popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

2201.exe

UPX Malicious Library PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 30, 2021, 8:46 p.m. July 30, 2021, 8:48 p.m.
Size 56.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 52303e3dc2b3b9ad36ba6169418c5bd2
SHA256 93dcedb1435aa44a336b407c0044da614a3a15336995c5547abe70c5e741a35f
CRC32 7C5EF22D
ssdeep 768:lMyTlenToDMTEp1Gjy76rM9QXPvRePLrlteelol:lGEYT5y39QXHRErjlol
Yara
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
live.goatgame.live
A 104.21.70.98
A 172.67.222.125
172.67.222.125
google.vrthcobj.com 34.97.69.225
ol.gamegame.info
A 172.67.200.215
A 104.21.21.221
104.21.21.221
by.dirfgame.com
A 172.67.215.92
A 104.21.78.28
104.21.78.28
google.vrthcobj.com
A 34.97.69.225
34.97.69.225
ip-api.com
A 208.95.112.1
208.95.112.1
IP Address Status Action
164.124.101.2 Active Moloch
172.67.200.215 Active Moloch
172.67.215.92 Active Moloch
172.67.222.125 Active Moloch
208.95.112.1 Active Moloch
34.97.69.225 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49162 -> 172.67.222.125:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49168 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49168 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49168 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49168 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49162
172.67.222.125:443 		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 6e:af:7d:03:68:a7:53:bb:5d:6a:ab:d0:a0:25:76:e7:15:3c:7d:ae

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer Armadillo v1.71
suspicious_features POST method with no referer header suspicious_request POST http://by.dirfgame.com/report7.4.php
suspicious_features POST method with no referer header suspicious_request POST http://ol.gamegame.info/report7.4.php
request GET http://ip-api.com/json/?fields=8198
request POST http://by.dirfgame.com/report7.4.php
request POST http://ol.gamegame.info/report7.4.php
request GET https://live.goatgame.live/userf/dat/2201/sqlite.dat
request GET https://live.goatgame.live/userf/dat/sqlite.dll
request POST http://by.dirfgame.com/report7.4.php
request POST http://ol.gamegame.info/report7.4.php
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7403d000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fc0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ed1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e41000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73d91000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ed2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f91000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2416
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00320000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2416
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00370000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2416
region_size: 1052672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02100000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2416
region_size: 389120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a40000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f51000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76001000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ce1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x748f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x760e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74af1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2416
region_size: 315392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00aa0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
domain ip-api.com
file C:\Users\test22\AppData\Local\Temp\sqlite.dll
file C:\Users\test22\AppData\Local\Temp\sqlite.dll
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000120
process_name: mobsync.exe
process_identifier: 1604
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 1328
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: taskhost.exe
process_identifier: 1204
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: cmd.exe
process_identifier: 1012
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchProtocolHost.exe
process_identifier: 1172
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: conhost.exe
process_identifier: 1596
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchFilterHost.exe
process_identifier: 1684
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 2092
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: WmiPrvSE.exe
process_identifier: 2328
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: rundll32.exe
process_identifier: 2364
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: rundll32.exe
process_identifier: 2416
1 1 0
process rundll32.exe
Time & API Arguments Status Return Repeated

