Summary | ZeroBOX

askinstall5.exe

Trojan_PWS_Stealer NPKI Generic Malware Credential User Data UPX Malicious Library Malicious Packer SQLite Cookie Create Service KeyLogger Internet API HTTP DGA Anti_VM FTP Socket Escalate priviledges DNS Code injection PWS Sniff Audio BitCoin
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 10, 2021, 5:42 p.m. Aug. 10, 2021, 5:46 p.m.
Size 1.4MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 baa553f1e49ce769cdece59801cf1922
SHA256 02a5466eb5df2aef6f904ef7fa8ef36c2b98ace1ae5998cc516ad69884246550
CRC32 FAB7F916
ssdeep 24576:AIVFA1pqtg/TnMbX0lwyh0FVmEByA1EwFYyOsFTceoCSPZVjQ7Yf/6DP:hFA1pvTMbOwa0TmUyMYEh1oCSPnQ7YXm
PDB Path F:\facebook_svn\trunk\database\Release\DiskScan.pdb
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • Credential_User_Data_Check_Zero - Credential User Data Check
  • Malicious_Library_Zero - Malicious_Library
  • SQLite_cookies_Check_Zero - SQLite Cookie Check... select
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Trojan_PWS_Stealer_1_Zero - Trojan.PWS.Stealer Zero

IP Address Status Action
103.155.92.58 Active Moloch
144.202.76.47 Active Moloch
164.124.101.2 Active Moloch
188.225.87.175 Active Moloch
88.99.66.31 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49202 -> 88.99.66.31:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49199 -> 144.202.76.47:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49202
88.99.66.31:443
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=*.iplogger.org 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb
TLSv1
192.168.56.101:49199
144.202.76.47:443
C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=listincode.com 84:23:95:42:66:09:11:39:0d:e6:22:7f:eb:b3:cc:79:dd:fa:36:ed

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

buffer: ERROR: The process "chrome.exe" not found.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF3a15fe.TMP
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F2CDF32-998.pma
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Current Session
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Favicons
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Preferences
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Top Sites
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Visited Links
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
console_handle: 0x00000013
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
console_handle: 0x00000013
1 1 0
pdb_path F:\facebook_svn\trunk\database\Release\DiskScan.pdb
file C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Locales\ko.pak
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
section .aherert
resource name ZIP
Time & API Arguments Status Return Repeated

__exception__

stacktrace:

        
      
      
      
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x0
registers.r14: 187624544
registers.r15: 187624984
registers.rcx: 1268
registers.rsi: 17302540
registers.r10: 0
registers.rbx: 95489488
registers.rsp: 187623704
registers.r11: 187628240
registers.r8: 1999536524
registers.r9: 0
registers.rdx: 1304
registers.r12: 34261824
registers.rbp: 187623856
registers.rdi: 34191040
registers.rax: 3812864
registers.r13: 187624416
1 0 0
suspicious_features POST method with no referer header suspicious_request POST http://www.nincefcs.xyz/Home/Index/lkdinl
request GET http://www.iyiqian.com/
request POST http://www.nincefcs.xyz/Home/Index/lkdinl
request GET https://www.listincode.com/
request GET https://iplogger.org/1XJq97
request POST http://www.nincefcs.xyz/Home/Index/lkdinl
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000735bc000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2312
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000735bc000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000735bc000
process_handle: 0xffffffffffffffff
1 0 0
Application Crash Process chrome.exe with pid 2040 crashed
Time & API Arguments Status Return Repeated

__exception__

stacktrace:

        
      
      
      
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x0
registers.r14: 187624544
registers.r15: 187624984
registers.rcx: 1268
registers.rsi: 17302540
registers.r10: 0
registers.rbx: 95489488
registers.rsp: 187623704
registers.r11: 187628240
registers.r8: 1999536524
registers.r9: 0
registers.rdx: 1304
registers.r12: 34261824
registers.rbp: 187623856
registers.rdi: 34191040
registers.rax: 3812864
registers.r13: 187624416
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lv
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ko
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\tr\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\ru\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\lt\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\et\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\ko\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ne
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\manifest.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_metadata\verified_contents.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\da
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\zh_TW\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_TW\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\hi\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\mr\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\nl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\da
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\uk\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ta
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\te
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\pt_PT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\th
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\28.0.0.137\manifest.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\id\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\nl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\hi\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\craw_window.css
name ZIP language LANG_CHINESE filetype Zip archive data, at least v1.0 to extract sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00156b50 size 0x0000cc53
name RT_ICON language LANG_CHINESE filetype dBase III DBT, version number 0, next free block index 40 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00146180 size 0x00010828
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001569a8 size 0x00000014
name RT_VERSION language LANG_CHINESE filetype PGP symmetric key encrypted data - Plaintext or unencrypted data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001569c0 size 0x0000018c
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\angular.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\background_script.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\mirroring_hangouts.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\cast_setup\cast_app.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\contentscript_bin_prod.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\feedback_script.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\PepperFlash\28.0.0.137\pepflashplayer.dll
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\common.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\page_embed_script.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\cast_setup\cast_app_redirect.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_window.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\mirroring_webrtc.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\mirroring_cast_streaming.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\eventpage_bin_prod.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\cast_sender.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_background.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\mirroring_common.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js
file C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js
cmdline cmd.exe /c taskkill /f /im chrome.exe
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Time & API Arguments Status Return Repeated

