Fortinet:
W32/BlackCat.A!tr.ransom
<br/> </samp>
<samp>
GData:
Gen:Variant.Ransom.BlackCatALPHV.18
<br/> </samp>
<samp>
Google:
Detected
<br/> </samp>
<samp>
Ikarus:
Trojan.Win32.Agent
<br/> </samp>
<samp>
K7AntiVirus:
Ransomware ( 005ad4021 )
<br/> </samp>
<samp>
K7GW:
Ransomware ( 005ad4021 )
<br/> </samp>
<samp>
Kaspersky:
HEUR:Trojan-Ransom.Win32.Generic
<br/> </samp>
<samp>
Kingsoft:
Win32.Trojan-Ransom.Generic.a
<br/> </samp>
<samp>
Lionic:
Trojan.Win32.Generic.j!c
<br/> </samp>
<samp>
MAX:
malware (ai score=83)
<br/> </samp>
<samp>
Malwarebytes:
Ransom.BlackCat
<br/> </samp>
<samp>
McAfee:
Artemis!A0CD8AA1CD7C
<br/> </samp>
<samp>
MicroWorld-eScan:
Gen:Variant.Ransom.BlackCatALPHV.18
<br/> </samp>
<samp>
Microsoft:
Ransom:Win32/BlackCat!pz
<br/> </samp>
<samp>
Panda:
Trj/GdSda.A
<br/> </samp>
<samp>
Rising:
Ransom.BlackCat!8.1306F (TFE:5:cw3mBfqPfgO)
<br/> </samp>
<samp>
Skyhigh:
BehavesLike.Win32.Generic.rh
<br/> </samp>
<samp>
Sophos:
Mal/Blackcat-A
<br/> </samp>
<samp>
Symantec:
Ransom.Noberus
<br/> </samp>
<samp>
Tencent:
Malware.Win32.Gencirc.10bf72e6
<br/> </samp>
<samp>
Trapmine:
malicious.moderate.ml.score
<br/> </samp>
<samp>
TrendMicro:
Ransom.Win32.BLACKCAT.SMYNCHH
<br/> </samp>
<samp>
VIPRE:
Gen:Variant.Ransom.BlackCatALPHV.18
<br/> </samp>
<samp>
Varist:
W32/ABRisk.NFSF-6905
<br/> </samp>
<samp>
VirIT:
Trojan.Win32.Genus.UQA
<br/> </samp>
<samp>
Webroot:
W32.Ransom.Blackcat
<br/> </samp>
<samp>
Xcitium:
Malware@#197j782jmq7o4
<br/> </samp>
<samp>
Zillya:
Trojan.Filecoder.Win32.31317
<br/> </samp>
<samp>
ZoneAlarm:
HEUR:Trojan-Ransom.Win32.Generic
<br/> </samp>
<samp>
alibabacloud:
Ransomware:Win/BlackCat.E
</samp>
</td>
</tr>
</tbody>
</table>
325a2ceb6a67cb6d2e3a66f361ebef90
/report/325a2ceb6a67cb6d2e3a66f361ebef90
2024-03-19T10:28:38.476313Z
JusticeRage
<img src="/static/icons/325a2ceb6a67cb6d2e3a66f361ebef90.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_I386
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2019-May-06 23:16:52
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
Arabic - Saudi Arabia
<br/>
Bulgarian - Bulgaria
<br/>
Catalan - Spain
<br/>
Chinese - PRC
<br/>
Chinese - Taiwan
<br/>
Croatian - Croatia
<br/>
Czech - Czech Republic
<br/>
Danish - Denmark
<br/>
Dutch - Netherlands
<br/>
English - United Kingdom
<br/>
English - United States
<br/>
Estonian - Estonia
<br/>
Farsi - Iran
<br/>
Finnish - Finland
<br/>
French - France
<br/>
German - Germany
<br/>
Greek - Greece
<br/>
Gujarati - India
<br/>
Hebrew - Israel
<br/>
Hindi - India
<br/>
Hungarian - Hungary
<br/>
Icelandic - Iceland
<br/>
Indonesian - Indonesia (Bahasa)
<br/>
Italian - Italy
<br/>
Japanese - Japan
<br/>
Kannada - India (Kannada script)
<br/>
Korean - Korea
<br/>
Latvian - Latvia
<br/>
Lithuanian - Lithuania
<br/>
Malay - Malaysia
<br/>
Marathi - India
<br/>
Norwegian - Norway (Bokmal)
<br/>
Polish - Poland
<br/>
Portuguese - Brazil
<br/>
Portuguese - Portugal
<br/>
Romanian - Romania
<br/>
Russian - Russia
<br/>
Serbian - Serbia (Cyrillic)
<br/>
Slovak - Slovakia
<br/>
Slovenian - Slovenia
<br/>
Spanish - Mexico
<br/>
Spanish - Spain (International sort)
<br/>
Swahili - Kenya
<br/>
Swedish - Sweden
<br/>
Tamil - India
<br/>
Telugu - India (Telugu script)
<br/>
Thai - Thailand
<br/>
Turkish - Turkey
<br/>
Ukrainian - Ukraine
<br/>
Urdu - Pakistan
<br/>
Vietnamese - Viet Nam
<br/>
</td>
</tr>
<tr>
<th align="left">Debug artifacts</th>
<td>
mi_exe_stub.pdb
<br/>
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
Google LLC
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
Google Update Setup
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
1.3.34.11
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
Google Update Setup
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
Copyright 2018 Google LLC
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
GoogleUpdateSetup.exe
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
Google Update
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
1.3.34.11
</td>
</tr>
<tr>
<th align="left">LanguageId</th>
<td>
en
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Matching compiler(s):</td>
<td>
<samp>
Microsoft Visual C++ 6.0 - 8.0
</samp>
</td>
</tr>
<tr>
<td>Interesting strings found in the binary:</td>
<td>
<samp>
Contains domain names:
<br/><ul>
<li>dl.google.com</li>
<li>google.com</li>
<li>https://dl.google.com</li>
<li>https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B78302DE1-62F7-5AAD-F0F9-395963BAE717%7D%26lang%3Den%26browser%3D3%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dprefers%26ap%3Dx64-stable-statsdef_1%26brand%3DCHBD%26installdataindex%3Dempty/update2/installers/ChromeSetup.exe</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>The PE contains common functions which appear in legitimate applications.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>GetProcAddress</li>
<li>LoadLibraryExW</li>
</ul>
</samp>
<samp>
Possibly launches other programs:
<br/><ul>
<li>CreateProcessW</li>
</ul>
</samp>
<samp>
Can create temporary files:
<br/><ul>
<li>CreateFileW</li>
<li>GetTempPathW</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>The PE is possibly a dropper.</td>
<td>
<samp>
Resource 102 is possibly compressed or encrypted.
<br/> </samp>
<samp>
Resources amount for 86.6019% of the executable.
</samp>
</td>
</tr>
<tr>
<td>The file contains overlay data.</td>
<td>
<samp>
10885 bytes of data starting at offset 0x119238.
</samp>
</td>
</tr>
<tr>
<td>The PE is digitally signed.</td>
<td>
<samp>
Signer: Google Inc
<br/> </samp>
<samp>
Issuer: Thawte Code Signing CA - G2
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 0/73 (Scanned on 2024-03-19 08:51:31)</td>
<td>
<samp>
All the AVs think this file is safe.
