popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

0694b1714768f441a6827c5776da3cdc.exe

Gen1 Generic Malware UPX PE File OS Processor Check PE32 DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 19, 2021, 10:31 a.m. July 19, 2021, 10:51 a.m.
Size 712.6KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 7a7c47733423a46f83eab77d230a0e12
SHA256 948bd9774b0dfad1762f459a078f55426780b722585aa701941e95b188a552de
CRC32 15182699
ssdeep 12288:CcXL9SLN+NH0khUZY+vcvw1VU8QYewwB9gL1xBYjJZcaFZ:Cc72Q2ZYuKoel9gLHBY9Zcar
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
by.dirfgame.com
A 104.21.78.28
A 172.67.215.92
104.21.78.28
ol.gamegame.info
A 104.21.21.221
A 172.67.200.215
172.67.200.215
google.vrthcobj.com
A 34.97.69.225
34.97.69.225
google.vrthcobj.com 34.97.69.225
ip-api.com
A 208.95.112.1
208.95.112.1
IP Address Status Action
104.21.21.221 Active Moloch
104.21.78.28 Active Moloch
164.124.101.2 Active Moloch
208.95.112.1 Active Moloch
34.97.69.225 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49167 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49167 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49167 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49167 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49167 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer Armadillo v1.71
suspicious_features POST method with no referer header suspicious_request POST http://by.dirfgame.com/report7.4.php
suspicious_features POST method with no referer header suspicious_request POST http://ol.gamegame.info/report7.4.php
request GET http://ip-api.com/json/?fields=8198
request POST http://by.dirfgame.com/report7.4.php
request POST http://ol.gamegame.info/report7.4.php
request POST http://by.dirfgame.com/report7.4.php
request POST http://ol.gamegame.info/report7.4.php
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7463c000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x745c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74541000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x744b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74401000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74542000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2856
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02050000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2856
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02130000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2856
