Summary

4bcce0ecfacf141f7edf5873501fcbad8ed558a3b5f6fc005ac90342f4032a47_unsafe

File 4bcce0ecfacf141f7edf5873501fcbad8ed558a3b5f6fc005ac90342f4032a47_unsafe

Summary
Download Resubmit sample Download yara

Size 726.0KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 8a904993cb5f4f983cfb4abcca7d4a44
SHA1 a7a8d8c822392cc3495fcc469bc6d2b7b93681b0
SHA256 4bcce0ecfacf141f7edf5873501fcbad8ed558a3b5f6fc005ac90342f4032a47
SHA512
e0099b3a9e7a273baf20a2c7c2e361d1ad253c857f041dbf10b1c630a545bae54b849af2a252886aa99cdbe0936ba11432872eb7d13acb8f428cbccaab0a725c
CRC32 7662635A
ssdeep None
Yara
  • anti_dbg - Checks if being debugged
  • antisb_threatExpert - Anti-Sandbox checks for ThreatExpert
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_mutex - Create or check mutex
  • win_hook - Affect hook table

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Sept. 13, 2025, 5:59 a.m. Sept. 13, 2025, 6 a.m. 70 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-09-13 05:59:02,000 [analyzer] DEBUG: Starting analyzer from: C:\tmp2pjrvv
2025-09-13 05:59:02,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\nSchueoLcWPBKijWnUujtNarHaDYhW
2025-09-13 05:59:02,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\QddtUFUNlxNIbQzEqgIwVVPKiiXru
2025-09-13 05:59:02,342 [analyzer] DEBUG: Started auxiliary module Curtain
2025-09-13 05:59:02,342 [analyzer] DEBUG: Started auxiliary module DbgView
2025-09-13 05:59:02,796 [analyzer] DEBUG: Started auxiliary module Disguise
2025-09-13 05:59:03,015 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-09-13 05:59:03,015 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-09-13 05:59:03,015 [analyzer] DEBUG: Started auxiliary module Human
2025-09-13 05:59:03,015 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-09-13 05:59:03,015 [analyzer] DEBUG: Started auxiliary module Reboot
2025-09-13 05:59:03,125 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-09-13 05:59:03,125 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-09-13 05:59:03,125 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-09-13 05:59:03,125 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-09-13 05:59:03,265 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4bcce0ecfacf141f7edf5873501fcbad8ed558a3b5f6fc005ac90342f4032a47_unsafe.exe' with arguments '' and pid 1416
2025-09-13 05:59:03,437 [analyzer] DEBUG: Loaded monitor into process with pid 1416
2025-09-13 05:59:08,000 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2025-09-13 05:59:08,000 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2025-09-13 05:59:08,000 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2025-09-13 05:59:08,000 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2025-09-13 05:59:08,015 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2025-09-13 05:59:08,015 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2025-09-13 05:59:08,015 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2025-09-13 05:59:08,046 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2025-09-13 05:59:08,046 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2025-09-13 05:59:08,046 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2025-09-13 05:59:08,046 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2025-09-13 05:59:08,062 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2025-09-13 05:59:08,062 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2025-09-13 05:59:08,062 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2025-09-13 05:59:09,421 [analyzer] INFO: Injected into process with pid 1832 and name ''
2025-09-13 05:59:09,592 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 1832.
2025-09-13 05:59:09,687 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 1416.
2025-09-13 05:59:09,750 [analyzer] DEBUG: Loaded monitor into process with pid 1832
2025-09-13 05:59:10,265 [analyzer] INFO: Process with pid 1416 has terminated
2025-09-13 05:59:13,500 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2025-09-13 05:59:13,500 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2025-09-13 05:59:13,500 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2025-09-13 05:59:13,500 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2025-09-13 05:59:13,500 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2025-09-13 05:59:13,500 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2025-09-13 05:59:13,500 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2025-09-13 05:59:13,515 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2025-09-13 05:59:13,515 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2025-09-13 05:59:13,530 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2025-09-13 05:59:13,530 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2025-09-13 05:59:13,530 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2025-09-13 05:59:13,530 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2025-09-13 05:59:13,530 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2025-09-13 05:00:00,289 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-09-13 05:00:00,477 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 1832.
