SmartHawk

1.4

低危

53 个模型检测该样本为恶意！

重新分析

下载样本

20fd1e91dd3e54ce78766ac346c47233813384c40c665d6584727de246f56bfe

20fd1e91dd3e54ce78766ac346c47233813384c40c665d6584727de246f56bfe.exe

分析耗时

194s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.12	Unknown	0.05s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.75	Unknown	0.21s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Ipamor-B	20191104	18.4.3895.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20191104	2013.8.14.323
McAfee	W32/Ipamor.b	20191103	6.0.6.653
Tencent	None	20191104	1.0.0.1

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2002-07-11 12:39:26

PE Imphash

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x0000a000	0x00005a00	7.992413698654703
.rdata	0x0000b000	0x00002000	0x00000800	7.904367538935836
.data	0x0000d000	0x00003000	0x00000800	7.904268437962744
.rsrc	0x00010000	0x00001000	0x00000200	2.3687173072483727
.aspack	0x00011000	0x00002000	0x00000e00	7.944172622438571
.adata	0x00013000	0x00001000	0x00000800	7.908070542662566
	0x00014000	0x00003000	0x00002200	7.627016050177812

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_CURSOR	0x000109f0	0x00000134	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	None
RT_ICON	0x000120c8	0x000008a8	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	None
RT_GROUP_CURSOR	0x00010b28	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	None
RT_GROUP_ICON	0x000120b4	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	None

Imports

Library kernel32.dll:

• 0x415c2e GetModuleHandleA

Library user32.dll:

