popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

abdcffc9bcf6d5c536c89f879e95ed21.exe

Malicious Library OS Processor Check PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 9, 2021, 9 a.m. Sept. 9, 2021, 9:02 a.m.
Size 99.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 7411bd9a32735dfdeee38ee1f6629a7f
SHA256 18af72f75d6dbdffa8f8319d5d76f9b1a8cb51e99e1b937948bdcc7af6665511
CRC32 66B3B975
ssdeep 1536:jJZJldymYVraPfFIdeD4P2ZDNjHSSu9tK66hdwY3VtqRsWEcdWEs8nBsRVuwtEBg:jNFp2kDzDZySmI6UwyzqRWZDNtEB6c/
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49164 -> 104.21.79.144:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49170 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49170 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49170 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49170 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49164
104.21.79.144:443 		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 2f:1b:f4:da:ad:da:2a:22:ea:dc:26:f0:35:83:25:0d:5d:29:4d:fb
TLSv1
192.168.56.102:49176
104.21.31.210:443 		None None None
TLSv1
192.168.56.102:49171
104.21.31.210:443 		C=US, O=Let's Encrypt, CN=R3 CN=*.upstloans.net 12:ed:3c:4a:ff:c2:a1:8d:83:7a:48:18:92:32:52:dc:a3:6f:83:f7
TLSv1
192.168.56.102:49174
104.21.31.210:443 		C=US, O=Let's Encrypt, CN=R3 CN=*.upstloans.net 12:ed:3c:4a:ff:c2:a1:8d:83:7a:48:18:92:32:52:dc:a3:6f:83:f7
TLSv1
192.168.56.102:49175
104.21.31.210:443 		C=US, O=Let's Encrypt, CN=R3 CN=*.upstloans.net 12:ed:3c:4a:ff:c2:a1:8d:83:7a:48:18:92:32:52:dc:a3:6f:83:f7

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .gfids
suspicious_features POST method with no referer header suspicious_request POST https://a.upstloans.net/report7.4.php
suspicious_features POST method with no referer header suspicious_request POST https://b.upstloans.net/report7.4.php
request GET http://ip-api.com/json/?fields=8198
request GET http://crl.identrust.com/DSTROOTCAX3CRL.crl
request GET http://x1.c.lencr.org/
request GET https://a.goatgame.co/userf/dat/2201/sqlite.dat
request GET https://a.goatgame.co/userf/dat/sqlite.dll
request POST https://a.upstloans.net/report7.4.php
request POST https://b.upstloans.net/report7.4.php
request POST https://a.upstloans.net/report7.4.php
request POST https://b.upstloans.net/report7.4.php
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74be3000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74bd2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f83000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x737d0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x736e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73651000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x735a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x736e2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e41000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1792
region_size: 1769472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023c0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1792
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02530000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1792
region_size: 1052672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1792
region_size: 389120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a10000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73781000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76b61000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e21000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76ba1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x765c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76f71000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1792
region_size: 315392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00aa0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001b0a0 size 0x000002b0
domain ip-api.com
file C:\Users\test22\AppData\Local\Temp\sqlite.dll
file C:\Users\test22\AppData\Local\Temp\sqlite.dll
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 888
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: sppsvc.exe
process_identifier: 2588
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: WmiPrvSE.exe
process_identifier: 2844
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: rundll32.exe
process_identifier: 808
1 1 0
process rundll32.exe
Time & API Arguments Status Return Repeated