RegSetValueExW

 key_handle: 0x00000124
regkey_r: 1
reg_type: 3 (REG_BINARY)
value: ÁÕx4XÁåH<PÁýPwËoÜØ_µHŀµ¾HŘ¼«HcáA—@ű4^¯fZÅÊC@K°h·?ˆËjètM=…ã•ŸK£¹áü÷¶­Ãc~–¹²$ ?xÃ{a‰LÇs°Íh™$ÏüsEø½ƒç@tPAÊ]—ù¸003ú6)žÃ{¸ÍE´H±Æ·¹ÎMŽÅÉ`tÃ]žÁÍ` dÁÂGÅh™»ÿ*^ßptÃE&÷3á“ù¸€€HÃE¾(ŸÃ×x|ÃçHD(ÃÿPL ËGôqœ‹Ã ç„ÁÕx<‘Åh,]ÅáHñÉm,Àe-Ï!E`3è‚â‰.DDH‚îçLLLHÃÛHTÇÙB]ÆÉr}ÈEϋû~I*#|·@ŠNRƙPÉ7¼ˆˆBÉ„ŒŒ‰Ì*œüp:ò2z‹½ÃÎòÿ‰)øTK¸ÀL½ThÃÞêúÎRÖ±¼Ãčº[€B!ãˀ·=‹Êhêt’ªÀ4³pºÊúQiJó±x`AnóÁϕ•XžNېÅûrEN±½J¶< Çӑyc¤Š›c‰1~"yò8†zBaj ;»­¾ÊÊe©3vJÃϸ£@ÊÂUUJËCŸ…ØJәrêލ7µ‹Î*&J‰së߈!¦Aø—.‹@|2~o‘ˆNÇH<>α~¦$ËÍ‚ƒÏJKŽP{û´Ÿ®ÉÌ@Šp·OÁƒN±¾I¶?Âû¹y`§Š›eXXJ>==>§"ÍÅ ‚ƒK¸ûòÁ#ÀL¼e‰IOfïÕŠBE´kWÅÀŠL[ß±¿À ƍ¹X€@#ãې·>‰Ëiët’^õ;¡Ñ隣·ÅÀŠ8/]÷©¿ìOÃI)é1óˆÃ¸ÔðHÉEÀ_ž„ËoÄÀûí·ËkáAËGìë„ÁÕx,]ËoÜxÃrrQcõ;Q!ïFáü÷¶­ÁÍ` À6#F²$ ?xÃc9,F;—ÂÁ  ¬ˆLÇkTAFð¾õz4ÇsGRF–ŒR¹Á  ¤€èu`·ÁÍ`lÇckx»3t4ó)¼V¸õZf_>s~²½ f_>r­+Ktņ Hs⫧T½nEt}ˆ½<u¶{¸ fãÁz(bÃA²z(vÄHðf_}z*aÑàK¸óz8JÁ¹ úBZ•ÉÜPLÈE´VkÄ–‹ÊE:ø̈þ†¶JњËBéar묛ÔúÏÇr}~ñōߢ»Ïßjjgᓾ5FҐÊIƒ¶µoù´'zó»OqÀŽAʀJxrCIÊÈGENH C;áÑŒÀÖsiÌĶüËCJ€¶ÚáŽêNL‰ŽÏZ˜Êkét¾ojn_Š¾øù@Aù¸00AÊYáú6*ÃSÍEϋ_%»ÏÏzjÃ\ŸÃC‰¾(’vúˆN¸^"wr8u: Èäh¸rÅŒÁÊJÚ…E´VgÎJÖEÀE´aTÊZÒHŁKKԖ¾(’vú¯'Bî‹]WR8t²ŒÇçH˜õZf_:wweïŠK+G„èEHKøÂ>sv‹ŽŒ 7°…Eϋ ŽD}¶;´‰HřOÇP—gto»NÏÉFEB˼*ý½AÊKˆËkà@™9¤/³UE¾EwÁÇBMJ¸¶¸¹ððAN¸w¦Eâx¹  f]ú´dšKÀaðJljOMHÊBÃOfÿ¡¹‰vúBÉFLKÓ[NÏÉFEB˽ÖïÇ/€¬ˆ‹ …EϋšHŹ7ˆƒEϋŒ‹ÅBHÏå~XKȏÏ{¼Oè§Oð «p mvú…Çk¨ÍEϋü…¾Êb¤t7z3ÂE‹Îr±ÃšXÂG„ÍW«| ¸e9ìOËAÀJKÐ,k°¤€EvúÍEϋĽ´Â+g·:‰Çv´ˆ&äHƁ;{u0|Ê÷ËEҟƒEµôÍÇ/€¬ˆLÇçHdÏ ' EÀE´S¬ #¤…E´i–C€ð⿫ǁOÇH‹‰+éB¾*ÁÖouvóKôW`Ã@ƒKøºÌýqŠ])(REµhXvóóášÃ@4(äá“ù¸€€HÃ@Š¾+=OZtMŽÃ×xT8ËGôqžPTÌXîè qÍ 666Ûyçp‚é âÇù:`äÔ¡ð"+  ¬¨¤ðV #ëCƒËN‚„  ÊD†@Gš•LZ`` ‚Ž (>TU%'à!@‚ÃÆ[M07 àЄ±80%•½ ”ÊÄÐ6ꁟÝÌÛrª/îççÿ}‡õtL) `¥Çú^¡'çÔ¢bÁ±»’Ø@€€CI†ŽÁ¡Ðv:úÁS’Áv÷„… ÉÇÀúøú:Z DˆBÇÏÕ÷å k»˜Ù܁ ÞˌŽÒå¹õüÞȓRÀ”T€û{à³ÇKÚäÿoooSSXH€„ ­éõ ½¯ÌÌHËoì(Àï3úÉEvóóášÁ„]I·¨ÀÀÚÀè¸Ý”@F€ÆFNX™ŒúR#€Gì á7r¤Ëÿó‰©â5¸®'=øÀÔ֋bhâá,Ìà3Åö"4öà!