region_size: 1052672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02170000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2856
region_size: 380928
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dd0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74311000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75821000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75081000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x758b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76ca1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2856
region_size: 311296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01e30000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
domain ip-api.com
file C:\Users\test22\AppData\Local\Temp\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\axhub.dll
file C:\Users\test22\AppData\Local\Temp\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\axhub.dll
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000120
process_name: mobsync.exe
process_identifier: 2128
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 2184
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: taskhost.exe
process_identifier: 2324
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: cmd.exe
process_identifier: 2436
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: conhost.exe
process_identifier: 2444
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchProtocolHost.exe
process_identifier: 2456
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 2556
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: WmiPrvSE.exe
process_identifier: 2772
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: rundll32.exe
process_identifier: 2808
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: rundll32.exe
process_identifier: 2856
1 1 0
process rundll32.exe
Time & API Arguments Status Return Repeated

RegSetValueExW

 key_handle: 0x00000124
regkey_r: 1
reg_type: 3 (REG_BINARY)
value: ÁÕx4XÁåH<PÁýPwËoÜØ_µHŀµ¾HŘ¼«HcáA—@ű4^¯fZÅÊC@K°h·?ˆËjètM=…ã•ŸK£¹áü÷¶­Ãc~–¹²$ ?xÃ{a‰LÇs°Íh™$ÏüsEø½ƒç@tPAÊ]—ù¸003ú6)žÃ{¸ÍE´H±Æ·¹ÎMŽÅÉ`tÃ]žÁÍ` dÁÂGÅh™»ÿ*^ßptÃE&÷3á“ù¸€€HÃE¾(ŸÃ×x|ÃçHD(ÃÿPL ËGôqœ‹Ã ç„ÁÕx<‘Åh,]ÅáHñÉm,Àe-Ï!E`3è‚â‰.DDH‚îçLLLHÃÛHTÇÙB]ÆÉr}ÈEϋû~I*#|·@ŠNRƙPÉ7¼ˆˆBÉ„ŒŒ‰Ì*œüp:ò2z‹½ÃÎòÿ‰)øTK¸ÀL½ThÃÞêúÎRÖ±¼Ãčº[€B!ãˀ·=‹Êhêt’ªÀ4³pºÊúQiJó±x`AnóÁϕ•XžNېÅûrEN±½J¶< Çӑyc¤Š›c‰1~"yò8†zBaj ;»­¾ÊÊe©3vJÃϸ£@ÊÂUUJËCŸ…ØJәrêލ7µ‹Î*&J‰së߈!