RegSetValueExW

 key_handle: 0x00000124
regkey_r: 1
reg_type: 3 (REG_BINARY)
value: ÁÕx4XÁåH<PÁýPwËoÜØ_µHŀµ¾HŘ¼«HcáA—@ű4^¯fZÅÊC@K°h·?ˆËjètM=…ã•ŸK£¹áü÷¶­Ãc~–¹²$ ?xÃ{a‰LÇs°Íh™$ÏüsEø½ƒç@tPAÊ]—ù¸003ú6)žÃ{¸ÍE´H±Æ·¹ÎMŽÅÉ`tÃ]žÁÍ` dÁÂGÅh™»ÿ*^ßptÃE&÷3á“ù¸€€HÃE¾(ŸÃ×x|ÃçHD(ÃÿPL ËGôqœ‹Ã ç„ÁÕx<‘Åh,]ÅáHñÉm,Àe-Ï!E`3è‚â‰.DDH‚îçLLLHÃÛHTÇÙB]ÆÉr}ÈEϋû~I*#|·@ŠNRƙPÉ7¼ˆˆBÉ„ŒŒ‰Ì*œüp:ò2z‹½ÃÎòÿ‰)øTK¸ÀL½ThÃÞêúÎRÖ±¼Ãčº[€B!ãˀ·=‹Êhêt’ªÀ4³pºÊúQiJó±x`AnóÁϕ•XžNېÅûrEN±½J¶< Çӑyc¤Š›c‰1~"yò8†zBaj ;»­¾ÊÊe©3vJÃϸ£@ÊÂUUJËCŸ…ØJәrêލ7µ‹Î*&J‰së߈!¦Aø—.‹@|2~o‘ˆNÇH<>α~¦$ËÍ‚ƒÏJKŽP{û´Ÿ®ÉÌ@Šp·OÁƒN±¾I¶?Âû¹y`§Š›eXXJ>==>§"ÍÅ ‚ƒK¸ûòÁ#ÀL¼e‰IOfïÕŠBE´kWÅÀŠL[ß±¿À ƍ¹X€@#ãې·>‰Ëiët’^õ;¡Ñ隣·ÅÀŠ8/]÷©¿ìOÃI)é1óˆÃ¸ÔðHÉEÀ_ž„ËoÄÀûí·ËkáAËGìë„ÁÕx,]ËoÜxÃrrQcõ;Q!ïFáü÷¶­ÁÍ` À6#F²$ ?xÃc9,F;—ÂÁ  ¬ˆLÇkTAFð¾õz4ÇsGRF–ŒR¹Á  ¤€èu`·ÁÍ`lÇckx»3t4ó)¼V¸õZf_>s~²½ f_>r­+Ktņ Hs⫧T½nEt}ˆ½<u¶{¸ fãÁz(bÃA²z(vÄHðf_}z*aÑàK¸óz8JÁ¹ úBZ•ÉÜPLÈE´VkÄ–‹ÊE:ø̈þ†¶JњËBéar묛ÔúÏÇr}~ñōߢ»Ïßjjgᓾ5FҐÊIƒ¶µoù´'zó»OqÀŽAʀJxrCIÊÈGENH C;áÑŒÀÖsiÌĶüËCJ€¶ÚáŽêNL‰ŽÏZ˜Êkét¾ojn_Š¾øù@Aù¸00AÊYáú6*ÃSÍEϋ_%»ÏÏzjÃ\ŸÃC‰¾(’vúˆN¸^"wr8u: Èäh¸rÅŒÁÊJÚ…E´VgÎJÖEÀE´aTÊZÒHŁKKԖ¾(’vú¯'Bî‹]WR8t²ŒÇçH˜õZf_:wweïŠK+G„èEHKøÂ>sv‹ŽŒ 7°…Eϋ ŽD}¶;´‰HřOÇP—gto»NÏÉFEB˼*ý½AÊKˆËkà@™9¤/³UE¾EwÁÇBMJ¸¶¸¹ððAN¸w¦Eâx¹  f]ú´dšKÀaðJljOMHÊBÃOfÿ¡¹‰vúBÉFLKÓ[NÏÉFEB˽ÖïÇ/€¬ˆ‹ …EϋšHŹ7ˆƒEϋŒ‹ÅBHÏå~XKȏÏ{¼Oè§Oð «p mvú…Çk¨ÍEϋü…¾Êb¤t7z3ÂE‹Îr±ÃšXÂG„ÍW«| ¸e9ìOËAÀJKÐ,k°¤€EvúÍEϋĽ´Â+g·:‰Çv´ˆ&äHƁ;{u0|Ê÷ËEҟƒEµôÍÇ/€¬ˆLÇçHdÏ ' EÀE´S¬ #¤…E´i–C€ð⿫ǁOÇH‹‰+éB¾*ÁÖouvóKôW`Ã@ƒKøºÌýqŠ])(REµhXvóóášÃ@4(äá“ù¸€€HÃ@Š¾+=OZtMŽÃ×xT8ËGôqžPTÌXîè qÍ 666Ûyçp‚é âÇù:`äÔ¡ð"+  ¬¨¤ðV #ëCƒËN‚„  ÊD†@Gš•LZ`` ‚Ž (>TU%'à!@‚ÃÆ[M07 àЄ±80%•½ ”ÊÄÐ6ꁟÝÌÛrª/îççÿ}‡õtL) `¥Çú^¡'çÔ¢bÁ±»’Ø@€€CI†ŽÁ¡Ðv:úÁS’Áv÷„… ÉÇÀúøú:Z DˆBÇÏÕ÷å k»˜Ù܁ ÞˌŽÒå¹õüÞȓRÀ”T€û{à³ÇKÚäÿoooSSXH€„ ­éõ ½¯ÌÌHËoì(Àï3úÉEvóóášÁ„]I·¨ÀÀÚÀè¸Ý”@F€ÆFNX™ŒúR#€Gì á7r¤Ëÿó‰©â5¸®'=øÀÔ֋bhâá,Ìà3Åö"4öà!