• 0x415c36 MessageBoxA

L!This program cannot be run in DOS mode.
:o:n%}
:n~%d:n~%e
:nRich:n
.rdata
.aspack
.adata
B2SKG@
;(Umsy
"}dPuG
5|M>]b
g>nY"
qHz&9UF
Q.QmN\<
N=)dy6`bj
g%3]^(=B_
+(Dl{H4(TQ<o
\.X}9
YO<0dj
Pzt4sZHX
Y$dHg&7F{5u1q
hFSne4
:3Y#:!h
7I0;+&n
w}9#(] =TKBN<
_E9H{W
RZ)F7"i7,
K^9S.58
c}|<_l"b
L}-=l0s
t;S\Lt8
^RTy?y0)
L7T3$0~mHU
F_tmy6
y~*HeTTL
R@OweP
#Rh,Th
O[nk|
T!RM0K0ups
/=7{>\
D(,H[.VWZ6R
P*F,xz
B?ZN t
5Kj^xX.
}j7o)qZBX<
46>ku1$3OBP!
f."&T~pe
_SJEjk0~WY
h4"iny.^
mtER{|$P~#q5
5fu.86f7
2GCwMxU
) sTLl"
OvUkG</$
SK=9BR
)cG?b |cYG|W
%Ptj;P
AZ71K @jP
4Js`_x
*+AFd4
6LV6EhR*
JMTaGA&e!
'!0N`'(,;j,Md
MsWDOEI4
Rg;+?YpO*
:?J82c
aF2`-a$8
dMg"/@$g9\&}Z,v,gvjf|
;GB_Xwiv(}'
ka_UC5tR
?@|7G[_
IjujO{=1
ek__dF
3Sz,_+
j}|~qQ\!
,_o9bp
6{+T(-?
DM9\\&
 !L^~l
H}1?[pUzp
-\QRx5
n]L$j,C"bh{,
\yQ=QzE0v
:2oqz1
GKd0aO} s,
n&NE-D
e$CW<Z
Zq^SUaCJ\
W(nERm
{Wj{q@y
CifYO:)r
!uT\~
9cjRSer
v^0z3Wx/{{g
{+cjCy
_<ZE^yX\
otB"10
dak:'vZQOH
Egl6\9G f^8u8$5tX,
[$iva;4
FUG4N
,\xMP|
/`%zgan~
vt0"Z(/9WC
mB^ucL
U!>@4BbO3n+pBd
y *VK%1[No
B2YfkIfd[qOz!
BMV^--9(
oI5?Kp~s<I 0
.o~E3AE*<D=0 9*xOY^
'>L&b
lLdj-#
=N$vxT
2ldP6a
8h*y.LqiD5
B"tq07H
f/4rdF
SM3pdP`b
%9-N`t%n+
__E^'0
71T"|$0
-#BZ'u%8jh4
Qh}sCxr*
%-Y/u(
Thnv(O6
W\-H~n)~5
FNd" Rl
!acH[}
W!6qs}
JYI3ussz
373+y/U
RFnah?F
>-EJo0}[S]xkR-^
NoaW.N[D`
.EJI8oaC
x`p)X,
91;DwGB
EE[)8N^
+smI]S
>9B;vE
V6Dx_%
2_Sml(,K/*@PS
G;+Arz!
8ifToMI
wK#6Q4
BDP_-`-
`iiR1 na
r|T4P}:
 3eQZMdM
.?xt5<
Y=ajnm
,/;.s![q
].|efk*$l@/7Ef
I z5#+OM1i>a
$f96c[e3
e&WFHBYBKf?E
0s4&i1]>'C
:OG2V.5;
U={94=
~LTJ_Wd87wO1
!siHFp'Cf::) P..t
{)z:@Ba|o|
,<,74o
W[Vklty,5=~
dl_iI%
vqy8"4
 hcCy-iDx
ryfP9_CW.$,b#u{
1%OPMQdn}
x( &y$_[
j`&}qEj
1*!qO*Xp
fcW@y<
;fZe,\L
kHS9CB*&
ZT\hJj\
@?-Qj
!h=i9m3
s4/;D}* 
C.k'EA]};
+}BZ~,k8
@cULK.g
Asl{N[4b
,s"kH*
"mo3c')!QB
H`@G(v6
@O;hDT rTq
B"6C=n
|+>#EXI{$>
o*~Lo3
98Zog<8[,'
rXtv&Cu
Q|CB$W:
|yyb.e
5xQ!tw!a;bVQV0
>D[?QL8P
s^{RUy[
*:S\?YHr%6
yNR5^(CM~
K/@qHHmXbK
vX,6d3
&oOV}?q5
G.NS(}TBk1;~\Gf
O<sTAE