</samp>
</td>
</tr>
</tbody>
</table>
e6f495cdf74907e1389b60f8c9a382d3
/report/e6f495cdf74907e1389b60f8c9a382d3
2024-03-19T09:52:41.897280Z
JusticeRage
<img src="/static/icons/e6f495cdf74907e1389b60f8c9a382d3.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2019-Jul-30 08:52:21
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Cryptographic algorithms detected in the binary:</td>
<td>
<samp>
Uses constants related to CRC32
<br/> </samp>
<samp>
Uses constants related to MD5
<br/> </samp>
<samp>
Uses constants related to SHA1
</samp>
</td>
</tr>
<tr>
<td>The PE contains common functions which appear in legitimate applications.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>LoadLibraryExW</li>
<li>LoadLibraryW</li>
<li>GetProcAddress</li>
</ul>
</samp>
<samp>
Can create temporary files:
<br/><ul>
<li>GetTempPathW</li>
<li>CreateFileW</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>The PE's resources present abnormal characteristics.</td>
<td>
<samp>
Resource 2DE97B37E929D18AAE9D4F1A58F1DBA3 is possibly compressed or encrypted.
</samp>
</td>
</tr>
<tr>
<td>No VirusTotal score.</td>
<td>
<samp>
This file has never been scanned on VirusTotal.
</samp>
</td>
</tr>
</tbody>
</table>
4f8375863ea528e88c87572db0e5b124
/report/4f8375863ea528e88c87572db0e5b124
2024-03-19T09:02:38.693765Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_CUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2024-Mar-19 08:02:13
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
English - United States
<br/>
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Strings found in the binary may indicate undesirable behavior:</td>
<td>
<samp>
May have dropper capabilities:
<br/><ul>
<li>CurrentControlSet\Services</li>
</ul>
</samp>
<samp>
Contains another PE executable:
<br/><ul>
<li>This program cannot be run in DOS mode.</li>
</ul>
</samp>
<samp>
Contains domain names:
<br/><ul>
<li>crl.microsoft.com</li>
<li>http://crl.microsoft.com</li>
<li>http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z</li>
<li>http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z</li>
<li>http://msdl.microsoft.com</li>
<li>http://msdl.microsoft.com/download/symbols</li>
<li>http://www.microsoft.com</li>
<li>http://www.microsoft.com/PKI/docs/CPS/default.htm0</li>
<li>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0</li>
<li>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0</li>
<li>http://www.microsoft.com/pkiops/Docs/Repository.htm0</li>
<li>http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202014.crt0</li>
<li>http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202014.crl0</li>
<li>https://www.microsoft.com</li>
<li>https://www.microsoft.com/en-us/windows</li>
<li>microsoft.com</li>
<li>msdl.microsoft.com</li>
<li>www.microsoft.com</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>Cryptographic algorithms detected in the binary:</td>
<td>
<samp>
Uses constants related to SHA256
</samp>
</td>
</tr>
<tr>
<td>The PE contains functions mostly used by malware.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>GetProcAddress</li>
<li>LoadLibraryExA</li>
<li>LoadLibraryW</li>
<li>LoadLibraryExW</li>
</ul>
</samp>
<samp>
Can access the registry:
<br/><ul>
<li>RegCloseKey</li>
<li>RegSetValueExW</li>
<li>RegCreateKeyW</li>
<li>RegOpenKeyW</li>
</ul>
</samp>
<samp>
Can create temporary files:
<br/><ul>
<li>GetTempPathW</li>
<li>CreateFileA</li>
<li>CreateFileW</li>
</ul>
</samp>
<samp>
Functions related to the privilege level:
<br/><ul>
<li>AdjustTokenPrivileges</li>
<li>OpenProcessToken</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>No VirusTotal score.</td>
<td>
<samp>
This file has never been scanned on VirusTotal.
</samp>
</td>
</tr>
</tbody>
</table>
9219e2cfcc64ccde2d8de507538b9991
/report/9219e2cfcc64ccde2d8de507538b9991
2024-02-02T09:44:15.010149Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_I386
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2010-Feb-25 02:34:53
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
English - United States
<br/>
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
notepad
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
notepad
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
1.0.0.0
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
1.0.0.0
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
notepad.exe
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>The PE is possibly packed.</td>
<td>
<samp>
Unusual section name found: .dKVU
<br/> </samp>
<samp>
Unusual section name found: .cPBG
<br/> </samp>
<samp>
Section .cPBG is both writable and executable.
<br/> </samp>
<samp>
Unusual section name found: .aFUR
<br/> </samp>
<samp>
Section .aFUR is both writable and executable.
<br/> </samp>
<samp>
Unusual section name found: .rOPG
</samp>
</td>
</tr>
<tr>
<td>The PE contains functions most legitimate programs don't use.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>GetProcAddress</li>
<li>LoadLibraryA</li>
</ul>
</samp>
<samp>
Functions which can be used for anti-debugging purposes:
<br/><ul>
<li>FindWindowA</li>
</ul>
</samp>
<samp>
Memory manipulation functions often used by packers:
<br/><ul>
<li>VirtualAlloc</li>
<li>VirtualProtect</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 61/69 (Scanned on 2024-01-16 11:07:46)</td>
<td>
<samp>
ALYac:
Gen:Variant.Barys.322032
<br/> </samp>
<samp>
APEX:
Malicious
<br/> </samp>
<samp>
AVG:
Win32:Zbot-LYA [Trj]
<br/> </samp>
<samp>
AhnLab-V3:
Trojan/Win32.Zbot.R14737
<br/> </samp>
<samp>
Alibaba:
Backdoor:Win32/Blakken.e6529027
<br/> </samp>
<samp>
Antiy-AVL:
Trojan[Backdoor]/Win32.Blakken
<br/> </samp>
<samp>
Arcabit:
Trojan.Barys.D4E9F0
<br/> </samp>
<samp>
Avast:
Win32:Zbot-LYA [Trj]
<br/> </samp>
<samp>
Avira:
TR/Crypt.EPACK.Gen2
<br/> </samp>
<samp>
BitDefender:
Gen:Variant.Barys.322032
<br/> </samp>
<samp>
BitDefenderTheta:
Gen:NN.ZexaF.36680.eqW@aa!mV3f
<br/> </samp>
<samp>
Bkav:
W32.AIDetectMalware
<br/> </samp>
<samp>
ClamAV:
Win.Trojan.Lancafdo-1
<br/> </samp>
<samp>
CrowdStrike:
win/malicious_confidence_100% (W)
<br/> </samp>
<samp>
Cybereason:
malicious.00d057
<br/> </samp>
<samp>
Cylance:
unsafe
<br/> </samp>
<samp>
Cynet:
Malicious (score: 100)
<br/> </samp>
<samp>
DeepInstinct:
MALICIOUS
<br/> </samp>
<samp>
DrWeb:
Trojan.Winlock.1110
<br/> </samp>
<samp>
ESET-NOD32:
a variant of Win32/Kryptik.BRT
<br/> </samp>
<samp>
Elastic:
malicious (high confidence)
<br/> </samp>
<samp>
Emsisoft:
Gen:Variant.Barys.322032 (B)
<br/> </samp>
<samp>
F-Secure:
Trojan.TR/Crypt.EPACK.Gen2
<br/> </samp>
<samp>
Fortinet:
W32/Kryptik.DT!tr
<br/> </samp>
<samp>
GData:
Gen:Variant.Barys.322032
<br/> </samp>
<samp>
Google:
Detected
<br/> </samp>
<samp>
Gridinsoft:
Virtool.Win32.Obfuscator.cc!s1
<br/> </samp>
<samp>
Ikarus:
Trojan-Spy.Win32.Zbot
<br/> </samp>
<samp>
Jiangmin:
Backdoor/Blakken.ab
<br/> </samp>
<samp>
K7AntiVirus:
Trojan ( 0040f5651 )
<br/> </samp>
<samp>
K7GW:
Trojan ( 0040f5651 )
<br/> </samp>
<samp>
Kaspersky:
HEUR:Trojan.Win32.Generic
<br/> </samp>
<samp>
Kingsoft:
Win32.HeurC.KVMH008.a
<br/> </samp>
<samp>
Lionic:
Trojan.Win32.Generic.kYPw
<br/> </samp>
<samp>
Malwarebytes:
Generic.Crypt.Trojan.DDS
<br/> </samp>
<samp>
MaxSecure:
Trojan.Malware.2255689.susgen
<br/> </samp>
<samp>
McAfee:
Artemis!9219E2CFCC64
<br/> </samp>
<samp>
MicroWorld-eScan:
Gen:Variant.Barys.322032
<br/> </samp>
<samp>
Microsoft:
VirTool:Win32/Obfuscator.GQ
<br/> </samp>
<samp>
NANO-Antivirus:
Trojan.Win32.Annoy.itmq
<br/> </samp>
<samp>
Panda:
Trj/CI.A
<br/> </samp>
<samp>
Rising:
HackTool.Obfuscator!8.236 (TFE:1:m69HhhT1iNE)
<br/> </samp>
<samp>
Sangfor:
Suspicious.Win32.Save.a
<br/> </samp>
<samp>
SentinelOne:
Static AI - Malicious PE
<br/> </samp>
<samp>
Skyhigh:
BehavesLike.Win32.Sytro.lc
<br/> </samp>
<samp>
Sophos:
Mal/Bancos-E
<br/> </samp>
<samp>
Symantec:
Backdoor.Lancafdo.A
<br/> </samp>
<samp>
TACHYON:
Trojan/W32.Agent.76288.MY
<br/> </samp>
<samp>
Tencent:
Malware.Win32.Gencirc.114d8f12
<br/> </samp>
<samp>
TrendMicro:
TROJ_RUSTOCK.NCT
<br/> </samp>
<samp>
TrendMicro-HouseCall:
TROJ_RUSTOCK.NCT
<br/> </samp>
<samp>
VBA32:
Malware-Cryptor.Win32.Vals.22
<br/> </samp>
<samp>
VIPRE:
Gen:Variant.Barys.322032
<br/> </samp>
<samp>
Varist:
W32/Risk.RDOO-2190
<br/> </samp>
<samp>
ViRobot:
Backdoor.Win32.S.Blakken.76288
<br/> </samp>
<samp>
VirIT:
Trojan.Win32.Winlock.BQS
<br/> </samp>
<samp>
Webroot:
W32.Trojan.Trojan.gen
<br/> </samp>
<samp>
Xcitium:
Malware@#g5iwb3whzv24
<br/> </samp>
<samp>
Yandex:
Trojan.GenAsa!ceqdQnJD2l0
<br/> </samp>
<samp>
Zillya:
Backdoor.Blakken.Win32.3
<br/> </samp>
<samp>
ZoneAlarm:
HEUR:Trojan.Win32.Generic
</samp>
</td>
</tr>
</tbody>
</table>
d7865ed111c8505a0ecc0b500e276f7e
/report/d7865ed111c8505a0ecc0b500e276f7e
2024-03-19T04:28:43.417736Z
JusticeRage
<img src="/static/icons/d7865ed111c8505a0ecc0b500e276f7e.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_I386
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2023-Jun-16 02:39:37
</td>
</tr>
<tr>
<th align="left">Debug artifacts</th>
<td>
C:\Development\FA Wpf\Sources\MHW.FA.WPF\obj\Release\FA.pdb
<br/>
</td>
</tr>
<tr>
<th align="left">Comments</th>
<td>
MHW Financial Accountancy
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
MHW Customer Services
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
MHW Financial Accountancy
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
1.0.0.0
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
FA.exe
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
Copyright © MHW Customer Services 2014
</td>
</tr>
<tr>
<th align="left">LegalTrademarks</th>
<td>