CreateProcessInternalW

thread_identifier: 2724
thread_handle: 0x000004e8
process_identifier: 1296
current_directory:
filepath:
track: 1
command_line: xcopy "C:\Users\test22\AppData\Local\Google\Chrome\User Data" "C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
inherit_handles: 0
process_handle: 0x00000554
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

system_name:
privilege_name: SeCreateTokenPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeMachineAccountPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeTcbPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeSecurityPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeTakeOwnershipPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeLoadDriverPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeBackupPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeRestorePrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeRemoteShutdownPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeEnableDelegationPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeManageVolumePrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeCreateGlobalPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeTrustedCredManAccessPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0
url https://clients4.google.com/invalidation/android/request/
url http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
url http://services.ukrposhta.com/postindex_new/
url http://dts.search-results.com/sr?lng=
url http://inposdom.gob.do/codigo-postal/
url http://creativecommons.org/ns
url http://www.postur.fo/
url https://qc.search.yahoo.com/search?ei=
url https://cacert.omniroot.com/baltimoreroot.crt09
url https://codereview.chromium.org/25305002).
url https://search.yahoo.com/search?ei=
url http://t1.symcb.com/ThawtePCA.crl0/
url http://crbug.com/31395.
url https://support.google.com/chrome/answer/165139
url https://ct.googleapis.com/aviator/
url https://datasaver.googleapis.com/v1/clientConfigs
url http://crl.starfieldtech.com/sfroot-g2.crl0L
url https://ct.startssl.com/
url https://suggest.yandex.com.tr/suggest-ff.cgi?part=
url https://de.search.yahoo.com/favicon.ico
url https://github.com/GoogleChrome/Lighthouse/issues
url https://cl.search.yahoo.com/search?ei=
url https://support.google.com/installer/?product=
url http://msdn.microsoft.com/en-us/library/ms792901.aspx
url https://www.najdi.si/search.jsp?q=
url http://x.ss2.us/x.cer0
url http://crl.geotrust.com/crls/gtglobal.crl04
url https://accounts.google.com/ServiceLogin
url https://accounts.google.com/OAuthLogin
url https://c.android.clients.google.com/
url https://search.goo.ne.jp/sgt.jsp?MT=
url https://www.google.com/tools/feedback/chrome/__submit
url https://chrome.google.com/webstore/category/collection/dark_themes
url http://check.googlezip.net/generate_204
url http://ocsp.starfieldtech.com/08
url http://www.guernseypost.com/postcode_finder/
url http://crl.certum.pl/ca.crl0h
url http://ator
url https://suggest.yandex.by/suggest-ff.cgi?part=
url http://feed.snap.do/?q=
url https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico
url http://www.language
url https://support.google.com/chrome/
url http://developer.chrome.com/apps/declare_permissions.html
url http://www.google.com/chrome/intl/ko/eula_text.html
url https://www.globalsign.com/repository/03
url http://www.startssl.com/sfsca.crl0
url http://UA-Compatible
url https://se.search.yahoo.com/search?ei=
url http://EVSecure-ocsp.geotrust.com0
description Communication using DGA rule Network_DGA
description Communications use DNS rule Network_DNS
description Communications over RAW Socket rule Network_TCP_Socket
description Create a windows service rule Create_Service
description Perform crypto currency mining rule BitCoin
description Record Audio rule Sniff_Audio
description Escalate priviledges rule Escalate_priviledges
description Virtual currency rule Virtual_currency_Zero
description Run a KeyLogger rule KeyLogger
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description Communications over HTTP rule Network_HTTP
description Match Windows Inet API call rule Str_Win32_Internet_API
description Communications over FTP rule Network_FTP
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description Steal credential rule local_credential_Steal
description File Downloader rule Network_Downloader
description Communications over P2P network rule Network_P2P_Win
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description (no description) rule Check_Dlls
description Possibly employs anti-virtualization techniques rule vmdetect
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
description Install itself for autorun at Windows startup rule Persistence
description Communication using DGA rule Network_DGA
description Communications use DNS rule Network_DNS
description Communications over RAW Socket rule Network_TCP_Socket
description Create a windows service rule Create_Service
description Perform crypto currency mining rule BitCoin
description Record Audio rule Sniff_Audio
description Escalate priviledges rule Escalate_priviledges
description Virtual currency rule Virtual_currency_Zero
description Run a KeyLogger rule KeyLogger
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description Communications over HTTP rule Network_HTTP
description Match Windows Inet API call rule Str_Win32_Internet_API
description Communications over FTP rule Network_FTP
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description Steal credential rule local_credential_Steal
Time & API Arguments Status Return Repeated