2025-09-13 05:00:00,743 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-09-13 05:00:00,743 [lib.api.process] INFO: Successfully terminated process with pid 1832.
2025-09-13 05:00:00,743 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-09-13 05:59:06,304 [cuckoo.core.scheduler] INFO: Task #6968165: acquired machine win7x648 (label=win7x648)
2025-09-13 05:59:06,305 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.208 for task #6968165
2025-09-13 05:59:07,582 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1284397 (interface=vboxnet0, host=192.168.168.208)
2025-09-13 05:59:07,814 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x648
2025-09-13 05:59:09,417 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x648 to vmcloak
2025-09-13 05:59:22,687 [cuckoo.core.guest] INFO: Starting analysis #6968165 on guest (id=win7x648, ip=192.168.168.208)
2025-09-13 05:59:23,692 [cuckoo.core.guest] DEBUG: win7x648: not ready yet
2025-09-13 05:59:28,714 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x648, ip=192.168.168.208)
2025-09-13 05:59:28,798 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x648, ip=192.168.168.208, monitor=latest, size=6660546)
2025-09-13 05:59:30,003 [cuckoo.core.resultserver] DEBUG: Task #6968165: live log analysis.log initialized.
2025-09-13 05:59:30,973 [cuckoo.core.resultserver] DEBUG: Task #6968165 is sending a BSON stream
2025-09-13 05:59:31,379 [cuckoo.core.resultserver] DEBUG: Task #6968165 is sending a BSON stream
2025-09-13 05:59:32,260 [cuckoo.core.resultserver] DEBUG: Task #6968165: File upload for 'shots/0001.jpg'
2025-09-13 05:59:32,273 [cuckoo.core.resultserver] DEBUG: Task #6968165 uploaded file length: 133481
2025-09-13 05:59:36,479 [cuckoo.core.resultserver] DEBUG: Task #6968165: File upload for 'shots/0002.jpg'
2025-09-13 05:59:36,491 [cuckoo.core.resultserver] DEBUG: Task #6968165 uploaded file length: 135645
2025-09-13 05:59:37,590 [cuckoo.core.resultserver] DEBUG: Task #6968165: File upload for 'shots/0003.jpg'
2025-09-13 05:59:37,611 [cuckoo.core.resultserver] DEBUG: Task #6968165 uploaded file length: 133481
2025-09-13 05:59:37,706 [cuckoo.core.resultserver] DEBUG: Task #6968165 is sending a BSON stream
2025-09-13 05:59:41,794 [cuckoo.core.resultserver] DEBUG: Task #6968165: File upload for 'shots/0004.jpg'
2025-09-13 05:59:41,811 [cuckoo.core.resultserver] DEBUG: Task #6968165 uploaded file length: 135645
2025-09-13 05:59:42,911 [cuckoo.core.resultserver] DEBUG: Task #6968165: File upload for 'shots/0005.jpg'
2025-09-13 05:59:42,922 [cuckoo.core.resultserver] DEBUG: Task #6968165 uploaded file length: 133481
2025-09-13 05:59:44,574 [cuckoo.core.guest] DEBUG: win7x648: analysis #6968165 still processing
2025-09-13 05:59:59,668 [cuckoo.core.guest] DEBUG: win7x648: analysis #6968165 still processing
2025-09-13 06:00:00,626 [cuckoo.core.resultserver] DEBUG: Task #6968165: File upload for 'curtain/1757732400.62.curtain.log'
2025-09-13 06:00:00,630 [cuckoo.core.resultserver] DEBUG: Task #6968165 uploaded file length: 36
2025-09-13 06:00:00,746 [cuckoo.core.resultserver] DEBUG: Task #6968165: File upload for 'sysmon/1757732400.74.sysmon.xml'
2025-09-13 06:00:00,755 [cuckoo.core.resultserver] DEBUG: Task #6968165 uploaded file length: 154188
2025-09-13 06:00:01,489 [cuckoo.core.resultserver] DEBUG: Task #6968165 had connection reset for <Context for LOG>
2025-09-13 06:00:02,681 [cuckoo.core.guest] INFO: win7x648: analysis completed successfully
2025-09-13 06:00:02,693 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-09-13 06:00:02,725 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-09-13 06:00:05,501 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x648 to path /srv/cuckoo/cwd/storage/analyses/6968165/memory.dmp
2025-09-13 06:00:05,502 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x648
2025-09-13 06:00:15,921 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.208 for task #6968165
2025-09-13 06:00:16,228 [cuckoo.core.scheduler] DEBUG: Released database task #6968165
2025-09-13 06:00:16,246 [cuckoo.core.scheduler] INFO: Task #6968165: analysis procedure completed