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
FA.exe
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
MHW Financial Accountancy
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
1.0.0.0
</td>
</tr>
<tr>
<th align="left">Assembly Version</th>
<td>
1.0.0.0
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Matching compiler(s):</td>
<td>
<samp>
.NET executable -> Microsoft
</samp>
</td>
</tr>
<tr>
<td>Strings found in the binary may indicate undesirable behavior:</td>
<td>
<samp>
Contains references to internet browsers:
<br/><ul>
<li>IExplore.exe</li>
</ul>
</samp>
<samp>
Accesses the WMI:
<br/><ul>
<li>root\Microsoft</li>
</ul>
</samp>
<samp>
Contains domain names:
<br/><ul>
<li>adobe.com</li>
<li>ajaxload.info</li>
<li>creativecommons.org</li>
<li>datacontract.org</li>
<li>devexpress.com</li>
<li>essentialobjects.com</li>
<li>http://creativecommons.org</li>
<li>http://ns.adobe.com</li>
<li>http://ns.adobe.com/exif/1.0/</li>
<li>http://ns.adobe.com/photoshop/1.0/</li>
<li>http://ns.adobe.com/tiff/1.0/</li>
<li>http://ns.adobe.com/xap/1.0/</li>
<li>http://ns.adobe.com/xap/1.0/mm/</li>
<li>http://ns.adobe.com/xap/1.0/sType/ResourceEvent#</li>
<li>http://ns.adobe.com/xap/1.0/sType/ResourceRef#</li>
<li>http://purl.org</li>
<li>http://schemas.datacontract.org</li>
<li>http://schemas.datacontract.org/2004/07/MHW.CreditControl.DataContracts/</li>
<li>http://schemas.datacontract.org/2004/07/MHW.CreditControl.DataContractsn</li>
<li>http://schemas.datacontract.org/2004/07/MHW.CreditControl.DataContractsq</li>
<li>http://schemas.datacontract.org/2004/07/MHW.CreditControl.DataContractss</li>
<li>http://schemas.datacontract.org/2004/07/MHW.CreditControl.DataContractsu</li>
<li>http://schemas.datacontract.org/2004/07/MHW.CreditControl.DataContractsv</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts#</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts-</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Fxl</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Fxq</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Fxu</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Imports</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importsm</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importsn</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importso</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importsp</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importsq</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importsr</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importst</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importsw</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importsx</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Importsy</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Masters</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Mastersi</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Masterso</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Mastersq</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Masterss</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Mastersv</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Mastersy</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSO</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSO+</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSO,</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSO-</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSOm</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSOn</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSOp</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSOq</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSOt</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSOu</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSOv</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSOw</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.POSOy</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts.Updates</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts0</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts1</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts5</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContracts8</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractse</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsf</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsg</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsh</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsi</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsj</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsk</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsl</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsm</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsn</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractso</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsp</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsq</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsr</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractss</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractst</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsu</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsv</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsw</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsx</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsy</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.DataContractsz</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databases</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesa</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesb</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesc</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesd</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasese</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesf</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesg</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesh</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesi</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesj</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesk</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesl</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesm</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesn</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databaseso</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesp</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesq</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesr</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasest</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesu</li>
<li>http://schemas.datacontract.org/2004/07/MHW.FA.WPF.Services.Databasesw</li>
<li>http://schemas.devexpress.com</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/bars</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/bars/themekeys</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/core</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/core/internal</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/core/themekeys</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/demobase</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/docking</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/editors</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/grid</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/grid/themekeys</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/layoutcontrol</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/mvvm</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/navbar</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/navbar/themekeys</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/office</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/pdf</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/ribbon</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/richedit</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/spreadsheet</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/windowsui</li>
<li>http://schemas.devexpress.com/winfx/2008/xaml/windowsui/navigation</li>
<li>http://schemas.essentialobjects.com</li>
<li>http://schemas.essentialobjects.com/wpf/</li>
<li>http://schemas.microsoft.com</li>
<li>http://schemas.microsoft.com/expression/2010/interactivity</li>
<li>http://schemas.microsoft.com/expression/blend/2008</li>
<li>http://schemas.microsoft.com/winfx/2006/xaml</li>
<li>http://schemas.microsoft.com/winfx/2006/xaml/presentation</li>
<li>http://schemas.openxmlformats.org</li>
<li>http://schemas.openxmlformats.org/markup-compatibility/2006</li>
<li>http://tempuri.org</li>
<li>http://www.icon-king.com</li>
<li>http://www.icon-king.com/projects/nuvola/v</li>
<li>http://www.w3.org</li>
<li>http://www.w3.org/1999/02/22-rdf-syntax-ns#</li>
<li>https://rrapp.tropicanacorp.com.my</li>
<li>https://rrapp.tropicanacorp.com.my/MHW.FA.WPF.Services.FA_JB/Views/ReportingView.aspx?reportName</li>
<li>icon-king.com</li>
<li>microsoft.com</li>
<li>ns.adobe.com</li>
<li>openxmlformats.org</li>
<li>rrapp.tropicanacorp.com</li>
<li>schemas.datacontract.org</li>
<li>schemas.devexpress.com</li>
<li>schemas.essentialobjects.com</li>
<li>schemas.microsoft.com</li>
<li>schemas.openxmlformats.org</li>
<li>tempuri.org</li>
<li>tropicanacorp.com</li>
<li>www.icon-king.com</li>
<li>www.w3.org</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>No VirusTotal score.</td>
<td>
<samp>
This file has never been scanned on VirusTotal.
