popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

27364cdfec04f571117b8425e851343b.exe

Generic Malware GIF Format PE64 PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 18, 2021, 4:17 p.m. May 18, 2021, 4:20 p.m.
Size 672.5KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 a1acc4e7065d4eb28cdf9e85973cba16
SHA256 816da93bc5b57be3ec3177df62c6bac9c3d12b6c7446acada5f9b74b4a6bac33
CRC32 83051DB8
ssdeep 12288:R6vFoy4L9GtrB6svl9Wldt9lKD0sDxtv/S20NNEMQq:RgkL2dHqpHM0sqpyY
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
email.yg9.me 198.13.62.186
email.yg9.me
A 198.13.62.186
198.13.62.186
ol.gamegame.info
A 172.67.200.215
A 104.21.21.221
104.21.21.221
ip-api.com
A 208.95.112.1
208.95.112.1
iw.gamegame.info
A 104.21.21.221
A 172.67.200.215
172.67.200.215
IP Address Status Action
104.21.21.221 Active Moloch
164.124.101.2 Active Moloch
172.67.200.215 Active Moloch
198.13.62.186 Active Moloch
208.95.112.1 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49205 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.101:49205 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.101:49205 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.101:49205 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer Armadillo v1.71
suspicious_features POST method with no referer header suspicious_request POST http://iw.gamegame.info/report7.4.php
suspicious_features POST method with no referer header suspicious_request POST http://ol.gamegame.info/report7.4.php
request GET http://ip-api.com/json/?fields=8198
request POST http://iw.gamegame.info/report7.4.php
request POST http://ol.gamegame.info/report7.4.php
request POST http://iw.gamegame.info/report7.4.php
request POST http://ol.gamegame.info/report7.4.php
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10000000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10000000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d70000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73701000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72cd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c94000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73702000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x743e1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1536
region_size: 720896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f70000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1536
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01fe0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1536
region_size: 1052672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02020000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1536
region_size: 376832