áÃ#ãÀf¾äÀà èóûCu80xÅáHhà #y_"öÁ ÅE‹ œÀ3SHc˨ÅÙp0›‰»»b&¹êŽ®¾E[)sZ“Œdh):òø°¹QÃÆM€È{þ%t;¥¢£›ýuMYòà͘¡ô 8Ùèø[¬‰Œ··äê»Ëjîï7Æñ©Ä™ôÏc[õ¤QéKéª踸ã×`MüöÚó…ç™7å6ááú6êQ×&uȁŒilJÕE´d°œ¼ÀJBIÀúÄU¨¹¼E@€h偌Ì_òiÈâ<ým©Xê?9ŒÄ@єELwvÁ‰\x,@ÁåH4HÁýP<PÁõl4av((hōA[HÃRÁPÁˆJ±ê.1Վ á²æA´3Þ*„Kàì€Ñ Åö[xÁâ;0`8µÍ5wdï"+€Z<æØ+(Cà§Ïž½‰ÐáIÁÎÿPLYXåTŽ%!6++à Á!D'}bwHËmït´‰ÃƒdHX4ßÿPd@HÃ÷XlÁ ‘€ Š KÁ‹H‹`ïD ®!@!`ÇD2 @AÆE†„±1ÇDæbZ_ ! '_ÈÀX›×x0) aTÉ!Ãv¶þ”Q’ÃñČ¥ó5Âu|·"¸!IÃD':X “™LA€Y"‰æ–ÑiEH<šŠˆ9xߏ±tQ֏<I ˆÃë9dP\@Õ!È ÂyÏêš8×[¿Àk!\| Ag¬~q‹<$ŒœVù°_¿ó4ÇóÕÄó«z3XX00ŠÀÓI5ÿIï·€;:¡º tNÊñy‡êó§s1ãø“~çïü´±µ&—Šuü41 0Fj{BL÷P35 ‘„µËyàbHÂP‡ iƒsbr0’Ñ’–éìt¼Y—GPïêÒuÀE·ê¿.“PB+y]\±çö¿·Ú†3‘ !ÞäKj¨9®MÊ{¸ÌaZ£flñ"Šr´Dµe»¯•ŠgX$0Ìzs‚8Ç+ãK›µ!Pu%<tÃ^™/£ˆH‹Ç‡ëÈÔ$ 91RozSm0Ãßôs»—êî«}•¥…€+hµÊ$„ƒûÃŌÍ÷v‚”€ÀkGx£ŒUh)™Æ!¾ˆÑê¼¹”Eµs–Mߤ¤ìHD(ÅÉ`DP°Ä` dÁˆ1?!v`Á–;ÇDnñgokáž<G4‘ µL//h4HÁ ¶—Eô[zš³@19ÅÂw—âÂĤì꯴r6P³µtRòŒ®ø™Æ¶u[xtÅÒ~AgsP†ßG)[@öæ›Èû º ½uÀ€ÌO‰AI@ȊápSRTØ[ÃÄ ¥ÈƎ]uÅ֘ôóÄH+4o|ÉËv³2°QCď§ê`tº3Ä ãSÅÆ@j[3ž_ÇT@#/€ÌA¶“¿Q\íáõãbsáç#ÁâO|³Ò5ԈªÐz؂BÛ~p„K­ù@/$Oh((ë€ãj°¢¨¿â@ívŒpPS+ÈónH{ê¢#RgêêÇQ¢²ÔP6ò+º¡âòˆi[ôû´îççi<Íùqr`Òò¶ÃTrOíAfË+¬,Ž{$H؊)Kj‘ÞF8o}µ–¡@\—oÌ2Ë ÙAÅÁ`r/‚ê‰|ô‘ՐϋÕ|§»}€Ãu71FJÙ ÜF'-„lÂ0ôïizìÉ~³YÊC+‰ƒJÕÿ¦…QƆ»6 „pEƒ´ùêTJªÐføêç²EIDTK(¥þ„¿ÔG ˜@K7ŒŒ€‚@ÇW•Àâs˜ÉÀúSwÆñjÙàŒ˜¥Ÿ-ó‰Âõ¸‰£è{¼ÇiâHÃb`Ž>8 €¹-EÍzð‹†’€AÈÊkkÓM/rQ¶¯À‰[SEÄòkUȍxtÍ+ìBGù¨±¦t‚a†Ÿ™.9VHÃÎu|Ç@Ä·úemÎMŽÁ‰D`qÂ_œÅëâvô÷ñ0÷Æ23±õÕý“ªE`œxòÁÎ…Žu`ZÁ—ëáBÃ@#T#†ñ•8xD,Ü®l:i4E8¨ÔL(^N`a¤¦¢Ú]™L©¦:šâ¸~tEQ·gB°}ðY¨8¬TÿÛËjÀrM LÖáà‹ÉϹ‹gw_¹Î¨¦G OÁ1+€Sšº¶uÿ$S%î9j<$§Þ¶+šºŒ Àcä<Í´6ó*ãÅÌe%H@ÍL½yÏÜW9ûZ8ãZF$=€JˆIÅh,[””…™ÕHÁ™ˆ"çDê¿x˜ MÅí(¸¹A"{ü¤T´Å²³ ;‹Eæ+ (ÃC{ò‰n¼<4D¹ó5J;Š‡k‰àEwߥÃJñtÌ$ˆFs Lh£C‰»ðøµ•æù‹î[2€zù@5q7ó+î´µÅáýɍÑ3aŠØ@Uv×Æ)O4x<¤«ë¢_ ,%l$bDoê…û³{QÊK…%p?ûЋs¼ÏIŠÅ™ç
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{LJU50KX1-5I52-VT6Q-WSWM-U2Z9XL21ZV61}\1
1 0 0
Time & API Arguments Status Return Repeated

