popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

obz2.exe

UPX AntiDebug PE File PE32 .NET EXE AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 8, 2022, 3:54 p.m. Dec. 8, 2022, 3:56 p.m.
Size 371.5KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d0c67160c740f62c25b0558e9563a824
SHA256 b6ab1591894e586b04090926078ca87e3e8094659a0b60a513f1564a1b037b44
CRC32 862508B6
ssdeep 3072:tCUaLsLRdySX9eOTkWP5zvTFpt/Jesfk3MbDAg87scPEzAu7XzctkkC+wdEc/vc4:tCU8QRnJFptRVk8bD4scXNs3NnP2ra
Yara
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0052e540
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0052eb20
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0052eb20
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005300e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005300e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005300e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005301e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005301e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005301e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005301e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0057ec60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0057ec60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0057ec60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0057ec60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0057f1e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0057f1e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0057f1e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0057f1e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005a6a80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005a6a80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005a6a80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005a6a80
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 786432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005e0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00660000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006a0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00700000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003a2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00455000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0045b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00457000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003bc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006f1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0079f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00790000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003c6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003ca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003c7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006f2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006f3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006f4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003aa000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006f5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006f6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003bd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003ba000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006f7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
name RT_ICON language LANG_UKRAINIAN filetype data sublanguage SUBLANG_NEUTRAL offset 0x0005ef60 size 0x000010a8
name RT_ICON language LANG_UKRAINIAN filetype data sublanguage SUBLANG_NEUTRAL offset 0x0005ef60 size 0x000010a8
name RT_ICON language LANG_UKRAINIAN filetype data sublanguage SUBLANG_NEUTRAL offset 0x0005ef60 size 0x000010a8
name RT_ICON language LANG_UKRAINIAN filetype data sublanguage SUBLANG_NEUTRAL offset 0x0005ef60 size 0x000010a8
name RT_GROUP_ICON language LANG_UKRAINIAN filetype data sublanguage SUBLANG_NEUTRAL offset 0x00060044 size 0x0000003e
name RT_MANIFEST language LANG_UKRAINIAN filetype XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators sublanguage SUBLANG_NEUTRAL offset 0x000600be size 0x000003e7
section {u'size_of_data': u'0x00034400', u'virtual_address': u'0x00002000', u'entropy': 6.838106076644716, u'name': u'.text', u'virtual_size': u'0x00034345'} entropy 6.83810607664 description A section with a high entropy has been found
entropy 0.563342318059 description Overall entropy of this PE file is high
url http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL
url http://www.smartassembly.com/webservices/Reporting/L
url http://www.smartassembly.com/webservices/UploadReportLogin/
url http://www.smartassembly.com/webservices/Reporting/UploadReport2
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2616
region_size: 57344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x0000025c
1 0 0
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck reg_value C:\Users\test22\AppData\Local\obz2.exe
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $⩯¦ÈÁW¦ÈÁW¦ÈÁWeǜW¤ÈÁWeǞW§ÈÁWeÇÎW¥ÈÁW¯°RW¯ÈÁW¦ÈÀWæÈÁW«š!W·ÈÁW«šW§ÈÁWRich¦ÈÁWPEL˜^ÂZà   Ÿ@Ö‚¸Êx.rdataÄÆ@à
base_address: 0x00400000
process_identifier: 2616
process_handle: 0x0000025c
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2616
process_handle: 0x0000025c
1 1 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $⩯¦ÈÁW¦ÈÁW¦ÈÁWeǜW¤ÈÁWeǞW§ÈÁWeÇÎW¥ÈÁW¯°RW¯ÈÁW¦ÈÀWæÈÁW«š!W·ÈÁW«šW§ÈÁWRich¦ÈÁWPEL˜^ÂZà   Ÿ@Ö‚¸Êx.rdataÄÆ@à
base_address: 0x00400000
process_identifier: 2616
process_handle: 0x0000025c
1 1 0
Process injection Process 2544 called NtSetContextThread to modify thread in remote process 2616
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4235040
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000258
process_identifier: 2616
1 0 0
Process injection Process 2544 resumed a thread in remote process 2616
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000258
suspend_count: 1
process_identifier: 2616
1 0 0
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000000dc
suspend_count: 1
process_identifier: 2544
1 0 0

NtResumeThread

 thread_handle: 0x0000014c
suspend_count: 1
process_identifier: 2544
1 0 0

NtResumeThread

 thread_handle: 0x0000018c
suspend_count: 1
process_identifier: 2544
1 0 0

CreateProcessInternalW

 thread_identifier: 2620
thread_handle: 0x00000258
process_identifier: 2616
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\obz2.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\obz2.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\obz2.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x0000025c
1 1 0

NtGetContextThread

 thread_handle: 0x00000258
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2616
region_size: 57344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x0000025c
1 0 0

WriteProcessMemory

 buffer: MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $⩯¦ÈÁW¦ÈÁW¦ÈÁWeǜW¤ÈÁWeǞW§ÈÁWeÇÎW¥ÈÁW¯°RW¯ÈÁW¦ÈÀWæÈÁW«š!W·ÈÁW«šW§ÈÁWRich¦ÈÁWPEL˜^ÂZà   Ÿ@Ö‚¸Êx.rdataÄÆ@à
base_address: 0x00400000
process_identifier: 2616
process_handle: 0x0000025c
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00401000
process_identifier: 2616
process_handle: 0x0000025c
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2616
process_handle: 0x0000025c
1 1 0

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4235040
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000258
process_identifier: 2616
1 0 0

NtResumeThread

 thread_handle: 0x00000258
suspend_count: 1
process_identifier: 2616
1 0 0
Bkav W32.AIDetectNet.01
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
ALYac Trojan.Generic.32338380
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0059bc711 )
Alibaba Trojan:Win32/Kryptik.ali2000016
K7GW Trojan ( 0059bc711 )
Cybereason malicious.0c740f
Cyren W32/ABRisk.UARR-8984
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.AHGC
APEX Malicious
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender Trojan.Generic.32338380
MicroWorld-eScan Trojan.Generic.32338380
Tencent Msil.Trojan-Spy.Stealer.Eplw
Ad-Aware Trojan.Generic.32338380
Emsisoft Trojan.Generic.32338380 (B)
DrWeb Trojan.Encoder.36883
VIPRE Trojan.Generic.32338380
TrendMicro TROJ_GEN.R002C0RL222
McAfee-GW-Edition BehavesLike.Win32.Generic.fm
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.d0c67160c740f62c
Sophos Mal/Generic-S + Mal/MSIL-VD
SentinelOne Static AI - Malicious PE
GData Trojan.Generic.32338380
Avira TR/AD.Petya.kgzti
Antiy-AVL Trojan/MSIL.Kryptik
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Ransom.Win32.Globeimposter.bot
Arcabit Trojan.Generic.D1ED71CC
Microsoft Ransom:Win32/Filecoder.DLK!MTB
Google Detected
AhnLab-V3 Trojan/Win.Mardom.C5320390
McAfee Artemis!D0C67160C740
MAX malware (ai score=86)
Malwarebytes Trojan.Crypt.MSIL
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0RL222
Rising Trojan.Generic/MSIL@AI.100 (RDM.MSIL:pgQ2GJ5lkyoWV+OpKi4KfA)
Ikarus Trojan-Spy.AgentTesla
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Kryptik.AHGC!tr
BitDefenderTheta Gen:NN.ZemsilF.36106.xmW@aia!kLmG
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]