W$Z.Y]Qc~3|$ POO]
){)w|#w4$/V
`=-'<O
)W:"LW)-
r6JcH1
u5p"E[Pv
}y6d{rQD-V)
'{zCA&&%=Pg8
ivR7D~-*H?^c}
)-n3p$s2Y/NPN
?OZ;"fW
N^{iGc;
qWg;.[+nki
E:3ekBVTr^
M6E/iT
.PV6M^_V@2+h(}GDR
dPL%d%"&.A
?Ykz_$
~L|u9|
;Td[B>\FD
^]0d[]rs
.\SC#6
dBRVECHGD
@ftG@R4
@;_1D<
d^l]t6
|Me{Yr
1v?&fCF
}SwOZ_Sq_
_4/E6/3-CuC}"
a6j#>7
7vt>ED
Do,yE$yE[F6<o{>rq
?t=iEI
j$.D[=fB
(QAde%y
ZD=WU7 31|m
&S`(h7J%f,
{gv(;}VP
_HO[5I2S
}IK_%
C&`czFe
#9Pmdtws
t/Qe>>
g_Q`,+X
$\f$ag
Q0<M'5=IKOsxfy6ECD!?h
"%vT~WONDStS'|f,9c
tE0+b4
Xk.y>e
|%ETK0sM
nFKaiyrJM*^B
|mhQ$i
?g:`*f+
U7vOcXpS
2Zh/2B
Dm7,NRmj
}#ba_,
I]SF;`ahc
t]1a6s8o@
7*Fx'|3#Mhy*8_
@gJk#JSCA@
PXpQ``>
8n_.rtU8
q]Nll
\- "#w
;Y[G]5&%)0uY
hA%SiN[3c
Bt x;we
%+Sk1XA
8Er(=pjsnJ[
Ui[IJ]
2-,(H#
H!5`\+%+yT
{Hfpp>s
8}wwj`5
x`Ve#zyZ9>
?u.v(
Ds<gQ]Rpt+Y
&mXj0&j.
ju#zJH<#
 gN8a+vZCw
MM.afYw?
U(;*Y"[z
ZZ4l|FhG5P
p<Y}F
@P$f"rfV|o"zf
VDxA=3'Q
&./sky[P5J`bx{
Zy~b(;q'l_
SK&;-S[
_*FuiDf
P/lUcW2tEN
85Ux-p!$si"e
dta ,.%9
Wx=aMi(
mw4tBzH!-lD0c0-#DBC
hJ`LfMRw_W
Jm1;o"og
[B9)\f
jwTDce
nszinN?7b&
`"ik<XXhHz[M
T+7+-S
RWU". 
]$|vE@/5TAx^6}9H
b~C[K>"Xh
K@e,24
i!ar2v1
fb3O9
XA(&gtt
W$]=HE7K
CoubdbtM
H'B5zE
b-S6F#[7-TE:9
i&?q|1%
hp6U@6<
&b'N#Pi!L
c!|YYi'uvI_
f1HZSA
xrF[)5
?T&\HJ
aF@,3O,3*
D:@]"o
f3F{9H
1Wa_.UcG_
h(<ND) 
zge8ZDwi9
|z+kk"[
\)>/f1dD
Kr"y:TW]
EMh[H'
5p|=*]`='
<Bp{54=7Z,6VlS
w{_S$)bDt
|osT|0
'1YaEztsu\J
d9dU`\NJ0c$I*
)33vGP3mBz9
hYkoVk
E)E`2]
lN}/lA
Y9G-[,8|u
yyT0k%n@ipI
U>[qJl
:=7{;Wc'PH
4`o]">M.
GSw^Lvi-Ik`z
8ByF^<lr{@(a
O6!-">ft2dhJ+H
f/~z!U6
"'?CTm
W~kVDi-M
V<]jdLE>
aT&cA]
{t-kM& PfI
*bBh)c~;!;
rY4-~/
C]%DoQ%}
;NR, w
)H0fKBxg
07' <#T
!HYxAzY%M
sY)<jW
kygSzt
c-|"37.aA$Lvy<
u<.{=nQ,%"ZCc1
0IJNF@w
']hx&d
]t7ic9s)
CqW/xA+
Ol-d{k\_ot$)C2[b
"j=Ya|
_WECzcf
gQ<ZlwevdVn"cp<"
-^/%}FG1+/^
?QRbV|AG.?CR
s3|y"^8CNi
 oOSwN#[m 
4ncTsBBA4/
`|l%k[
A{Bb`v`
S vo;/
\0p4z#dR<
;6`&&o
%!_L`4n Vp
Vo@$DD
O[wK,D
djJb.#`<'9Jf
,|'{[p?g 
Y\.W/v*^
XI~]oV
Qqzv"%{Ti
-XNPt@
 T2?eV
4 {PNeO
4+N%.%
iNGbzC
]v*itb
U}@U1|
_*^!4k=
,IQ5<-i{ 
=3-5mF
