popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

OLMAPI32.dll

Generic Malware UPX Malicious Library PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 8, 2023, 9:12 a.m. Aug. 8, 2023, 9:15 a.m.
Size 279.0KB
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 09a9e1b03f7d7de4340bc5f9e656b798
SHA256 8aeb7dd31c764b0cf08b38030a73ac1d22b29522fbcf512e0d24544b3d01d8b3
CRC32 4ADF4AAA
ssdeep 3072:hbp5Y0UEmuigQJch1NUZIeKFEW/HXGdSz6ednKUp4s9tlZR0ysKFKcSfxaTAhY5u:hbri1yl/H9dnK44s9LZREK/DAOTGl
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3020
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3020
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3020
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3020
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3020
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2412
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2412
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2412
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2412
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2412
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1880
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 204
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742a4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 204
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74351000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 204
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x746c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 204
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74331000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 204
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74321000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x000000dc
process_name: smss.exe
process_identifier: 228
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: csrss.exe
process_identifier: 364
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 584
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 656
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 740
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 796
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: audiodg.exe
process_identifier: 916
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 1000
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: spoolsv.exe
process_identifier: 1036
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 1080
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: dwm.exe
process_identifier: 1208
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: taskhost.exe
process_identifier: 1352
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 1432
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: IMEDICTUPDATE.EXE
process_identifier: 1492
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 1908
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: pw.exe
process_identifier: 1200
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: SearchIndexer.exe
process_identifier: 736
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: SearchProtocolHost.exe
process_identifier: 1364
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: SearchFilterHost.exe
process_identifier: 2064
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: mobsync.exe
process_identifier: 2436
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: tvnserver.exe
process_identifier: 2576
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: tvnserver.exe
process_identifier: 2656
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: pw.exe
process_identifier: 2688
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: sdclt.exe
process_identifier: 2772
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: taskhost.exe
process_identifier: 2856
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: cmd.exe
process_identifier: 2948
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: conhost.exe
process_identifier: 2960
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 3020
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: pw.exe
process_identifier: 3036
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2212
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2272
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2412
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 1628
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 1880
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2548
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2552
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2824
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 204
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2276
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2788
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 756
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2620
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2840
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 944
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: rundll32.exe
process_identifier: 2428
1 1 0

Process32NextW

 snapshot_handle: 0x00000144
process_name: wsqmcons.exe
process_identifier: 2744
1 1 0

Process32NextW

 snapshot_handle: 0x00000144
process_name: inject-x86.exe
process_identifier: 2496
1 1 0
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Bkav W32.Common.B0019620
Lionic Trojan.Win32.Jaik.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Gen:Variant.Babar.99231
McAfee Artemis!09A9E1B03F7D
Cylance unsafe
Zillya Trojan.Agent.Win32.3147319
Sangfor Trojan.Win32.Agent.Vf79
K7AntiVirus Trojan ( 00487a5c1 )
Alibaba Trojan:Win32/Generic.063e6adf
K7GW Trojan ( 00487a5c1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Babar.D1839F
Cyren W32/ABRisk.HUAD-3913
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Agent.UWL
Kaspersky Trojan.Win32.Agentb.lbqi
BitDefender Gen:Variant.Babar.99231
MicroWorld-eScan Gen:Variant.Babar.99231
Avast Win32:Trojan-gen
Tencent Malware.Win32.Gencirc.11850d07
Emsisoft Gen:Variant.Babar.99231 (B)
F-Secure Trojan.TR/Agent.nxsqm
VIPRE Gen:Variant.Babar.99231
TrendMicro TROJ_FRS.0NA103DD23
McAfee-GW-Edition BehavesLike.Win32.BadFile.dh
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Agent
Jiangmin Backdoor.Bitter.d
Avira TR/Agent.nxsqm
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Trojan:Win32/Emotet!ml
ViRobot Trojan.Win.S.Agent.285696
ZoneAlarm Trojan.Win32.Agentb.lbqi
GData Gen:Variant.Babar.99231
Google Detected
AhnLab-V3 Trojan/Win.Generic.R560734
BitDefenderTheta Gen:NN.ZedlaF.36348.ru8@a0w1afci
ALYac Trojan.Agent.Wacatac
MAX malware (ai score=84)
Malwarebytes Malware.AI.105397623
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_FRS.0NA103DD23
Rising Backdoor.[Bitter]Agent!1.E3FD (CLASSIC)
MaxSecure Trojan.Malware.193418222.susgen
Fortinet W32/Agent.UWL!tr
AVG Win32:Trojan-gen
DeepInstinct MALICIOUS