IWbemServices_ExecMethod

 inargs.CurrentDirectory: None
inargs.CommandLine: rundll32.exe "C:\Users\test22\AppData\Local\Temp\sqlite.dll",global
inargs.ProcessStartupInformation: None
outargs.ProcessId: 808
outargs.ReturnValue: 0
flags: 0
method: Create
class: Win32_Process
1 0 0
MicroWorld-eScan Trojan.GenericKD.46899149
FireEye Trojan.GenericKD.46899149
McAfee GenericRXAA-AA!7411BD9A3273
Cylance Unsafe
K7AntiVirus Riskware ( 0040eff71 )
Alibaba TrojanDownloader:Win32/Injector.b38a2658
K7GW Riskware ( 0040eff71 )
Cyren W32/Trojan.WUMX-2818
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.FVM
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.Injector.lp
BitDefender Trojan.GenericKD.46899149
Avast Win32:MalwareX-gen [Trj]
Tencent Malware.Win32.Gencirc.11cbe747
Ad-Aware Trojan.GenericKD.46899149
Sophos Generic ML PUA (PUA)
Comodo Malware@#21hkfnn4u4u4t
DrWeb Trojan.Inject4.16099
Zillya Trojan.Injector.Win32.1065746
McAfee-GW-Edition Artemis!Trojan
Emsisoft Trojan.GenericKD.46899149 (B)
Ikarus Trojan.SuspectCRC
Jiangmin Trojan.Injector.dx
Webroot W32.Trojan.Gen
Avira TR/Redcap.wider
Antiy-AVL Trojan/Generic.ASMalwS.3482E1C
Kingsoft Win32.PSWTroj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Downloader.sa
Microsoft Trojan:Win32/Sabsik.FL.A!ml
ViRobot Trojan.Win32.Z.Ser.101376
GData Win32.Trojan.PSE.1HNXF2S
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4617150
ALYac Trojan.GenericKD.46899149
MAX malware (ai score=84)
VBA32 TrojanDownloader.Zenlod
Malwarebytes Backdoor.Farfli
Fortinet W32/PossibleThreat
AVG Win32:MalwareX-gen [Trj]
Panda Trj/GdSda.A