</samp>
</td>
</tr>
</tbody>
</table>
a27ceccc909f8d8bdc87d01afbbe8530
/report/a27ceccc909f8d8bdc87d01afbbe8530
2024-03-19T01:43:13.153248Z
JusticeRage
<img src="/static/icons/a27ceccc909f8d8bdc87d01afbbe8530.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_CUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2023-Sep-08 17:43:12
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
English - United States
<br/>
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Matching compiler(s):</td>
<td>
<samp>
MASM/TASM - sig1(h)
</samp>
</td>
</tr>
<tr>
<td>The PE is possibly a dropper.</td>
<td>
<samp>
Resources amount for 82.5641% of the executable.
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 0/73 (Scanned on 2024-03-09 01:28:19)</td>
<td>
<samp>
All the AVs think this file is safe.
</samp>
</td>
</tr>
</tbody>
</table>
86c97fe515b63259c4e1446d547d7696
/report/86c97fe515b63259c4e1446d547d7696
2024-03-19T01:19:05.815457Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_CUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2082-Feb-11 00:35:16
</td>
</tr>
<tr>
<th align="left">Comments</th>
<td>
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
dummylogin
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
1.0.0.0
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
dummylogin.exe
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
Copyright © 2022
</td>
</tr>
<tr>
<th align="left">LegalTrademarks</th>
<td>
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
dummylogin.exe
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
dummylogin
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
1.0.0.0
</td>
</tr>
<tr>
<th align="left">Assembly Version</th>
<td>
1.0.0.0
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>The PE is possibly packed.</td>
<td>
<samp>
The PE only has 0 import(s).
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 2/71 (Scanned on 2024-03-06 14:58:17)</td>
<td>
<samp>
APEX:
Malicious
<br/> </samp>
<samp>
Cynet:
Malicious (score: 100)
</samp>
</td>
</tr>
</tbody>
</table>
cbdb0a4c716f65ca67e53ca5200bbd94
/report/cbdb0a4c716f65ca67e53ca5200bbd94
2024-03-19T00:25:45.427431Z
JusticeRage
<img src="/static/icons/cbdb0a4c716f65ca67e53ca5200bbd94.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_I386
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2019-Jan-12 09:35:50
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
Chinese - PRC
<br/>
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
Panda Microsoft 基础类应用程序
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
1, 0, 0, 1
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
Panda
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
版权所有 (C) 2010
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
Panda.EXE
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
Panda 应用程序
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
1, 0, 0, 1
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Matching compiler(s):</td>
<td>
<samp>
MASM/TASM - sig2(h)
<br/> </samp>
<samp>
MASM/TASM - sig1(h)
<br/> </samp>
<samp>
Microsoft Visual C++
<br/> </samp>
<samp>
Microsoft Visual C++ v6.0
<br/> </samp>
<samp>
Microsoft Visual C++ v5.0/v6.0 (MFC)
</samp>
</td>
</tr>
<tr>
<td>The PE is packed or was manually edited.</td>
<td>
<samp>
The number of imports reported in the RICH header is inconsistent.
</samp>
</td>
</tr>
<tr>
<td>The PE contains functions most legitimate programs don't use.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>LoadLibraryA</li>
<li>GetProcAddress</li>
</ul>
</samp>
<samp>
Can take screenshots:
<br/><ul>
<li>GetDC</li>
<li>BitBlt</li>
<li>CreateCompatibleDC</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>The PE is possibly a dropper.</td>
<td>
<samp>
Resource 134 is possibly compressed or encrypted.
<br/> </samp>
<samp>
Resources amount for 91.5192% of the executable.
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 2/72 (Scanned on 2023-11-04 19:43:27)</td>
<td>
<samp>
APEX:
Malicious
<br/> </samp>
<samp>
BitDefenderTheta:
Gen:NN.ZexaCO.36792.Fs0@aWkUBOpb
</samp>
</td>
</tr>
</tbody>
</table>
29abfe226b0443ba804cb7f0d996db68
/report/29abfe226b0443ba804cb7f0d996db68
2024-03-19T00:09:03.854138Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2022-Apr-14 16:28:42
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
English - United States
<br/>
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
Don HO don.h@free.fr
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
WinGup for Notepad++
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
5.23
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
gup.exe
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
Copyright 2018 by Don HO
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
gup.exe
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
WinGup for Notepad++
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
5.23
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Strings found in the binary may indicate undesirable behavior:</td>
<td>
<samp>
May have dropper capabilities:
<br/><ul>
<li>%TEMP%</li>
</ul>
</samp>
<samp>
Contains obfuscated function names:
<br/><ul>
<li>61 42 4c 49 61 44 4f 5f 4c 5f 54</li>
<li>6a 48 59 7d 5f 42 4e 6c 49 49 5f 48 5e 5e</li>
</ul>
</samp>
<samp>
Contains a XORed PE executable:
<br/><ul>
<li>79 45 44 5e 0d 5d 5f 42 4a 5f 4c 40 0d 4e 4c 43 43 42 59 0d ...</li>
</ul>
</samp>
<samp>
Contains domain names:
<br/><ul>
<li>https://notepad-plus-plus.org</li>
<li>https://npp-user-manual.org</li>
<li>manual.org</li>
<li>notepad-plus-plus.org</li>
<li>npp-user-manual.org</li>
<li>plus-plus.org</li>
<li>user-manual.org</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>Cryptographic algorithms detected in the binary:</td>
<td>
<samp>
Uses constants related to CRC32
<br/> </samp>
<samp>
Uses constants related to SHA256
<br/> </samp>
<samp>
Uses known Mersenne Twister constants
</samp>
</td>
</tr>
<tr>
<td>The PE contains functions most legitimate programs don't use.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>LoadLibraryW</li>
<li>GetProcAddress</li>
<li>LoadLibraryExW</li>
</ul>
</samp>
<samp>
Functions which can be used for anti-debugging purposes:
<br/><ul>
<li>SwitchToThread</li>
</ul>
</samp>
<samp>
Possibly launches other programs:
<br/><ul>
<li>ShellExecuteW</li>
</ul>
</samp>
<samp>
Memory manipulation functions often used by packers:
<br/><ul>
<li>VirtualProtect</li>
<li>VirtualAlloc</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>The file contains overlay data.</td>
<td>
<samp>
12657731 bytes of data starting at offset 0xee840.
<br/> </samp>
<samp>
The overlay data has an entropy of 7.72541 and is possibly compressed or encrypted.
<br/> </samp>
<samp>
Overlay data amounts for 92.8347% of the executable.