¦Aø—.‹@|2~o‘ˆNÇH<>α~¦$ËÍ‚ƒÏJKŽP{û´Ÿ®ÉÌ@Šp·OÁƒN±¾I¶?Âû¹y`§Š›eXXJ>==>§"ÍÅ ‚ƒK¸ûòÁ#ÀL¼e‰IOfïÕŠBE´kWÅÀŠL[ß±¿À ƍ¹X€@#ãې·>‰Ëiët’^õ;¡Ñ隣·ÅÀŠ8/]÷©¿ìOÃI)é1óˆÃ¸ÔðHÉEÀ_ž„ËoÄÀûí·ËkáAËGìë„ÁÕx,]ËoÜxÃrrQcõ;Q!ïFáü÷¶­ÁÍ` À6#F²$ ?xÃc9,F;—ÂÁ  ¬ˆLÇkTAFð¾õz4ÇsGRF–ŒR¹Á  ¤€èu`·ÁÍ`lÇckx»3t4ó)¼V¸õZf_>s~²½ f_>r­+Ktņ Hs⫧T½nEt}ˆ½<u¶{¸ fãÁz(bÃA²z(vÄHðf_}z*aÑàK¸óz8JÁ¹ úBZ•ÉÜPLÈE´VkÄ–‹ÊE:ø̈þ†¶JњËBéar묛ÔúÏÇr}~ñōߢ»Ïßjjgᓾ5FҐÊIƒ¶µoù´'zó»OqÀŽAʀJxrCIÊÈGENH C;áÑŒÀÖsiÌĶüËCJ€¶ÚáŽêNL‰ŽÏZ˜Êkét¾ojn_Š¾øù@Aù¸00AÊYáú6*ÃSÍEϋ_%»ÏÏzjÃ\ŸÃC‰¾(’vúˆN¸^"wr8u: Èäh¸rÅŒÁÊJÚ…E´VgÎJÖEÀE´aTÊZÒHŁKKԖ¾(’vú¯'Bî‹]WR8t²ŒÇçH˜õZf_:wweïŠK+G„èEHKøÂ>sv‹ŽŒ 7°…Eϋ ŽD}¶;´‰HřOÇP—gto»NÏÉFEB˼*ý½AÊKˆËkà@™9¤/³UE¾EwÁÇBMJ¸¶¸¹ððAN¸w¦Eâx¹  f]ú´dšKÀaðJljOMHÊBÃOfÿ¡¹‰vúBÉFLKÓ[NÏÉFEB˽ÖïÇ/€¬ˆ‹ …EϋšHŹ7ˆƒEϋŒ‹ÅBHÏå~XKȏÏ{¼Oè§Oð «p mvú…Çk¨ÍEϋü…¾Êb¤t7z3ÂE‹Îr±ÃšXÂG„ÍW«| ¸e9ìOËAÀJKÐ,k°¤€EvúÍEϋĽ´Â+g·:‰Çv´ˆ&äHƁ;{u0|Ê÷ËEҟƒEµôÍÇ/€¬ˆLÇçHdÏ ' EÀE´S¬ #¤…E´i–C€ð⿫ǁOÇH‹‰+éB¾*ÁÖouvóKôW`Ã@ƒKøºÌýqŠ])(REµhXvóóášÃ@4(äá“ù¸€€HÃ@Š¾+=OZtMŽÃ×xT8ËGôqž±Ò«XÄ–/qÍ 666Ûqïp‚í ⁿž%ä€åÐ¥ð"+  ŽŠ¤ìJ £ %ƒËN‚…„  ÊD†š•LZ`` ‚Ž  @Aõöà!@‚“–p=NŽøô PÞÖ]81‡‰•›UH€©¤øó™“$Ս/îççÿúõ´Œ)DdƎX†–'çÔŠXÁ“™J@€€ JN¥æŽÁAFz@úÁ+êÁ„… ÉÇÀúøú:ÁÊoªÇÏÕÉ>å ì džÜïeÞˌÕ[ÒåÓcÞȓRÀ¬…iû{¶xÇK‡âØþ~oxiXŀ…ˆ@©uÌÌHHƒoÄÀï3úŒvóóášɄô„{ÀÀúëÑÀèerßҀ 'aFNÁŒÚþ"€GÌ Á·ú£Ëÿó‰©â5h~'=øÀÔ֋bhâá,Ìà3Åö"4öà!áÃ#ãÀf¾äÀà èóûCu80xÅáHhà # /"öÁ ÅE‹ œÀ2RHc˨ÅÙp0›‰»»b%ºê':’ž €“8ŒDÀŒŒHÃÆMH{þ%l˜–êaŒèuMYP¢àÍèÑôÙK{éxòcéî™zèØØãŸ(5pòm™ôg‘èÁùÑé‚hêÛ]íjîóњ°çêÚó…ç™7_½å6ááú6êQ/þUԝŒILJxµE´dPbBF&HMÄúD ³¼E@€@(• tÌ­iÈÃ'¥ì yyûzö »¯MGQELwvÁÕ\$,@ÁåH4XH‰ýP<PÁõX,(av((hň 78-ô‘ÁˆJ±êôuSPՎ á²Þ­b1s­*„KàëPىC Åö#Áo;0`8µøwdn"+@ öØ+cKCà'GŠ¹»2ÐáIÁÎÿP•,ñ¡IÁŽ%!¶+ËÜü‹A!D'}bw@Hƒmït´‰Ãçh X4ßÿPdH‹÷XlÁ ‹ Š KÁ‹H‹Ó— ®!@!`ÇDÇõ âRuE†5ñ¦¡Ã‡æbB_ÇÂ'$_ÇÏÃ×x‘ƒa!Ãv¶þŸ Q’ÃrČ¥…v5Âuy·"¸!!hÃD'⋓™Lڛ€Y"‰æGiEH<›Šˆ9xßþ·RöÈAI ˆIÃKé]P 4\AÔ!ÃÂiÏêÒQö[°ÀF-!Ll Ag¬~ú~B$ŒœVù°àó<n¡óÕÄó«z3xH0Š‹KÓI5ê¡¥!mÝ;:1º tN[‘ñy‡ê<1ãø“%[çïü´±ä´t¨uü-10Ãö4:8.—Ä÷ð ÿ†*$µËyàªHÈÂO‡ 邃 zbòu§·•éìt· Y—G¿ê ßȘP·ê†“PB+=D]\±çI·ÚÞÇ­•†Ï mÞäQj¨98#®MÊ{¸ÃaZ£elñ"ŠÆDµs»¯•ŠgXÌÿ…s‚8ÇÈK ›µ!PutËՙ/£ˆÃLJëÈd… 31Ro=GSm0Ã߇»—ë‹€¨¥+hS,µÊ$ûënŒÍ÷v€Àkψx£ŒUh)_!¾ˆ8éêÜùµEµg–MߤHHDpXÅÉ`DPt` |Áˆ1?/v`A;ÇDŸgok'ƞ<GÝy”L//h|ÁßÕ¶—E?œ›w³á!°8ÅÂàâÂĤ÷êXÿ´rf³µtX òŒ¼À!=^u[x4@ÅÒ?gsPzüßG)_@ö曟Wû º‹½uÀ ‹ÌOÈI@ÛŠápJRTÃÛC[ÃįÈ&nfNL‰Ö˜ôóŒ+4otÉËv°QCďHïê¨.ºd¯ùÆÛH@¢“3ÁÇT@´—/€ÌA¶,}líáõã‚ás÷ç#u´âO|³Òሠ§Ðz؂BÛ~ôKyÔù@/$Oh(Àð:Ƅ¨¿â­v™\’pPS+ÈókH{Žd¢#RgêêÇò ©Ôt$6ò+º¡âz^7[ôû´îççUÍW®qr`Òò¦¬UV1OíAfË+€Ž{ßûH؊)Kj‘ÞW8ow}yZKe@Ëoé%2Ë ÙAÅÁh1C/‚êA´ô‘EϐÕ|§»ýÃÓÐu71Fâ—ÞïD˜¿-ýR_À0ôïìɍó³YÊC+‡ƒJHEµ¬{1Ɔ»?