Signatures

Yara rules detected for file (6 events)
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Take screenshot rule screenshot
description Run a keylogger rule keylogger
description Create or check mutex rule win_mutex
description Affect hook table rule win_hook
Allocates read-write-execute memory (usually to unpack itself) (8 events)
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1416
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01ee0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1416
region_size: 20480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01ef0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 704512
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1416
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02eb0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1832
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00500000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1832
region_size: 20480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00510000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1832
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 704512
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1832
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ff0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Queries for the computername (4 events)
Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: GODGTWDVGVC
1 1 0

GetComputerNameW

 computer_name: GODGTWDVGVC
1 1 0

GetComputerNameW

 computer_name: GODGTWDVGVC
1 1 0

GetComputerNameW

 computer_name: GODGTWDVGVC
1 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (2 events)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGUID
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 event)
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 16
family: 2
1 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 events)
section {u'size_of_data': u'0x00076800', u'virtual_address': u'0x00001000', u'entropy': 7.006295796321074, u'name': u'.text', u'virtual_size': u'0x000767f4'} entropy 7.00629579632 description A section with a high entropy has been found
entropy 0.653793103448 description Overall entropy of this PE file is high
Executes one or more WMI queries which can be used to identify virtual machines (1 event)
wmi SELECT * FROM Win32_ComputerSystem
Disables proxy possibly for traffic interception (2 events)
Time & API Arguments Status Return Repeated

RegSetValueExW

 key_handle: 0x000002ec
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
value: 0
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
1 0 0

RegSetValueExW

 key_handle: 0x000002e0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
value: 0
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
1 0 0
Executes one or more WMI queries (3 events)
wmi SELECT displayName FROM AntiVirusProduct
wmi SELECT * FROM Win32_ComputerSystem
wmi SELECT * FROM Win32_BaseBoard
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (10 events)
Time & API Arguments Status Return Repeated

RegSetValueExW

 key_handle: 0x0000031c
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
value: 1
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{092F0E6C-7874-4263-8D41-969F2B667EA2}\WpadDecisionReason
1 0 0

RegSetValueExW

 key_handle: 0x0000031c
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
value: Tl6Ô¥$Ü
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{092F0E6C-7874-4263-8D41-969F2B667EA2}\WpadDecisionTime
1 0 0

RegSetValueExW

 key_handle: 0x0000031c
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
value: 0
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{092F0E6C-7874-4263-8D41-969F2B667EA2}\WpadDecision
1 0 0

RegSetValueExW

 key_handle: 0x0000031c
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
value: Network
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{092F0E6C-7874-4263-8D41-969F2B667EA2}\WpadNetworkName
1 0 0

RegSetValueExW

 key_handle: 0x000004ec
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
value: 1
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
1 0 0

RegSetValueExW

 key_handle: 0x000004ec
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
value: Tl6Ô¥$Ü
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
1 0 0