RegOpenKeyExW

regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adblocker
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adblocker
2 0

RegOpenKeyExW

regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000004c8
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000004c8
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000004e8
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0
Time & API Arguments Status Return Repeated

NtTerminateProcess

status_code: 0xc0000005
process_identifier: 2040
process_handle: 0x000000000000009c
0 0

NtTerminateProcess

status_code: 0xc0000005
process_identifier: 2040
process_handle: 0x000000000000009c
1 0 0
cmdline taskkill /f /im chrome.exe
cmdline cmd.exe /c taskkill /f /im chrome.exe
parent_process chrome.exe martian_process "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1152,18166662090319009195,15030469142864171821,131072 --user-data-dir="C:\Users\test22\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x80ee --gpu-device-id=0xbeef --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --gpu-driver-date=6-21-2006 --user-data-dir="C:\Users\test22\AppData\Local\Temp\cghjgasaaz99" --service-request-channel-token=587881A6308554374CAA6D036CF19ACD --mojo-platform-channel-handle=1168 --ignored=" --type=renderer " /prefetch:2
parent_process chrome.exe martian_process "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x90,0x94,0x98,0x8c,0x9c,0x7fef3c2f1e8,0x7fef3c2f1f8,0x7fef3c2f208
parent_process chrome.exe martian_process "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3052 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
url http://127.0.0.1
Process injection Process 2312 resumed a thread in remote process 2040
Time & API Arguments Status Return Repeated

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0

NtResumeThread

thread_handle: 0x0000000000000154
suspend_count: 2
process_identifier: 2040
1 0 0
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.baa553f1e49ce769
CAT-QuickHeal Trojan.DisbukRI.S19305183
McAfee GenericRXLT-RQ!BAA553F1E49C
K7AntiVirus Spyware ( 005690661 )
K7GW Spyware ( 005690661 )
Cybereason malicious.1e49ce
Arcabit Trojan.Zusy.D5ABB1
Cyren W32/Socelars.G.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Spy.Socelars.S
APEX Malicious
ClamAV Win.Malware.Razy-9789744-0
Kaspersky HEUR:Trojan.Script.Generic
BitDefender Gen:Variant.Zusy.371633
MicroWorld-eScan Gen:Variant.Zusy.371633
Avast Win32:PWSX-gen [Trj]
Ad-Aware Gen:Variant.Zusy.371633
Emsisoft Trojan-Spy.Socelars (A)
DrWeb Trojan.Siggen13.57604
McAfee-GW-Edition BehavesLike.Win32.Generic.th
Sophos Troj/Agent-BGVO
Jiangmin Trojan.PSW.Disbuk.da
Avira HEUR/AGEN.1124060
Microsoft TrojanSpy:Win32/Socelars.PAA!MTB
ZoneAlarm HEUR:Trojan.Script.Generic
GData Gen:Variant.Zusy.371633
AhnLab-V3 Infostealer/Win.Socelars.R372531
BitDefenderTheta Gen:NN.ZexaF.34058.y10@aOcdgGnj
ALYac Gen:Variant.Zusy.371633
MAX malware (ai score=81)
VBA32 BScope.Trojan.Agentb
Malwarebytes Glupteba.Backdoor.Bruteforce.DDS
Rising Stealer.FBAdsCard!1.CE03 (CLASSIC)
Fortinet W32/Agent.BGVO!tr
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:PWSX-gen [Trj]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_60% (D)