„p¶óƒ´ùêÈRëzfß'êÏz LDÇï!AH(¥þ„¿ÔG ˜@K7ŒŒ€@ÇW•Àâs˜ÉÀúSwÆñjÙàŒ˜¥Ÿ-ó‰Âõ¸‰£è{¼ÇiâHÃb`Ž>8 €¹-EÍzð‹†’€AÈÊkkÓM/rQ¶¯À‰[SEÄòkUȍxtÍ+ìBGù¨±¦ô C†Ÿ™.9VHÃÎu|Ç@Ä·úemÎMŽÁ‰D`qÂ_œÅ;2vô÷ñ021³0ôÕý¤7ªE52œxòÑÎ…Žu`ZÁ—õ+ÊBÃ@#ÔìÕô•4 xD,Ü®Vi4EzB¨ÔL(^N…˜¤¦¢Ú9òþ]Š>¸~tERqÇgB¡}ðY¨8!Tÿ[HiÀiM L7à‹É-â¹ꟊP¨¦§à OÁ1+€Ãšº¶æ“ÿ$Óº`îS<$p·G%ܶ+šºŒ Àcä<Í´6ó*ãÅÌe%H@ÍL½yÏÜW9ûZ8ãZF$=€JˆIÅh,[””…™ÕHÁ™ˆ"‰*ê¿x˜ MÅí(¸¹A"{ü¤T´Å²ã[;‹(¼\l+ «ƒ€{ò‰NÐq4K¹ó5J; ì‰àEwߥÃ롅Ì$ˆFs DËC‰»ðø¥sù‹î[2€zy€uq7ó+î´µDúýɍÑ3aŠ+óCUv×Æ)O4x(ë¢_ ,%lEabFoê…û³S(IÊK…%p?+Ð[s¼ÏIŠÅ­4çX³
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{LJU50KX1-5I52-VT6Q-WSWM-U2Z9XL21ZV61}\1
1 0 0
Time & API Arguments Status Return Repeated

IWbemServices_ExecMethod

 inargs.CurrentDirectory: None
inargs.CommandLine: rUNdlL32.eXe "C:\Users\test22\AppData\Local\Temp\axhub.dll",main
inargs.ProcessStartupInformation: None
outargs.ProcessId: 2808
outargs.ReturnValue: 0
flags: 0
method: Create
class: Win32_Process
1 0 0
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Crypt.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Agent
ALYac Trojan.GenericKD.37204496
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.3399235
Sangfor Trojan.Win32.Crypt.gen
K7AntiVirus Trojan ( 0057f23b1 )
Alibaba Trojan:Win32/Kryptik.2049b3fd
K7GW Trojan ( 0057f23b1 )
Arcabit Trojan.Generic.D237B210
Cyren W32/Trojan.MJLZ-3453
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HLQQ
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Zusy-9878432-0
Kaspersky HEUR:Trojan.Win32.Crypt.gen
BitDefender Trojan.GenericKD.37204496
MicroWorld-eScan Trojan.GenericKD.37204496
Avast Win32:MalwareX-gen [Trj]
Tencent Malware.Win32.Gencirc.10ce6651
Ad-Aware Trojan.GenericKD.37204496
Sophos Mal/Generic-S
Comodo Malware@#16byuxsj06xy0
DrWeb Trojan.Inject4.13781
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0WGD21
McAfee-GW-Edition BehavesLike.Win32.Trojan.bc
FireEye Trojan.GenericKD.37204496
Emsisoft Trojan.GenericKD.37204496 (B)
Jiangmin Trojan.Crypt.fma
Avira TR/Crypt.Agent.bfxxa
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa
Microsoft Trojan:Win32/Ymacco.AB94
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
GData Win32.Trojan.PSE.13QHYFZ
AhnLab-V3 Trojan/Win.Generic.R431137
McAfee GenericRXAA-AA!7A7C47733423
MAX malware (ai score=88)
VBA32 Trojan.Inject
Malwarebytes Trojan.Crypt
TrendMicro-HouseCall TROJ_GEN.R002C0WGD21
Yandex Trojan.Agent!fECXbpTI758
MaxSecure Trojan.Malware.119433295.susgen
Fortinet W32/PossibleThreat
AVG Win32:MalwareX-gen [Trj]