</samp>
</td>
</tr>
<tr>
<td>The PE is digitally signed.</td>
<td>
<samp>
Signer: Notepad\+\+
<br/> </samp>
<samp>
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 18/72 (Scanned on 2024-02-22 01:31:43)</td>
<td>
<samp>
Bkav:
W64.AIDetectMalware
<br/> </samp>
<samp>
CrowdStrike:
win/malicious_confidence_100% (W)
<br/> </samp>
<samp>
Cylance:
unsafe
<br/> </samp>
<samp>
Cynet:
Malicious (score: 100)
<br/> </samp>
<samp>
DeepInstinct:
MALICIOUS
<br/> </samp>
<samp>
ESET-NOD32:
Win64/Filesponger.H
<br/> </samp>
<samp>
Google:
Detected
<br/> </samp>
<samp>
Ikarus:
Trojan.Win64.Filesponger
<br/> </samp>
<samp>
Kingsoft:
Win32.Troj.Undef.a
<br/> </samp>
<samp>
Lionic:
Trojan.Win32.Filesponger.4!c
<br/> </samp>
<samp>
McAfee:
Artemis!29ABFE226B04
<br/> </samp>
<samp>
Microsoft:
Program:Win32/Wacapew.C!ml
<br/> </samp>
<samp>
Panda:
Trj/Chgt.AD
<br/> </samp>
<samp>
Rising:
Trojan.Filesponger!8.184DB (CLOUD)
<br/> </samp>
<samp>
Skyhigh:
Artemis
<br/> </samp>
<samp>
Sophos:
Mal/Generic-S
<br/> </samp>
<samp>
Symantec:
ML.Attribute.HighConfidence
<br/> </samp>
<samp>
TrendMicro:
TrojanSpy.Win64.VIPERSOFTX.SMTH
</samp>
</td>
</tr>
</tbody>
</table>
1fb7fdee2d197516eea6407ccf120895
/report/1fb7fdee2d197516eea6407ccf120895
2024-03-18T21:45:03.309497Z
JusticeRage
<img src="/static/icons/1fb7fdee2d197516eea6407ccf120895.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2058-Feb-23 18:24:58
</td>
</tr>
<tr>
<th align="left">Debug artifacts</th>
<td>
C:\Users\Admin\Source\Repos\DeuxEx\SendLocalMessage\SendLocalMessage\obj\x64\Release\SendLocalMessage.pdb
<br/>
</td>
</tr>
<tr>
<th align="left">Comments</th>
<td>
SendLocalMessage
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
MTG-IT
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
SendLocalMessage
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
1.0.0.0
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
SendLocalMessage.exe
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
Copyright © 2024
</td>
</tr>
<tr>
<th align="left">LegalTrademarks</th>
<td>
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
SendLocalMessage.exe
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
SendLocalMessage
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
1.0.0.0
</td>
</tr>
<tr>
<th align="left">Assembly Version</th>
<td>
1.0.0.0
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Interesting strings found in the binary:</td>
<td>
<samp>
Contains domain names:
<br/><ul>
<li>http://schemas.microsoft.com</li>
<li>http://schemas.microsoft.com/expression/blend/2008</li>
<li>http://schemas.microsoft.com/winfx/2006/xaml</li>
<li>http://schemas.microsoft.com/winfx/2006/xaml/presentation</li>
<li>http://schemas.openxmlformats.org</li>
<li>http://schemas.openxmlformats.org/markup-compatibility/2006</li>
<li>microsoft.com</li>
<li>openxmlformats.org</li>
<li>schemas.microsoft.com</li>
<li>schemas.openxmlformats.org</li>
<li>toreboda.se</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>The PE is possibly packed.</td>
<td>
<samp>
The PE only has 0 import(s).
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 2/73 (Scanned on 2024-03-18 20:30:50)</td>
<td>
<samp>
APEX:
Malicious
<br/> </samp>
<samp>
MaxSecure:
Trojan.Malware.300983.susgen
</samp>
</td>
</tr>
</tbody>
</table>
d2cc56ff90336900c473a6252b83d358
/report/d2cc56ff90336900c473a6252b83d358
2024-03-18T21:19:08.579872Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2024-Feb-04 18:15:32
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
English - United States
<br/>
</td>
</tr>
<tr>
<th align="left">Debug artifacts</th>
<td>
D:\Dev\Sprint Mod ND\x64\Release\sprint_mod.pdb
<br/>
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Interesting strings found in the binary:</td>
<td>
<samp>
Contains domain names:
<br/><ul>
<li>http://crl.mB</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>Cryptographic algorithms detected in the binary:</td>
<td>
<samp>
Uses constants related to CRC32
<br/> </samp>
<samp>
Uses known Mersenne Twister constants
</samp>
</td>
</tr>
<tr>
<td>The PE contains functions mostly used by malware.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>GetProcAddress</li>
<li>LoadLibraryA</li>
</ul>
</samp>
<samp>
Functions which can be used for anti-debugging purposes:
<br/><ul>
<li>CreateToolhelp32Snapshot</li>
<li>FindWindowA</li>
</ul>
</samp>
<samp>
Code injection capabilities (PowerLoader):
<br/><ul>
<li>FindWindowA</li>
<li>GetWindowLongW</li>
</ul>
</samp>
<samp>
Possibly launches other programs:
<br/><ul>
<li>system</li>
</ul>
</samp>
<samp>
Uses functions commonly found in keyloggers:
<br/><ul>
<li>CallNextHookEx</li>
<li>GetAsyncKeyState</li>
<li>GetForegroundWindow</li>
</ul>
</samp>
<samp>
Manipulates other processes:
<br/><ul>
<li>Process32First</li>
<li>WriteProcessMemory</li>
<li>OpenProcess</li>
<li>Process32Next</li>
</ul>
</samp>
<samp>
Can take screenshots:
<br/><ul>
<li>FindWindowA</li>
<li>GetDC</li>
</ul>
</samp>
<samp>
Reads the contents of the clipboard:
<br/><ul>
<li>GetClipboardData</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 32/72 (Scanned on 2024-03-08 09:16:55)</td>
<td>
<samp>
ALYac:
Trojan.GenericKD.71513742
<br/> </samp>
<samp>
APEX:
Malicious
<br/> </samp>
<samp>
Antiy-AVL:
Trojan/Win32.Wacatac
<br/> </samp>
<samp>
Arcabit:
Trojan.Generic.D443368E
<br/> </samp>
<samp>
BitDefender:
Trojan.GenericKD.71513742
<br/> </samp>
<samp>
CrowdStrike:
win/malicious_confidence_90% (D)
<br/> </samp>
<samp>
Cybereason:
malicious.f90336
<br/> </samp>
<samp>
Cylance:
unsafe
<br/> </samp>
<samp>
Cynet:
Malicious (score: 100)
<br/> </samp>
<samp>
DeepInstinct:
MALICIOUS
<br/> </samp>
<samp>
ESET-NOD32:
a variant of Win64/GameHack.JF potentially unsafe
<br/> </samp>
<samp>
Emsisoft:
Trojan.GenericKD.71513742 (B)
<br/> </samp>
<samp>
FireEye:
Trojan.GenericKD.71513742
<br/> </samp>
<samp>
Fortinet:
W32/PossibleThreat
<br/> </samp>
<samp>
GData:
Trojan.GenericKD.71513742
<br/> </samp>
<samp>
Google:
Detected
<br/> </samp>
<samp>
Ikarus:
Trojan.Win64.Krypt