ig.U-p
P,ffVsu
m3n.G"
>fZXI|mBE
] O3F>
b;fz5y6:
}O_:y/
7Nhhd^-}Hhi \zd
$E7.A\DecPM)
Zj|"VgRlux*s|;z
l?BRPhg;*
%YeVA<V|
;19y0L
a?a&eh5*;
Q_SFgxI>_Us?14$
>0"{=n
]+qXJ^"/iUhm"
n,Y9,V8*O
0&/L$:=jz^P>
#>yXA/SF>#yT[
0zX#gt
Q[:TELsjj!
f%s{Qy
B7S3IS
q-%4H( J
*/`A5Y
4oxQfiS
=IdORMfmb
C532+6Vso
Q]*(-_;
9la&A(oX
Nc/9xP'Q^
[{mO:H
[whj]4b
L@@e)5
1;w4.+ZS<w)
Wqc1s6c[Y
OtG|%<{
K)dEtvx.
k0NM>E}
oM#{zk8rh
p9D9^Fd
3Y`(=X
%|,QcNwZ^&5A
xnoEy8?@ 
 _w{raS
H(5-wT{J[^
H!3rv'#`p
IKvr8D?(
LV~Bzu >N}a5LNV
km1xYT|D
OxWRBZ
CC$b@\8Dq^
3>Mf37nt
6](Ni`
9YhBs:,
"VzE_g!ic)>
F`tsN/]5
`^RW2(
`p=$8J
FB/]6Q
8q%B7}
@wg.+=
 v-Q]j
];@]V
98p(]3MH
Qx=v)(
[h,|1T
hhPsCl
+HbKe:%ow#I>
r'~8,T8[FJ>i=_>
dP;)elCv
+7`9+Yq7i)o
C|S4br
J::B(q
3.:m'5z
WE\FF[B
bSUHXGKAmn&
P:_o (,
{ZH:fi8J"
b3u,{|R
Z@!/c+'#4J_UN8o
YZTN0&P^
R%UsQ'
bBW>(_
OP(I 5
{rf HpJv
V7EKyPraa.:
2;+wN}6z@g]
o0&]p~y=)/
1*[eFyzR
@Q*U4pb*
a";xk9
GBThQL
(73?#gt
4;mEm|{
*WK2F8:!|+!6
(;b1.J
Tvo>42beG+
6xJ-IQ"}
jqke!6/ 
-S}4,t*S/
]_P37:4>
:h2.orz[IrTex
d9ZE+;J
;>vd?Uxe
CR3;gzpq
06O#Zx?wRs
j]&O\%'"BE
1J=0e132)
)y:vLA\
(Ekx|Bu
^r}$~K
;~BA$%j0I/_
){;UPr`]
8\(N=@g47
c5qF~Y
jU/WBj
c?<} QKF
H#'VB/
q!/I[
""VP`8
k4jnoHrSJ
>!22NPamPZIR
p}ybGj
xF;t4jml
i1"5<Z#Gq4fXCLg*87
_-/\fE1(
QEf59IPGO
8Kbs]I
O^~R)s
ue+ZT'1
HyO+$X
[2B*k~8V4
FM>8g{7L
m0\.8k8
-d<ORK[91
JZ/JH>$YzyIE]B`U,
4mJ5RfC
v-<kk|i
-`ti:J
Khd? }
&bP%z4D
,Y4b#pDt3<+
Df`Rc%%
kfQN+PV
bw^H4kr
mSTI#Z
:J\Xwb9BD[7^
F`ho?X<
LW.M6[
dUd*)cf
DJ#F]dV
a`c9aN!cK,v7
vvApy^2ZL7n
}:h]kg%
jf0}&|Zc/L_=|
"aI"jwRG*Y]/f[9#fFl
W];1n>
$#y+):
XM{y>1z^y
t{rTax
ErnZ.o<
^ZjkQV=d{Ym
H}076S&0
HEdI3M+obN
|YR@Hf
oeTv]p
BAj(JxHcI
&pj@"8
x|~e4JA
$uZBLh7=7
^k<Ht4
*KS(\R
\ >,jEig=,bmt~"kUY:
Mj uTAH^'Y5O#i
V>4B=u^Ag
}c4GZm
QcQoLU2
JVM3%!
W{-fIkOL
Ua<MRCS0&a
6'i3)P-v
Z%|h7l
W~=5\q
mx<lW}
A_6{EI?R
2Lc/91
ZnO;2 
R0D}UY;
tI~W4U
t>\T4#
?1u>;8
4K^94fT=%ZrkD
?jSC@%
mgsjGW
*:Sy(%l
f?a%S_3]
2KoYeFXD
#wz,3O
"uV.hz
?v?Y]I
|<*nL0?
A&u]4(.Ea$>d
!ndYTV
1k-&uSs^G
WkD;cw
Kqu|AqkU&
Jeot}~0'
3mOz$&R
%DmW:Z