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f70000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73c61000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76891000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x737c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75111000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75241000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74f41000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1536
region_size: 307200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x021a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13726859264
free_bytes_available: 13726859264
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
domain ip-api.com
file C:\Users\test22\AppData\Local\Temp\install.dll
file C:\Users\test22\AppData\Local\Temp\install.dll.lnk
file C:\Users\test22\AppData\Local\Temp\Qt5Concurrent.dll
file C:\Users\test22\AppData\Local\Temp\install.dll.lnk
file C:\Users\test22\AppData\Local\Temp\install.dll.lnk
file C:\Users\test22\AppData\Local\Temp\install.dll
Time & API Arguments Status Return Repeated

Process32FirstW

 snapshot_handle: 0x00000120
process_name: [System Process]
process_identifier: 0
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: System
process_identifier: 4
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: smss.exe
process_identifier: 224
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: csrss.exe
process_identifier: 300
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: wininit.exe
process_identifier: 348
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: csrss.exe
process_identifier: 364
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: winlogon.exe
process_identifier: 396
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: services.exe
process_identifier: 440
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: lsass.exe
process_identifier: 456
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: lsm.exe
process_identifier: 464
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 568
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 640
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 700
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 776
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 824
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: audiodg.exe
process_identifier: 892
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 968
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 264
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: spoolsv.exe
process_identifier: 820
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 292
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 1192
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: srvany.exe
process_identifier: 1244
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: taskhost.exe
process_identifier: 1284
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: KMService.exe
process_identifier: 1324
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: conhost.exe
process_identifier: 1376
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: sppsvc.exe