RegSetValueExW

 key_handle: 0x000004ec
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
value: 0
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
1 0 0

RegSetValueExW

 key_handle: 0x000004ec
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
value: 1
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
1 0 0

RegSetValueExW

 key_handle: 0x000004ec
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
value: Tl6Ô¥$Ü
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
1 0 0

RegSetValueExW

 key_handle: 0x000004ec
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
value: 0
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
1 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)
Process injection Process 1416 resumed a thread in remote process 1832
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000004c0
suspend_count: 1
process_identifier: 1832
1 0 0
File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)
G Data Antivirus (Windows) Virus: Trojan.Agent.CHGC (Engine A)
Avast Core Security (Linux) Win32:Evo-gen [Trj]
C4S ClamAV (Linux) C4S.MALWARE.SHA256.AUTOGEN.64216411.UNOFFICIAL
Trend Micro SProtect (Linux) TROJ_FRS.0NA103HQ25
WithSecure (Linux) Adware.ADWARE/Amonetize.Gen7
eScan Antivirus (Linux) Trojan.Agent.CHGC(DB)
ESET Security (Windows) a variant of Win32/Kryptik.FSPO trojan
DrWeb Antivirus (Linux) Trojan.Amonetize.14386
ClamAV (Linux) Win.Packed.Zusy-9837875-0
Bitdefender Antivirus (Linux) Trojan.Agent.CHGC
Kaspersky Standard (Windows) not-a-virus:UDS:Downloader.Win32.AdLoad.a
Emsisoft Commandline Scanner (Windows) Trojan.Agent.CHGC (B)
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 events)
Bkav W32.AIDetectMalware
Lionic Adware.Win32.Amonetize.2!c
Cynet Malicious (score: 100)
CAT-QuickHeal Downldr.Adload.S1040663
Skyhigh BehavesLike.Win32.Generic.bh
ALYac Trojan.Agent.CHGC
Cylance Unsafe
VIPRE Trojan.Agent.CHGC
Sangfor Trojan.Win32.Save.a
CrowdStrike win/grayware_confidence_100% (W)
BitDefender Trojan.Agent.CHGC
K7GW Trojan ( 0050e8181 )
K7AntiVirus Trojan ( 0050e8181 )
Arcabit Trojan.Agent.CHGC
VirIT Adware.Win32.Amonetize.IDR
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.FSPO
APEX Malicious
Avast Win32:Adware-gen [Adw]
ClamAV Win.Packed.Zusy-9837875-0
Kaspersky not-a-virus:VHO:AdWare.Win32.Convagent.gen
Alibaba Downloader:Win32/Kryptik.b7e559c6
NANO-Antivirus Trojan.Win32.Amonetize.epgezx
MicroWorld-eScan Trojan.Agent.CHGC
Rising Trojan.Kryptik!1.AB97 (CLASSIC)
Emsisoft Trojan.Agent.CHGC (B)
F-Secure Adware.ADWARE/Amonetize.Gen7
DrWeb Trojan.Amonetize.14386
Zillya Trojan.Kryptik.Win32.1172979
McAfeeD Real Protect-LS!8A904993CB5F
Trapmine malicious.high.ml.score
CTX exe.trojan.amonetize
Sophos Amonetize (PUA)
SentinelOne Static AI - Suspicious PE
Jiangmin Downloader.AdLoad.mkw
Webroot W32.Trojan.Gen
Google Detected
Avira ADWARE/Amonetize.Gen7
Antiy-AVL Trojan/Win32.Agent
Kingsoft malware.kb.a.981
Xcitium Application.Win32.Amonetize.RKD@74qxk9
Microsoft PUADlManager:Win32/Amonetize
GData Trojan.Agent.CHGC
Varist W32/ABApplication.VDNG-2581
AhnLab-V3 PUP/Win32.Amonetize.R201436
VBA32 Trojan.Witch
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware.AI.DDS
Ikarus PUA.Amonetize
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.