kQUV$f< B
w;OHQ@J
2uu-X)
pAvo:wK
dJ=MNH
ky}'cz
=jL*]iG5qS>
An/C#[
8[CX}&/GV`1a37[
'Eu%dW
FPWb5kG_e.4$*
:d[.6T*
QzW|^%
 reJ A
KWihvoD
wtHw[/
~rSyb6
0)jtgW
EF!a%*
(1K6VfX
'mzyJR
x0feU*)Ln).
C$<tmCIf
Yw7~]j
STB8Xu
8?hW3} MO
*I|~;~?
yrNE-uz$.B
`licp{Cx|
Wt8w;HnI
"Q+gH},XLNNzV
NrtFIG7yFR@~
T3eBJT"
,(FZ%}Km5li
eW&id.khx%18
N/4 P/D
y_AckIv!`
#Z\pjCLAD>
LRq^J1wh
>ynht]W
!yuqJd~W
Whma@C>x(}
mY!'^d
$\@m_.U
7^L(Z^\0^JHD
ifG(`TU
f4Vq[y(A}
gt|e}x=A
,6p~"
TLdQ[4
f0'@5ld-{g:6qb
/!/h/s
:VpF,
f>:><'
X~KgI
Nm\J/HgD!#
r[]@A,R
T[IX 8x]i
R=2Em<*i
qyCO$
Bo>7+2MYO
tpC8U<.
tJfqGZKG/
:'a?0i
~CRCF)7iADN*r
KY{a?$=<py88E??F
5G_IxJTz"=/lR\3
[D5S(wG
m9v]aXK.=
;s[k)A
";BL6=r 
,F-BwD
(+zA7ASF
suL*3$3M?iAL2UqZT$uU2
ARM<_U=A{H
O%.sPq%5x)
)yH3`jt
(,yK=O;
IjT^!Z}
Wn%Xr\NI3t(I
)" Qn?J
K+-[:{
4=v~4?3o
9;bw`to#d_"E
M@$bA~
*p (uHV/
iO}'hQ
YtW=b5em
LiZd4Q
WTreK
R=hRUK1#Ox
HC@JJV
-#RPy,8Y-
aKIEht
7ZrvAHaJ1G%
FWzs29
@.I{r1
_gj:=/]
:UJ6[;
yoMY$4
{L<0ef0>
#5{5J4)
3Ka1T5
@=KtfY
Wb582B
rJ|J@ q
"([UG^K?<
}::Cm^x%=L:
iMnbxT
rUMfuJ
xEluJSi
!1-R&N4
M0AKog0D#N+
1y%'E$w
o>jzwD
+#!&UhR
_WeNRL=
:/YQ-2y>08:
CUYuL@
7}]m]&
m&dx|--j/
\>K=4/"
/`y!UUX6<
(#Mv{2^[
%FTR[mV
%MsQP!G-
L:;{d<rcB
;|\+RCf
2i2:T@Fuvj&C%
a k:xb
ZG@5SC
C'hb.D
.R\Mq^l>P\ xt
TC.1cfYe3
Y]6PAb2O_jA
)*5<BA'5P
5@o\C<>
uCw;.G*E
Os7/~M
v4D'(?n
3d3d#s
nKk?12
2+fopJ
J@LH{G4O
T\e/.\`6d9+P<
vep*!{;"
GK=28c*
kernel32.dll
user32.dll
GetModuleHandleA
MessageBoxA
>]WMtm/$/
zg0:)*;nMB$
%zRQoF
O!#|R/eM
SU]zfrEu4
gvZu4Rer
!~NS'2Z(
|zG2:6#rX
i3Z,/ i\00/
gt[4z;"uO
nvJ!4SMc
L!This program cannot be run in DOS mode.
FjFjFjK8
BjK85RjK84Lj
j4EjK8
GjFjBGj
GjRichFj
`.rdata
@.data
@.reloc
t@>,uW39~$~
SWN 5u
G;~$|[N <
EP$t#e
QPrt:u
3V~UVW}
@C&PC$PK
@C&PC$PK
UQQSVW
EtauPmx
tJ9>t2;E
_^t];E
t|3f9S@
9K0tqC(EC
EEPs0E0
u,EPs0v
C4EC(EC
YEPs(}s
fC@<UVr
G G$O(E
G G$O(EX
3_C$^[VW~
F }~<~T~`~d~h~l~p~t~x~|
V|j@QP
3_A$A(^
QRLKpt
VjPQ,h
x=?w5j
3@_^[]
PuSW@n
M3SW3f;A,s9]
QVPPMe
3f;}q}
PP3_[^]UH
B0;|vEURWP
Q x_EU
PQ8x8E
UxItSB(
t\SVWj