áÃ#ãÀf¾äÀà èóûCu80xÅáHhà #y_"öÁ ÅE‹ œÀ3SHc˨ÅÙp0›‰»»b&¹êŽ®¾E[)sZ“Œdh):òø°¹QÃÆM€È{þ%t;¥¢£›ýuMYòà͘¡ô 8Ùèø[¬‰Œ··äê»Ëjîï7Æñ©Ä™ôÏc[õ¤QéKéª踸ã×`MüöÚó…ç™7å6ááú6êQ×&uȁŒilJÕE´d°œ¼ÀJBIÀúÄU¨¹¼E@€h偌Ì_òiÈâ<ým©Xê?9ŒÄ@єELwvÁ‰\x,@ÁåH4HÁýP<PÁõl4av((hōA[HÃRÁPÁˆJ±ê.1Վ á²æA´3Þ*„Kàì€Ñ Åö[xÁâ;0`8µÍ5wdï"+€Z<æØ+(Cà§Ïž½‰ÐáIÁÎÿPLYXåTŽ%!6++à Á!D'}bwHËmït´‰ÃƒdHX4ßÿPd@HÃ÷XlÁ ‘€ Š KÁ‹H‹`ïD ®!@!`ÇD2 @AÆE†„±1ÇDæbZ_ ! '_ÈÀX›×x0) aTÉ!Ãv¶þ”Q’ÃñČ¥ó5Âu|·"¸!IÃD':X “™LA€Y"‰æ–ÑiEH<šŠˆ9xߏ±tQ֏<I ˆÃë9dP\@Õ!È ÂyÏêš8×[¿Àk!\| Ag¬~q‹<$ŒœVù°_¿ó4ÇóÕÄó«z3XX00ŠÀÓI5ÿIï·€;:¡º tNÊñy‡êó§s1ãø“~çïü´±µ&—Šuü41 0Fj{BL÷P35 ‘„µËyàbHÂP‡ iƒsbr0’Ñ’–éìt¼Y—GPïêÒuÀE·ê¿.“PB+y]\±çö¿·Ú†3‘ !ÞäKj¨9®MÊ{¸ÌaZ£flñ"Šr´Dµe»¯•ŠgX$0Ìzs‚8Ç+ãK›µ!Pu%<tÃ^™/£ˆH‹Ç‡ëÈÔ$ 91RozSm0Ãßôs»—êî«}•¥…€+hµÊ$„ƒûÃŌÍ÷v‚”€ÀkGx£ŒUh)™Æ!¾ˆÑê¼¹”Eµs–Mߤ¤ìHD(ÅÉ`DP°Ä` dÁˆ1?!v`Á–;ÇDnñgokáž<G4‘ µL//h4HÁ ¶—Eô[zš³@19ÅÂw—âÂĤì꯴r6P³µtRòŒ®ø™Æ¶u[xtÅÒ~AgsP†ßG)[@öæ›Èû º ½uÀ€ÌO‰AI@ȊápSRTØ[ÃÄ ¥ÈƎ]uÅ֘ôóÄH+4o|ÉËv³2°QCď§ê`tº3Ä ãSÅÆ@j[3ž_ÇT@#/€ÌA¶“¿Q\íáõãbsáç#ÁâO|³Ò5ԈªÐz؂BÛ~p„K­ù@/$Oh((ë€ãj°¢¨¿â@ívŒpPS+ÈónH{ê¢#RgêêÇQ¢²ÔP6ò+º¡âòˆi[ôû´îççi<Íùqr`Òò¶ÃTrOíAfË+¬,Ž{$H؊)Kj‘ÞF8o}µ–¡@\—oÌ2Ë ÙAÅÁ`r/‚ê‰|ô‘ՐϋÕ|§»}€Ãu71FJÙ ÜF'-„lÂ0ôïizìÉ~³YÊC+‰ƒJÕÿ¦…QƆ»6 „pEƒ´ùêTJªÐføêç²EIDTK(¥þ„¿ÔG ˜@K7ŒŒ€‚@ÇW•Àâs˜ÉÀúSwÆñjÙàŒ˜¥Ÿ-ó‰Âõ¸‰£è{¼ÇiâHÃb`Ž>8 €¹-EÍzð‹†’€AÈÊkkÓM/rQ¶¯À‰[SEÄòkUȍxtÍ+ìBGù¨±¦t‚a†Ÿ™.9VHÃÎu|Ç@Ä·úemÎMŽÁ‰D`qÂ_œÅëâvô÷ñ0÷Æ23±õÕý“ªE`œxòÁÎ…Žu`ZÁ—ëáBÃ@#T#†ñ•8xD,Ü®l:i4E8¨ÔL(^N`a¤¦¢Ú]™L©¦:šâ¸~tEQ·gB°}ðY¨8¬TÿÛËjÀrM LÖáà‹ÉϹ‹gw_¹Î¨¦G OÁ1+€Sšº¶uÿ$S%î9j<$§Þ¶+šºŒ Àcä<Í´6ó*ãÅÌe%H@ÍL½yÏÜW9ûZ8ãZF$=€JˆIÅh,[””…™ÕHÁ™ˆ"çDê¿x˜ MÅí(¸¹A"{ü¤T´Å²³ ;‹Eæ+ (ÃC{ò‰n¼<4D¹ó5J;Š‡k‰àEwߥÃJñtÌ$ˆFs Lh£C‰»ðøµ•æù‹î[2€zù@5q7ó+î´µÅáýɍÑ3aŠØ@Uv×Æ)O4x<¤«ë¢_ ,%l$bDoê…û³{QÊK…%p?ûЋs¼ÏIŠÅ™ç
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{LJU50KX1-5I52-VT6Q-WSWM-U2Z9XL21ZV61}\1
1 0 0
Time & API Arguments Status Return Repeated