process_identifier: 1800
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 1876
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: dwm.exe
process_identifier: 1496
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: explorer.exe
process_identifier: 1848
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: WmiPrvSE.exe
process_identifier: 1916
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 2816
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchIndexer.exe
process_identifier: 2940
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchProtocolHost.exe
process_identifier: 1480
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchFilterHost.exe
process_identifier: 3040
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchProtocolHost.exe
process_identifier: 2120
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: mobsync.exe
process_identifier: 1068
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 3056
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: taskhost.exe
process_identifier: 2832
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: rundll32.exe
process_identifier: 1536
1 1 0
process rundll32.exe
Time & API Arguments Status Return Repeated

RegSetValueExW

 key_handle: 0x00000124
regkey_r: 1
reg_type: 3 (REG_BINARY)
value: ÁÕx4XÁåH<PÁýPwËoÜØ_µHŀµ¾HŘ¼«HcáA—@ű4^¯fZÅÊC@K°h·?ˆËjètM=…ã•ŸK£¹áü÷¶­Ãc~–¹²$ ?xÃ{a‰LÇs°Íh™$ÏüsEø½ƒç@tPAÊ]—ù¸003ú6)žÃ{¸ÍE´H±Æ·¹ÎMŽÅÉ`tÃ]žÁÍ` dÁÂGÅh™»ÿ*^ßptÃE&÷3á“ù¸€€HÃE¾(ŸÃ×x|ÃçHD(ÃÿPL ËGôqœ‹Ã ç„ÁÕx<‘Åh,]ÅáHñÉm,Àe-Ï!E`3è‚â‰.DDH‚îçLLLHÃÛHTÇÙB]ÆÉr}ÈEϋû~I*#|·@ŠNRƙPÉ7¼ˆˆBÉ„ŒŒ‰Ì*œüp:ò2z‹½ÃÎòÿ‰)øTK¸ÀL½ThÃÞêúÎRÖ±¼Ãčº[€B!ãˀ·=‹Êhêt’ªÀ4³pºÊúQiJó±x`AnóÁϕ•XžNېÅûrEN±½J¶< Çӑyc¤Š›c‰1~"yò8†zBaj ;»­¾ÊÊe©3vJÃϸ£@ÊÂUUJËCŸ…ØJәrêލ7µ‹Î*&J‰së߈!¦Aø—.‹@|2~o‘ˆNÇH<>α~¦$ËÍ‚ƒÏJKŽP{û´Ÿ®ÉÌ@Šp·OÁƒN±¾I¶?Âû¹y`§Š›eXXJ>==>§"ÍÅ ‚ƒK¸ûòÁ#ÀL¼e‰IOfïÕŠBE´kWÅÀŠL[ß±¿À ƍ¹X€@#ãې·>‰Ëiët’^õ;¡Ñ隣·ÅÀŠ8/]÷©¿ìOÃI)é1óˆÃ¸ÔðHÉEÀ_ž„ËoÄÀûí·ËkáAËGìë„ÁÕx,]ËoÜxÃrrQcõ;Q!ïFáü÷¶­ÁÍ` À6#F²$ ?xÃc9,F;—ÂÁ  ¬ˆLÇkTAFð¾õz4ÇsGRF–ŒR¹Á  ¤€èu`·ÁÍ`lÇckx»3t4ó)¼V¸õZf_>s~²½ f_>r­+Ktņ Hs⫧T½nEt}ˆ½<u¶{¸ fãÁz(bÃA²z(vÄHðf_}z*aÑàK¸óz8JÁ¹ úBZ•ÉÜPLÈE´VkÄ–‹ÊE:ø̈þ†¶JњËBéar묛ÔúÏÇr}~ñōߢ»Ïßjjgᓾ5FҐÊIƒ¶µoù´'zó»OqÀŽAʀJxrCIÊÈGENH C;áÑŒÀÖsiÌĶüËCJ€¶ÚáŽêNL‰ŽÏZ˜Êkét¾ojn_Š¾øù@Aù¸00AÊYáú6*ÃSÍEϋ_%»ÏÏzjÃ\ŸÃC‰¾(’vúˆN¸^"wr8u: Èäh¸rÅŒÁÊJÚ…E´VgÎJÖEÀE´aTÊZÒHŁKKԖ¾(’vú¯'Bî‹]WR8t²ŒÇçH˜õZf_:wweïŠK+G„èEHKøÂ>sv‹ŽŒ 7°…Eϋ ŽD}¶;´‰HřOÇP—gto»NÏÉFEB˼*ý½AÊKˆËkà@™9¤/³UE¾EwÁÇBMJ¸¶¸¹ððAN¸w¦Eâx¹  f]ú´dšKÀaðJljOMHÊBÃOfÿ¡¹‰vúBÉFLKÓ[NÏÉFEB˽ÖïÇ/€¬ˆ‹ …EϋšHŹ7ˆƒEϋŒ‹ÅBHÏå~XKȏÏ{¼Oè§Oð «p mvú…Çk¨ÍEϋü…¾Êb¤t7z3ÂE‹Îr±ÃšXÂG„ÍW«| ¸e9ìOËAÀJKÐ,k°¤€EvúÍEϋĽ´Â+g·:‰Çv´ˆ&äHƁ;{u0|Ê÷ËEҟƒEµôÍÇ/€¬ˆLÇçHdÏ ' EÀE´S¬ #¤…E´i–C€ð⿫ǁOÇH‹‰+éB¾*ÁÖouvóKôW`Ã@ƒKøºÌýqŠ])(REµhXvóóášÃ@4(äá“ù¸€€HÃ@Š¾+=OZtMŽÃ×xT8ËGôqž:k™X°¶§qÍ 666Ûqïp‚í âӐGžúåÐ¥ð"+  |x¤àF cûƒËN‚…„  ÊD†š•LZ`` ‚Ž x†û @Aåæà!@‚ƒ†PNðö ðÀMx805Nv ”š”ðíFDÆÌ{z/îççÿçõtL) Ǝ8åÆS'çÔ–VÁ‹J L€€CN•ÕÁ1àÖ:úÁÖÁ:¾… ÉÇÀúøú:NãíDTžÇÏÕÏÝ ÜǺ<ÜÃIÞˌŽÒåÇwޜT“RÀ”T€û{¢lÇ\ÚäÿommXËoì(À_Fñ3úÉEvóóášÁ„]A|kÀÀÒÀèê/ #Kŀ»Î|QBò›L#€Gìè)ÇSÌÎâåííÆ`¥„ÏÀ He}ðàçñä!