jXWjZWWj
t\SVWj
jXSjZSSj
PO Hf^
UQSVW}
P]UVW}
3tWf} fu
Q+PRVu
Q+PRVu
M!MtLPjB
EPuPQZ
E3f9Mj
E@YYEf;E
]E]Ph@
i]u EUu
PQ(x.U
GpPQu 6}
j73PPPPP7
RQRP*U
3MWfEVE
7]uu)e
j07]uud
j07]uuCd
YYt Suj
f>{EPVu
tE.r'/v
]UVWVF
V3FK4tCe
fuf99u
fuf91^u
Wt.=X@
u3_^]Vj
q`M3Eut
tIM+MQM+MQ6
3M_3^&Y
H4VtAe
YYt;\"A
YYt;<"A
5VW3y(97u
PQ(_^[]
E!M!Mj
M_^3[5S
73[_^]
3Vh3<@
39OuQQQh
39NuQQQh
UQQSVu
W<$Rh8@
O@$QhH@
zu@3PPu
VEE WE3
tF$ u3M_^3[MJ
VEE WEO3
tF$ u3M_^3[I
EEVPF
3@]3]j
YYE!}t M
PE0VQ0x0E
VPL3jE
!wC$i@
WPjT4j
PXLT0P
M3_^3[ZA
3Ah 1Ah3]
N8FHflPh@
N8~HNl
N8~HflWh@
K(VPh@
M3_^3@[X<
K(VPh@
K(VPh@
M3_^3@[:
u3GWSXYYVu
SSPQR,A=H@
M3_^3@[8
03GWS8YYVu
SSPQR,A=H@
M3_^3@[]6
tY9_dt`
2SPSjRV,E
E+EPE+EPS
EtMPEPW
PW3PPPjj
3PPWuuPPS
3M_^3[C4
EPb3M3^3
2SPSjRV,EMt
WQ~Ndt
QPDNtt
t'Itt 
SVWu~]
t83@M}
u3_^[]
SVWu~]
t83@M}
u3_^[]
u0Opt`E
V3";5!A
Nwft`+t@,t--t 
tFStt?
QPPFdj
WPE+EPuuv,
M3_3^^!
!EMM+uVp
jPWNUQP
jPWNQP
M3_^3[
3Al 1Al3]
3SSPPWSSSjj
uE3f9K
Ej{Yf9
;w~uY3f
Ej{Xf9
t,E+VPWS
E@UE;E|E
Y_^[]UVW
9t'9^
3VAMp4t4u
SWX43G
;u!v jv
YYu;SVZ
uEtfEfE
Et'jZP
MOYjZS
MEWc^M_3[Y
3A| 1A|3]
3A|@1A|3]
PQd3^]
hANb3^]
1A|h>3]
xVEUR}h@
u$EUu u
U4SVh!A
PFVESPj
3u3}!u!u9=!A
3@]3]j
EPqtAe
u4u0u,u(u$u u
EPpt&e
!u95!A
pt5!uu
EPWot"e
Y]Ujh@
ESVWPEd
3WfSP_
3WfSPH
3WfSP1
P 3PV ( tMhl@
EP PV|
fEfWP}
EPPEPH=t@
(PPt,wVS(u`M($j}.HwVS(E
VVVh(@
PPPh(@
Y_^[M3
~4_^VF
;r_^[U
EE8csmt
EEPEPu
1E3PeuEEEEd
Y__^[]Qh@
EPeuEEEEd
3uuu;u
Fu3@EE
Y__^[]Q
3PuEEd
3PEuEEd
3PeuEEd
Vt%Wh6@
3F95l&A
Y;=l&A
u,5l&A
f;wAft
8csmu%x
3SVWH<
B(;r3_^[]Ujh@
1E3PEd
Y_^[]UE
ME3M3M3;u
;r_^VW
;r_^Vh
^VVVVV%
MkM8mMTFmM`;mMd0mMh%mMl
mMxlM|lM
jMkMXMiMkT$
J3<J32\@
MiMjkMiMZkT$
J3J38@
J3J3p@
cMjMjT$
3hJ3^$@
hgizioiT$
30J3&@
(h(hT$
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GetModuleHandleExW
IsolationAware function called after IsolationAwareCleanup
Kernel32.dll
GetSaveFileNameW
Comdlg32.dll
O.59N\IPK
F@Qm6t
On((I8AO
Eula.pdb
OutputDebugStringA
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