<br/> </samp>
<samp>
Lionic:
Trojan.Win32.Generic.4!c
<br/> </samp>
<samp>
MAX:
malware (ai score=84)
<br/> </samp>
<samp>
Malwarebytes:
Malware.AI.1061736663
<br/> </samp>
<samp>
MaxSecure:
Trojan.Malware.300983.susgen
<br/> </samp>
<samp>
McAfee:
Artemis!D2CC56FF9033
<br/> </samp>
<samp>
MicroWorld-eScan:
Trojan.GenericKD.71513742
<br/> </samp>
<samp>
Microsoft:
Program:Win32/Wacapew.C!ml
<br/> </samp>
<samp>
Panda:
Trj/Chgt.AD
<br/> </samp>
<samp>
Sangfor:
Trojan.Win32.Agent.Vt5o
<br/> </samp>
<samp>
SentinelOne:
Static AI - Suspicious PE
<br/> </samp>
<samp>
Skyhigh:
BehavesLike.Win64.Ransom.dc
<br/> </samp>
<samp>
Sophos:
Generic Reputation PUA (PUA)
<br/> </samp>
<samp>
Symantec:
ML.Attribute.HighConfidence
<br/> </samp>
<samp>
TrendMicro-HouseCall:
TROJ_GEN.R002H09BC24
<br/> </samp>
<samp>
VIPRE:
Trojan.GenericKD.71513742
</samp>
</td>
</tr>
</tbody>
</table>
696f27f3fbad4344d31461cf758d238a
/report/696f27f3fbad4344d31461cf758d238a
2024-03-18T19:16:20.946597Z
JusticeRage
<img src="/static/icons/696f27f3fbad4344d31461cf758d238a.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_I386
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2008-Sep-25 14:20:19
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
English - United States
<br/>
Spanish - Spain (International sort)
<br/>
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
-
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
LCDOMINÓ
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
4.05.0030
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
4.05.0030
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
Lcdom45
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
Lcdom45.exe
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Matching compiler(s):</td>
<td>
<samp>
Microsoft Visual Basic v5.0/v6.0
<br/> </samp>
<samp>
Microsoft Visual Basic v5.0 - v6.0
<br/> </samp>
<samp>
Microsoft Visual Basic v6.0
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 2/69 (Scanned on 2020-09-27 14:59:22)</td>
<td>
<samp>
APEX:
Malicious
<br/> </samp>
<samp>
VBA32:
BScope.Trojan.Zpevdo
</samp>
</td>
</tr>
</tbody>
</table>
0869487c0cba4a2f52e214596ebded82
/report/0869487c0cba4a2f52e214596ebded82
2024-03-18T18:47:10.712386Z
JusticeRage
<img src="/static/icons/0869487c0cba4a2f52e214596ebded82.ico" width="64px" height="64px"><br/><h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_I386
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2022-Oct-27 23:59:47
</td>
</tr>
<tr>
<th align="left">Detected languages</th>
<td>
English - United States
<br/>
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
Containerchain Pty Ltd
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
task@containerchain
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
task@containerchain
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
8.01.0008
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
8.01.0008
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
Task
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
Task.exe
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>The PE is packed with Aspack</td>
<td>
<samp>
Unusual section name found: .aspack
<br/> </samp>
<samp>
The PE only has 4 import(s).
</samp>
</td>
</tr>
<tr>
<td>The PE contains common functions which appear in legitimate applications.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>GetProcAddress</li>
<li>LoadLibraryA</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>No VirusTotal score.</td>
<td>
<samp>
This file has never been scanned on VirusTotal.
</samp>
</td>
</tr>
</tbody>
</table>
7e642a78bc7f6e8d06e9c52f388d0cdb
/report/7e642a78bc7f6e8d06e9c52f388d0cdb
2024-03-18T18:20:46.909649Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_CUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
1970-Jan-01 00:00:00
</td>
</tr>
<tr>
<th align="left">Debug artifacts</th>
<td>
Embedded COFF debugging symbols
<br/>
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>PEiD Signature:</td>
<td>
<samp>
HQR data file
</samp>
</td>
</tr>
<tr>
<td>Interesting strings found in the binary:</td>
<td>
<samp>
Contains domain names:
<br/><ul>
<li>.eq.github.com</li>
<li>.eq.golang.org</li>
<li>.hash.net</li>
<li>Tgithub.com</li>
<li>api.yetzpromo.com.br</li>
<li>eq.github.com</li>
<li>eq.golang.org</li>
<li>github.com</li>
<li>golang.org</li>
<li>http://200.9.155.126</li>
<li>http://www.w3.org</li>
<li>http://www.w3.org/XML/1998/namespacexml</li>
<li>https://api.yetzpromo.com.br</li>
<li>https://api.yetzpromo.com.br/api/client/verifyLoginScanState's</li>
<li>itab.github.com</li>
<li>textproto.nl</li>
<li>www.w3.org</li>
<li>yetzpromo.com.br</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>Cryptographic algorithms detected in the binary:</td>
<td>
<samp>
Uses constants related to MD5
<br/> </samp>
<samp>
Uses constants related to SHA1
<br/> </samp>
<samp>
Uses constants related to SHA256
<br/> </samp>
<samp>
Uses constants related to SHA512
<br/> </samp>
<samp>
Uses constants related to AES
</samp>
</td>
</tr>
<tr>
<td>The PE is possibly packed.</td>
<td>
<samp>
Unusual section name found: .xdata
<br/> </samp>
<samp>
Unusual section name found: /4
<br/> </samp>
<samp>
Unusual section name found: /19
<br/> </samp>
<samp>
Unusual section name found: /32
<br/> </samp>
<samp>
Unusual section name found: /46
<br/> </samp>
<samp>
Unusual section name found: /65
<br/> </samp>
<samp>
Unusual section name found: /78
<br/> </samp>
<samp>
Unusual section name found: /90
<br/> </samp>
<samp>
Unusual section name found: .symtab
</samp>
</td>
</tr>
<tr>
<td>The PE contains functions most legitimate programs don't use.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>LoadLibraryW</li>
<li>LoadLibraryExW</li>
<li>GetProcAddress</li>
</ul>
</samp>
<samp>
Functions which can be used for anti-debugging purposes:
<br/><ul>
<li>SwitchToThread</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>No VirusTotal score.</td>
<td>
<samp>
This file has never been scanned on VirusTotal.