IWbemServices_ExecMethod

 inargs.CurrentDirectory: None
inargs.CommandLine: rundll32.exe "C:\Users\test22\AppData\Local\Temp\sqlite.dll",global
inargs.ProcessStartupInformation: None
outargs.ProcessId: 2364
outargs.ReturnValue: 0
flags: 0
method: Create
class: Win32_Process
1 0 0
Lionic Trojan.Multi.Generic.4!c
ALYac Trojan.GenericKD.46678367
Malwarebytes Spyware.PasswordStealer
Sangfor Trojan.Win32.Agent.FTP
K7AntiVirus Trojan-Downloader ( 0057feab1 )
Alibaba TrojanDownloader:Win32/MalwareX.63f85736
K7GW Trojan-Downloader ( 0057feab1 )
Cyren W32/Trojan.RBZA-2576
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.FTP
TrendMicro-HouseCall TROJ_GEN.R011C0WGS21
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Agent.gen
BitDefender Trojan.GenericKD.46678367
NANO-Antivirus Trojan.Win32.Dwn.ixvrhn
MicroWorld-eScan Trojan.GenericKD.46678367
Avast Win32:MalwareX-gen [Trj]
Ad-Aware Trojan.GenericKD.46678367
Emsisoft Trojan.GenericKD.46678367 (B)
Comodo Malware@#u90i5w43p3xu
DrWeb Trojan.DownLoader40.49527
TrendMicro TROJ_GEN.R011C0WGS21
McAfee-GW-Edition RDN/Generic.grp
FireEye Trojan.GenericKD.46678367
Sophos Mal/Generic-S
GData Trojan.GenericKD.46678367
Jiangmin Trojan.Generic.gzxap
Webroot W32.Trojan.Gen
Avira TR/Dldr.Agent.czopb
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Injector.cc
Arcabit Trojan.Generic.D2C8415F
ZoneAlarm HEUR:Trojan.Win32.Agent.gen
Microsoft Trojan:Win32/Tnega!MSR
AhnLab-V3 Trojan/Win.MalwareX-gen.C4566285
McAfee RDN/Generic.grp
MAX malware (ai score=81)
VBA32 Trojan.Wacatac
Cylance Unsafe
Ikarus Trojan-Downloader.Win32.Agent
Fortinet PossibleThreat.MU
MaxSecure Trojan.Malware.1728101.susgen
AVG Win32:MalwareX-gen [Trj]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Trojan.Generic.HgIASZEA