Summary | ZeroBOX

rqvufRfLLN.dll

Malicious Library Admin Tool (Sysinternals etc ...) UPX Malicious Packer Anti_VM PE File DLL OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 25, 2021, 5:13 p.m. Oct. 25, 2021, 5:18 p.m.
Size 5.3MB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 419e0fb814d614d491fe487ef29ea77e
SHA256 2f8b16754738ee4c6bbc63da55e8162f75906b62991081b81e8ca24552123025
CRC32 6098A28D
ssdeep 49152:vJrYmVXt58SfHI5OcBFiZ5Gnvkd6SKKYCwNGFSHnsHSsd3SfFEBrVX9S2THTQIHk:vJVh4s5Gcd6zK3wNNQSsd3SsrVX
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0
section .itext
section .didata
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
TMethodImplementationIntercept+0x51 yQ0BvR5F0Qn58wVmjt0qsx2-0x41424f rqvufrflln+0x6d501 @ 0x223d501
TMethodImplementationIntercept+0xe yQ0BvR5F0Qn58wVmjt0qsx2-0x414292 rqvufrflln+0x6d4be @ 0x223d4be
rundll32+0x137d @ 0xdc137d
rundll32+0x1326 @ 0xdc1326
rundll32+0x1901 @ 0xdc1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: 8b 53 0c 8b 0d e4 ed 21 02 e8 ee 1b fa ff 5e 5b
exception.instruction: mov edx, dword ptr [ebx + 0xc]
exception.exception_code: 0xc0000005
exception.symbol: __dbk_fcall_wrapper+0x59b24 TMethodImplementationIntercept-0xa3c rqvufrflln+0x6ca74
exception.address: 0x223ca74
registers.esp: 2226528
registers.edi: 0
registers.eax: 2226572
registers.ebp: 2226576
registers.edx: 2226572
registers.ebx: 3024
registers.esi: 2226572
registers.ecx: 2226648
1 0 0

__exception__

stacktrace:
rundll32+0x1326 @ 0xdc1326
rundll32+0x1901 @ 0xdc1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff
exception.instruction: add byte ptr [eax], al
exception.exception_code: 0xc0000005
exception.symbol: yQ0BvR5F0Qn58wVmjt0qsx2+0x28ef0 rqvufrflln+0x4aa640
exception.address: 0x267a640
registers.esp: 916216
registers.edi: 0
registers.eax: 459094
registers.ebp: 916332
registers.edx: 9
registers.ebx: 0
registers.esi: 459094
registers.ecx: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02681000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74181000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x767c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74dc1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76b41000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740d1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74091000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74021000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x768e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75271000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00790000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ee1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02681000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74181000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x767c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74dc1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76b41000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740d1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74091000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74021000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x768e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75271000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2616
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00780000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73da1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02681000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74181000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x767c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74dc1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76b41000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740d1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74091000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74021000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x768e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75271000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00300000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ee1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2836
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02681000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2836
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74181000
process_handle: 0xffffffff
1 0 0
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
name RT_RCDATA language LANG_PORTUGUESE filetype zlib compressed data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x00551c24 size 0x0000034c
Lionic Trojan.Win32.Malicious.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.47226183
FireEye Generic.mg.419e0fb814d614d4
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Spyware ( 0053b41c1 )
K7GW Spyware ( 0053b41c1 )
CrowdStrike win/malicious_confidence_70% (W)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Spy.Mekotio.EF
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Zusy-9891964-0
BitDefender Trojan.GenericKD.47226183
Avast FileRepMalware
Ad-Aware Trojan.GenericKD.47226183
Emsisoft Trojan.GenericKD.47226183 (B)
McAfee-GW-Edition BehavesLike.Win32.Dropper.th
Ikarus Trojan-Spy.Agent
GData Trojan.GenericKD.47226183
Cynet Malicious (score: 100)
McAfee Artemis!419E0FB814D6
MAX malware (ai score=88)
Malwarebytes Spyware.Agent
Rising Trojan.Generic@ML.93 (RDML:6kPpXUz8E/BPa2yXguHX9g)
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Mekotio.EF!tr.spy
AVG FileRepMalware