popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ModSkin_Eng.exe

Confuser .NET Malicious Library PE64 PE File .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 3, 2024, 9:27 a.m. Sept. 3, 2024, 9:31 a.m.
Size 894.0KB
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 251506af767bc121f5e65970488030c1
SHA256 24f9581c4c049a77f803fd49bd07186960d913063bd24f735d6a8c8aefd3b037
CRC32 3F56674C
ssdeep 24576:evRd6SaQq7fasmvoSRd6SkaaSeKAjg4ErzRd6S:er6SaQq7fasm96SkFKAjg4Erf6S
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • ConfuserEx_Zero - Confuser .NET
  • Is_DotNET_EXE - (no description)

Name Response Post-Analysis Lookup
toolgamepc.blogspot.com
A 172.217.27.33
CNAME blogspot.l.googleusercontent.com
142.250.207.97
IP Address Status Action
164.124.101.2 Active Moloch
172.217.27.33 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49162 -> 172.217.27.33:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49162
172.217.27.33:443 		C=US, O=Google Trust Services, CN=WR2 CN=misc-sni.blogspot.com 19:1a:ab:37:46:a3:1f:05:55:e6:dd:6b:99:d8:a7:eb:f7:f6:d5:e1

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section
section \x01yJq\x12\x081'
request GET https://toolgamepc.blogspot.com/p/tgp.html
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000690000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000740000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3371000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3a0b000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 1507328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000001f60000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002050000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3372000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3374000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3374000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3374000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3374000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93bba000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93bcc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93bcd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93ce0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93bca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93cf0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93c6c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93c96000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93c70000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 249856
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000013f71f000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93cf1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93cf2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93cf3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93cf4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93cf5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93bbb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1440
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93cf6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000013f6f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000013f6f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000013f6b0000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000013f6b0000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000013f6b0000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000013f6b0000
process_handle: 0xffffffffffffffff
1 0 0
name RT_ICON language LANG_TURKISH filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_DEFAULT offset 0x000c4630 size 0x00021dca
name RT_ICON language LANG_TURKISH filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_DEFAULT offset 0x000c4630 size 0x00021dca
name RT_ICON language LANG_TURKISH filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_DEFAULT offset 0x000c4630 size 0x00021dca
name RT_ICON language LANG_TURKISH filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_DEFAULT offset 0x000c4630 size 0x00021dca
name RT_ICON language LANG_TURKISH filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_DEFAULT offset 0x000c4630 size 0x00021dca
name RT_GROUP_ICON language LANG_TURKISH filetype data sublanguage SUBLANG_DEFAULT offset 0x000e63fc size 0x0000004c
name RT_VERSION language LANG_TURKISH filetype data sublanguage SUBLANG_DEFAULT offset 0x000e6448 size 0x00000324
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
section {u'size_of_data': u'0x00038400', u'virtual_address': u'0x0000b000', u'entropy': 7.64610708328754, u'name': u'', u'virtual_size': u'0x0003837e'} entropy 7.64610708329 description A section with a high entropy has been found
section {u'size_of_data': u'0x00026a00', u'virtual_address': u'0x00047000', u'entropy': 7.9318627702517635, u'name': u'', u'virtual_size': u'0x00026900'} entropy 7.93186277025 description A section with a high entropy has been found
section {u'size_of_data': u'0x0003d000', u'virtual_address': u'0x0006f000', u'entropy': 7.999408663747741, u'name': u"\\x01yJq\\x12\\x081'", u'virtual_size': u'0x0003cfe4'} entropy 7.99940866375 description A section with a high entropy has been found
section {u'size_of_data': u'0x00026a00', u'virtual_address': u'0x000c0000', u'entropy': 7.931863464238448, u'name': u'.rsrc', u'virtual_size': u'0x000268f4'} entropy 7.93186346424 description A section with a high entropy has been found
entropy 0.871220604703 description Overall entropy of this PE file is high
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
Bkav W64.AIDetectMalware.CS
Lionic Trojan.Win32.DllInject.4!c
Elastic malicious (high confidence)
Skyhigh BehavesLike.Win64.PUPXAD.cc
ALYac Gen:Variant.Jalapeno.2645
Cylance Unsafe
VIPRE Gen:Variant.Jalapeno.2645
Sangfor CoinMiner.Msil.Dllinject.Vjty
K7AntiVirus Unwanted-Program ( 005b00281 )
BitDefender Gen:Variant.Jalapeno.2645
K7GW Unwanted-Program ( 005b00281 )
Cybereason malicious.f767bc
Arcabit Trojan.Jalapeno.DA55
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/DllInject_AGen.NE potentially unsafe
APEX Malicious
McAfee GenericRXAA-AA!251506AF767B
Avast Win64:TrojanX-gen [Trj]
ClamAV Win.Malware.Msilheracles-10022742-0
Kaspersky Trojan.MSIL.Miner.adbh
SUPERAntiSpyware Trojan.Agent/Gen-MSILHeracles
MicroWorld-eScan Gen:Variant.Jalapeno.2645
Rising Trojan.Miner!8.EA1 (CLOUD)
Emsisoft Gen:Variant.Jalapeno.2645 (B)
F-Secure Trojan.TR/Miner.pndrm
Zillya Trojan.Miner.Win32.17897
TrendMicro TROJ_GEN.R002C0XDM24
McAfeeD ti!24F9581C4C04
Trapmine malicious.high.ml.score
FireEye Gen:Variant.Jalapeno.2645
Sophos Generic Reputation PUA (PUA)
SentinelOne Static AI - Malicious PE
Google Detected
Avira TR/Miner.pndrm
MAX malware (ai score=87)
Antiy-AVL Trojan/Win32.Wacatac
Kingsoft MSIL.Trojan.Miner.adbh
Gridinsoft Trojan.Heur!.03011203
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm Trojan.MSIL.Miner.adbh
GData Gen:Variant.Jalapeno.2645
Varist W64/ABMiner.ESYX-2909
AhnLab-V3 Trojan/Win.Generic.C5560872
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.2894049159
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0XDM24
Tencent Malware.Win32.Gencirc.14162561
huorong Trojan/Generic!CB9646ADCF28380F
MaxSecure Trojan.Malware.242132638.susgen