</samp>
</td>
</tr>
</tbody>
</table>
97200a258b97f8f0cf20e28a42615429
/report/97200a258b97f8f0cf20e28a42615429
2024-03-18T16:24:13.646891Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2013-Feb-21 19:48:27
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Strings found in the binary may indicate undesirable behavior:</td>
<td>
<samp>
Contains references to internet browsers:
<br/><ul>
<li>chrome.exe</li>
<li>firefox.exe</li>
<li>iexplore.exe</li>
</ul>
</samp>
<samp>
May have dropper capabilities:
<br/><ul>
<li>CurrentVersion\Run</li>
</ul>
</samp>
<samp>
Contains domain names:
<br/><ul>
<li>ericpotic.com</li>
<li>mashevserv.com</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>Cryptographic algorithms detected in the binary:</td>
<td>
<samp>
Uses constants related to MD5
</samp>
</td>
</tr>
<tr>
<td>The PE contains functions mostly used by malware.</td>
<td>
<samp>
[!] The program may be hiding some of its imports:
<br/><ul>
<li>LoadLibraryExW</li>
<li>LoadLibraryA</li>
<li>GetProcAddress</li>
</ul>
</samp>
<samp>
Functions which can be used for anti-debugging purposes:
<br/><ul>
<li>SwitchToThread</li>
<li>CreateToolhelp32Snapshot</li>
</ul>
</samp>
<samp>
Code injection capabilities:
<br/><ul>
<li>VirtualAllocEx</li>
<li>VirtualAlloc</li>
<li>OpenProcess</li>
<li>CreateRemoteThread</li>
<li>WriteProcessMemory</li>
</ul>
</samp>
<samp>
Possibly launches other programs:
<br/><ul>
<li>CreateProcessW</li>
<li>CreateProcessA</li>
</ul>
</samp>
<samp>
Uses Windows's Native API:
<br/><ul>
<li>ZwOpenProcess</li>
<li>ZwQueryInformationToken</li>
<li>ZwClose</li>
<li>ZwOpenProcessToken</li>
<li>ZwQueryInformationProcess</li>
</ul>
</samp>
<samp>
Can create temporary files:
<br/><ul>
<li>GetTempPathA</li>
<li>CreateFileA</li>
</ul>
</samp>
<samp>
Memory manipulation functions often used by packers:
<br/><ul>
<li>VirtualProtect</li>
<li>VirtualAllocEx</li>
<li>VirtualAlloc</li>
<li>VirtualProtectEx</li>
</ul>
</samp>
<samp>
Has Internet access capabilities:
<br/><ul>
<li>InternetConnectW</li>
<li>InternetReadFile</li>
<li>InternetSetStatusCallback</li>
<li>InternetReadFileExA</li>
<li>InternetQueryDataAvailable</li>
<li>InternetQueryOptionA</li>
<li>InternetReadFileExW</li>
<li>InternetConnectA</li>
<li>InternetSetOptionA</li>
<li>InternetOpenA</li>
<li>InternetCloseHandle</li>
</ul>
</samp>
<samp>
Functions related to the privilege level:
<br/><ul>
<li>ZwOpenProcessToken</li>
</ul>
</samp>
<samp>
Manipulates other processes:
<br/><ul>
<li>OpenProcess</li>
<li>ReadProcessMemory</li>
<li>WriteProcessMemory</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 49/70 (Scanned on 2024-03-13 15:41:16)</td>
<td>
<samp>
ALYac:
Gen:Variant.Ursu.652438
<br/> </samp>
<samp>
AVG:
Sf:Crypt-IU [Trj]
<br/> </samp>
<samp>
AhnLab-V3:
Trojan/Win64.Ursnif.C2741238
<br/> </samp>
<samp>
Alibaba:
TrojanSpy:Win64/Ursnif.090daf89
<br/> </samp>
<samp>
Antiy-AVL:
Trojan[Spy]/Win64.Ursnif
<br/> </samp>
<samp>
Arcabit:
Trojan.Ursu.D9F496
<br/> </samp>
<samp>
Avast:
Sf:Crypt-IU [Trj]
<br/> </samp>
<samp>
Avira:
TR/Crypt.XPACK.Gen8
<br/> </samp>
<samp>
BitDefender:
Gen:Variant.Ursu.652438
<br/> </samp>
<samp>
CrowdStrike:
win/malicious_confidence_100% (W)
<br/> </samp>
<samp>
Cylance:
unsafe
<br/> </samp>
<samp>
Cynet:
Malicious (score: 100)
<br/> </samp>
<samp>
DeepInstinct:
MALICIOUS
<br/> </samp>
<samp>
ESET-NOD32:
a variant of Win64/Spy.Ursnif.AF
<br/> </samp>
<samp>
Elastic:
malicious (high confidence)
<br/> </samp>
<samp>
Emsisoft:
Gen:Variant.Ursu.652438 (B)
<br/> </samp>
<samp>
F-Secure:
Trojan.TR/Crypt.XPACK.Gen8
<br/> </samp>
<samp>
FireEye:
Generic.mg.97200a258b97f8f0
<br/> </samp>
<samp>
GData:
Gen:Variant.Ursu.652438
<br/> </samp>
<samp>
Gridinsoft:
Trojan.Win64.Downloader.sa
<br/> </samp>
<samp>
Ikarus:
Trojan.Win64.PSW
<br/> </samp>
<samp>
Jiangmin:
Trojan.Multi.bwm
<br/> </samp>
<samp>
K7AntiVirus:
Password-Stealer ( 0048e03c1 )
<br/> </samp>
<samp>
K7GW:
Password-Stealer ( 0048e03c1 )
<br/> </samp>
<samp>
Kaspersky:
UDS:Trojan.Win32.GenericML.xnet
<br/> </samp>
<samp>
Lionic:
Trojan.Win32.Ursnif.4!c
<br/> </samp>
<samp>
MAX:
malware (ai score=100)
<br/> </samp>
<samp>
McAfee:
Artemis!97200A258B97
<br/> </samp>
<samp>
MicroWorld-eScan:
Gen:Variant.Ursu.652438
<br/> </samp>
<samp>
Microsoft:
TrojanSpy:Win64/Ursnif.A
<br/> </samp>
<samp>
Panda:
Trj/CI.A
<br/> </samp>
<samp>
Rising:
Spyware.Ursnif!8.1DEF (TFE:4:EX9VGqwvkUT)
<br/> </samp>
<samp>
Sangfor:
Trojan.Win32.Save.a
<br/> </samp>
<samp>
Skyhigh:
BehavesLike.Win64.Injector.kh
<br/> </samp>
<samp>
Sophos:
Mal/Generic-S
<br/> </samp>
<samp>
Symantec:
ML.Attribute.HighConfidence
<br/> </samp>
<samp>
Tencent:
Win32.Trojan.Crypt.Tsmw
<br/> </samp>
<samp>
Trapmine:
malicious.high.ml.score
<br/> </samp>
<samp>
TrendMicro:
TROJ_GEN.R002C0DCB24
<br/> </samp>
<samp>
TrendMicro-HouseCall:
TROJ_GEN.R002C0DCB24
<br/> </samp>
<samp>
VBA32:
TrojanSpy.Win64.Ursnif
<br/> </samp>
<samp>
VIPRE:
Gen:Variant.Ursu.652438
<br/> </samp>
<samp>
ViRobot:
Trojan.Win32.Z.Crypt.70144.A
<br/> </samp>
<samp>
VirIT:
Trojan.Win32.Agent.BGFA
<br/> </samp>
<samp>
Xcitium:
Malware@#19vcfafmjwbqg
<br/> </samp>
<samp>
Yandex:
Trojan.PWS.Papras!el6SsAxwi7s
<br/> </samp>
<samp>
Zillya:
Trojan.Papras.Win64.31
<br/> </samp>
<samp>
ZoneAlarm:
UDS:Trojan.Win32.GenericML.xnet
<br/> </samp>
<samp>
alibabacloud:
Trojan.Win.Ursnif.98673403
</samp>
</td>
</tr>
</tbody>
</table>
750c58af2e56b6addecffcf152520ab8
/report/750c58af2e56b6addecffcf152520ab8
2024-03-18T16:11:36.169282Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_I386
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_CUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2020-Mar-24 07:31:59
</td>
</tr>
<tr>
<th align="left">Debug artifacts</th>
<td>
C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb
<br/>
</td>
</tr>
<tr>
<th align="left">Comments</th>
<td>
A Siticone Framework Custom Siticone .NET controls
</td>
</tr>
<tr>
<th align="left">CompanyName</th>
<td>
Siticone Technology
</td>
</tr>
<tr>
<th align="left">FileDescription</th>
<td>
Siticone.UI 1.0.0.3 - Beta
</td>
</tr>
<tr>
<th align="left">FileVersion</th>
<td>
1.0.0.3
</td>
</tr>
<tr>
<th align="left">InternalName</th>
<td>
Siticone.UI.dll
</td>
</tr>
<tr>
<th align="left">LegalCopyright</th>
<td>
Copyright © 2020
</td>
</tr>
<tr>
<th align="left">LegalTrademarks</th>
<td>
Siticone Technology
</td>
</tr>
<tr>
<th align="left">OriginalFilename</th>
<td>
Siticone.UI.dll
</td>
</tr>
<tr>
<th align="left">ProductName</th>
<td>
Siticone.UI
</td>
</tr>
<tr>
<th align="left">ProductVersion</th>
<td>
1.0.0.3
</td>
</tr>
<tr>
<th align="left">Assembly Version</th>
<td>
1.0.0.3
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Matching compiler(s):</td>
<td>
<samp>
Microsoft Visual C# v7.0 / Basic .NET
<br/> </samp>
<samp>
.NET DLL -> Microsoft
</samp>
</td>
</tr>
<tr>
<td>PEiD Signature:</td>
<td>
<samp>
HQR data file
</samp>
</td>
</tr>
<tr>
<td>The PE is possibly packed.</td>
<td>
<samp>
The PE only has 1 import(s).