†"âæ钙â4óàhÁŒú²l/ p>HÃɬ¦âáôZNàû8Àòñê àé)ÃB©+ÀfïŒé,ÀÃåê.åÿûCu8(xHáHhÎóô"öÁÌE « œÀ8c+à¨ÅÙp«‰†=»b+´êïséA©€®ãZ“Œ!:ìȀ¹QÃÆMHsþ%DÛu{I<MYþàiôŸæèhé®ÎmèDl»jîïG¶ñ=Éô_A/Ùè(ÁéB¨êkyñã皝üöÚó…N©ác(ýå6ááú™¯ê>®ÇN JØE´d°œÌ‡7BÄú4 ³¼E@€@(µ,qÌ­iÈÃ'u <y5¥hêüè\@áž_d}vÁÕ\$,@ÁåH4XH‰ýP<PÁõX,(av((hňïÃ)HÃR‘D…ˆR©ê´%ÈHՖᲞŒab1Þ*„KàëPÙÊ Åö#HXÁâ;0`8µøU"dï"+À'öÐ+(Cà·ßž§»2ÐáIÁÎÿPý<ha©Ž%!Fm+Ë Ìߎõ—žÎ'}bwHËmït´‰ÃƒdHX,ÇÿPd@HÃ÷XlÁ ‘€ Š KÁ‹H‹`ïD ®!@!`ÇD©¸2 âXE†51 !ÇDæbB_  ! '_ÍÅÃ×\$xËGäaTÉ!Ãv¶þ”Q’ÃñČ¥ó5Âu|·"¸!IÃD':Œß“™LA€Y.…æ–ÑiEH<šŠˆ9xߏ±tQ¦ˆKI ˆÃë9dPÌ"'!È ÂyÏêš œ(¿Àې„‘ ³˜~q‹ŒˆœVù°_¿ó÷óÕÄó«z3@@00ŠÀÓI5ÿaö†€;:¡º tNÊñy‡êó`²Âù“~çïü´±ïC³ùü41øÈ0Fj»±,—Ä÷PƒhPĵËyගÂOç` ½ÖƒsbF–ÑBÏ•éìt¼Y—GPïêÊ^óE·ê¿F“PB+y]\±çv?·Úž+‘ב‹êê;äQj¨9®Mʛà¸ÃaZ£flñ*ŠÆDµe»¯•Š|XÌzs‚ôÌÇÈK›µ!PutÃ^™/cÀˆÃLJëÈ´~ÕW¬o0ozSm0È ß‡»—êöó<.º¥+hµÊA>$ûÃŌÍ-Úv€ÀkGx£ŒDh)_!¾ˆÑêWӁEµs–MB]ߤHHD(ÅÉF&DPt` dÁˆCW1?/v`A6ÈDŸgokáž<G=:I›7//h4HÁ ¶—Eô[zš³À³;ÅÂw—âÂĤì꧴r6P³µtRòŒ®ø™Æ¶u[xtÅÒ~AgsP†ßG)[@öæ›Èû º ½uÀ€ÌO‰AI@ȊápSRTØ[ÃÄ©ÈþUƒ‘Ö˜ôóÄH+4o|ÉËv³2°QCď§ê„ÂKįê†CÛH@}[3ÁÇT@#/€Ì<}¶,Q\íáõãE)s÷ç#ÁâO|³Ù ሪÐz؂BDŸ~ôK­ù@/$E h(ÀãJ @3F‚¾â­vŒpPñåS+ÈókH{ê¢#Rg çê ¢²ÔP6òÄﺡâzi[ƒwû´îççUÍùqr`kÒòn TLZrOíAfË+€Ž{$H؊ ¢)Kj‘ÞW8o}µ–oà¡@ËoÌ2˘‘ÙAÅÁhrÓ~û üô‘Eϋ€U|§»ýÃd71F¢é F'-µ W¿Â0ôïìÉ~³4mÊC+‡ƒJkI¨…_Ɔ»?„pEƒ´ùç °Ú¿Ãbføê·¹» LDŸ·!AHþ„ûû¿ÔG” ˜û»K7ŒŒ€ƒ@NjܕÀâsQÀúCwÆñ³àŒ˜¥Ÿ-ó‰Âz¸‰£c‹{¼ÇiªÃbi Ž>8‹¹-MÍzð‹€AA‰Êkkž/rA¶¯ÀÒSEM‰òkUÈõt́ªìBGù»±¦d8z±†Ÿ™.9ÃÎE0|Ç@ĸúe(EÎMŽÁÍ`ø‰Â_œÅ vô÷ñ,÷Æ2³3÷Õý“ªg"`œxòÑÎ…‹u`ZÁ—õáBÈ @#xÿmñ•4 xD,Ü®Vi4EzB¨ÔL(^N…˜¤¦¢ÚÜٙzÌ(wPò¸~tE"§5ý{™n°}ðY¨8!Tÿ[M›÷ÀrM L7à‹ÍϹêGðóÊ  OÁ1+€Ãš ±¶uÿ$#¥îSG{$§Þ¶+šºŒ À‡’ªÉ´6ó*ãÅÌeõ” Á½yÏÜWÂZ8çZF$=€JÁÅh¼[””…™ÐHÁ’™ˆ"„'êǘ YÅí(¸¹A"{BFü¤T´Å²¸;ˆ"¶\\By(€{È:‰HÐp4K¹6Å5J;ŠæƒàEwߥÃJ…ÌŒ¨ˆFöL½pLh£C‰»ðøµ•æù‹àU2€zù@5q7ó+î´µÅáýɍÏ-aŠØ@Uv×Æ)O4x<ë¢_eX,lEabFoê
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{LJU50KX1-5I52-VT6Q-WSWM-U2Z9XL21ZV61}\1
1 0 0
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Ser.Cerbu.3566
FireEye Gen:Variant.Ser.Cerbu.3566
ALYac Gen:Variant.Ser.Cerbu.3566
Cylance Unsafe
Sangfor Trojan.Win32.Injector.gen
K7AntiVirus Trojan ( 0057c8ba1 )
K7GW Trojan ( 0057c8ba1 )
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.FFGP
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Injector.gen
BitDefender Gen:Variant.Ser.Cerbu.3566
Avast Win32:Trojan-gen
Ad-Aware Gen:Variant.Ser.Cerbu.3566
Emsisoft Gen:Variant.Ser.Cerbu.3566 (B)
DrWeb Trojan.Inject4.11947
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-S
Ikarus Win32.Outbreak
Webroot W32.Injector.Gen
Avira TR/AD.Inject.mjdpy
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Downloader.ns
Microsoft Trojan:Win32/Sabsik.FT.A!ml
ZoneAlarm HEUR:Trojan.Win32.Injector.gen
GData Gen:Variant.Ser.Cerbu.3566
Cynet Malicious (score: 100)
McAfee Artemis!A1ACC4E7065D
MAX malware (ai score=82)
TrendMicro-HouseCall TROJ_GEN.R002H0DEH21
Rising Trojan.GenKryptik!8.AA55 (CLOUD)
Fortinet W32/GenKryptik.FFGP!tr
AVG Win32:Trojan-gen
CrowdStrike win/malicious_confidence_60% (W)