</samp>
</td>
</tr>
<tr>
<td>The PE is digitally signed.</td>
<td>
<samp>
Signer: Siticone Technology
<br/> </samp>
<samp>
Issuer: Siticone Root CA
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 3/72 (Scanned on 2024-03-16 19:53:49)</td>
<td>
<samp>
MaxSecure:
Trojan.Malware.188563974.susgen
<br/> </samp>
<samp>
VBA32:
OScope.Trojan.MSIL.Crypt.s1
<br/> </samp>
<samp>
Webroot:
W32.Malware.Gen
</samp>
</td>
</tr>
</tbody>
</table>
1fbb53e472def60c576d58aeaff13282
/report/1fbb53e472def60c576d58aeaff13282
2024-03-18T16:07:59.147738Z
JusticeRage
<h2>Summary</h2>
<table border="1">
<tbody>
<tr>
<th align="left">Architecture</th>
<td>
IMAGE_FILE_MACHINE_AMD64
</td>
</tr>
<tr>
<th align="left">Subsystem</th>
<td>
IMAGE_SUBSYSTEM_WINDOWS_GUI
</td>
</tr>
<tr>
<th align="left">Compilation Date</th>
<td>
2024-Jan-04 18:54:41
</td>
</tr>
<tr>
<th align="left">TLS Callbacks</th>
<td>
3 callback(s) detected.
</td>
</tr>
<tr>
<th align="left">Debug artifacts</th>
<td>
Embedded COFF debugging symbols
<br/>
</td>
</tr>
</tbody>
</table>
<br/><h2>Plugin Output</h2>
<table border="1">
<tbody>
<tr>
<td>Strings found in the binary may indicate undesirable behavior:</td>
<td>
<samp>
Looks for VMWare presence:
<br/><ul>
<li>vmtools</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>The PE is possibly packed.</td>
<td>
<samp>
Unusual section name found: .xdata
<br/> </samp>
<samp>
Unusual section name found: /4
<br/> </samp>
<samp>
Unusual section name found: /19
<br/> </samp>
<samp>
Unusual section name found: /31
<br/> </samp>
<samp>
Unusual section name found: /45
<br/> </samp>
<samp>
Unusual section name found: /57
<br/> </samp>
<samp>
Unusual section name found: /70
<br/> </samp>
<samp>
Unusual section name found: /81
<br/> </samp>
<samp>
Unusual section name found: /92
</samp>
</td>
</tr>
<tr>
<td>The PE contains common functions which appear in legitimate applications.</td>
<td>
<samp>
Reads the contents of the clipboard:
<br/><ul>
<li>GetClipboardData</li>
</ul>
</samp>
</td>
</tr>
<tr>
<td>The file contains overlay data.</td>
<td>
<samp>
2797906 bytes of data starting at offset 0x245800.
</samp>
</td>
</tr>
<tr>
<td>VirusTotal score: 47/72 (Scanned on 2024-03-09 11:29:31)</td>
<td>
<samp>
ALYac:
Gen:Variant.Tedy.525762
<br/> </samp>
<samp>
APEX:
Malicious
<br/> </samp>
<samp>
AVG:
Win64:Evo-gen [Trj]
<br/> </samp>
<samp>
AhnLab-V3:
Trojan/Win.Generic.C5581048
<br/> </samp>
<samp>
Alibaba:
Trojan:Win64/ClipBanker.64a006fe
<br/> </samp>
<samp>
Antiy-AVL:
Trojan/Win64.ClipBanker
<br/> </samp>
<samp>
Arcabit:
Trojan.Tedy.D805C2
<br/> </samp>
<samp>
Avast:
Win64:Evo-gen [Trj]
<br/> </samp>
<samp>
Avira:
TR/AD.Nekark.hrklp
<br/> </samp>
<samp>
BitDefender:
Gen:Variant.Tedy.525762
<br/> </samp>
<samp>
CrowdStrike:
win/malicious_confidence_100% (W)
<br/> </samp>
<samp>
Cybereason:
malicious.472def
<br/> </samp>
<samp>
Cylance:
unsafe
<br/> </samp>
<samp>
Cynet:
Malicious (score: 99)
<br/> </samp>
<samp>
DeepInstinct:
MALICIOUS
<br/> </samp>
<samp>
ESET-NOD32:
a variant of Win64/ClipBanker.EI
<br/> </samp>
<samp>
Elastic:
malicious (high confidence)
<br/> </samp>
<samp>
Emsisoft:
Gen:Variant.Tedy.525762 (B)
<br/> </samp>
<samp>
F-Secure:
Trojan.TR/AD.Nekark.hrklp
<br/> </samp>
<samp>
FireEye:
Gen:Variant.Tedy.525762
<br/> </samp>
<samp>
Fortinet:
W64/ClipBanker.EI!tr
<br/> </samp>
<samp>
GData:
Gen:Variant.Tedy.525762
<br/> </samp>
<samp>
Google:
Detected
<br/> </samp>
<samp>
Ikarus:
Trojan.Win64.Clipbanker
<br/> </samp>
<samp>
K7AntiVirus:
Trojan ( 005b115c1 )
<br/> </samp>
<samp>
K7GW:
Trojan ( 005b115c1 )
<br/> </samp>
<samp>
Kaspersky:
Trojan.Win32.Agent.xbjqqc
<br/> </samp>
<samp>
Kingsoft:
Win32.Troj.Unknown.a
<br/> </samp>
<samp>
Lionic:
Trojan.Win32.ClipBanker.Z!c
<br/> </samp>
<samp>
MAX:
malware (ai score=89)
<br/> </samp>
<samp>
Malwarebytes:
Malware.AI.4225718928
<br/> </samp>
<samp>
MaxSecure:
Trojan.Malware.1728101.susgen
<br/> </samp>
<samp>
McAfee:
Artemis!1FBB53E472DE
<br/> </samp>
<samp>
MicroWorld-eScan:
Gen:Variant.Tedy.525762
<br/> </samp>
<samp>
Microsoft:
Trojan:Win64/ClipBanker!MSR
<br/> </samp>
<samp>
NANO-Antivirus:
Trojan.Win64.Nekark.khxtjy
<br/> </samp>
<samp>
Panda:
Trj/Chgt.AD
<br/> </samp>
<samp>
Rising:
Trojan.Generic!8.C3 (CLOUD)
<br/> </samp>
<samp>
Skyhigh:
Artemis!Trojan
<br/> </samp>
<samp>
Sophos:
Mal/Generic-S
<br/> </samp>
<samp>
Symantec:
ML.Attribute.HighConfidence
<br/> </samp>
<samp>
TrendMicro:
TROJ_GEN.R03BC0XAT24
<br/> </samp>
<samp>
TrendMicro-HouseCall:
TROJ_GEN.R03BC0XAT24
<br/> </samp>
<samp>
VIPRE:
Gen:Variant.Tedy.525762
<br/> </samp>
<samp>
Varist:
W64/ABRisk.BPFY-8480
<br/> </samp>
<samp>
ViRobot:
Trojan.Win.Z.Clipbanker.5179730
<br/> </samp>
<samp>
ZoneAlarm:
Trojan.Win32.Agent.xbjqqc
</samp>
</td>
</tr>
</tbody>
</table>