FindClose
FindFirstFileW
GetFullPathNameW
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
MulDiv
lstrcmpW
lstrcpynW
lstrcpyW
lstrcatW
lstrlenW
LoadLibraryA
FindResourceW
GetPrivateProfileIntW
GetPrivateProfileStringW
CopyFileW
MultiByteToWideChar
DecodePointer
KERNEL32.dll
UnregisterClassW
RegisterWindowMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
MoveWindow
SetWindowPos
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
CharNextW
SetFocus
GetActiveWindow
GetFocus
SetCapture
ReleaseCapture
EnableWindow
IsWindowEnabled
CreateAcceleratorTableW
DestroyAcceleratorTable
GetSystemMetrics
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
SetWindowContextHelpId
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetParent
GetClassNameW
GetWindow
LoadCursorW
MapDialogRect
USER32.dll
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
GDI32.dll
RegCloseKey
RegCreateKeyExW
RegSetValueExW
ADVAPI32.dll
CreateStreamOnHGlobal
CoGetClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
ole32.dll
OLEAUT32.dll
??3@YAXPAX@Z
??_V@YAXPAX@Z
memset
??2@YAPAXI@Z
calloc
malloc
_recalloc
_wtoi64
??_U@YAPAXI@Z
memcmp
memcpy_s
strlen
wcscpy_s
wcscspn
wcslen
wcsncpy_s
swprintf_s
_CxxThrowException
__CxxFrameHandler3
MSVCR120.dll
?terminate@@YAXXZ
_unlock
_calloc_crt
__dllonexit
_onexit
_except_handler4_common
??1type_info@@UAE@XZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
IsDebuggerPresent
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
EncodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
.?AVCAtlException@ATL@@
.?AUIUnknown@@
.?AVCAtlModule@ATL@@
.?AU_ATL_MODULE70@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AV_IDispEvent@ATL@@
.?AUIEnumUnknown@@
.?AUIAdviseSink@@
.?AUIParseDisplayName@@
.?AUIOleContainer@@
.?AUIOleClientSite@@
.?AUIOleWindow@@
.?AUIOleInPlaceUIWindow@@
.?AUIOleInPlaceFrame@@
.?AUIOleInPlaceSite@@
.?AUIServiceProvider@@
.?AUIDispatch@@
.?AUIOleControlSite@@
.?AUIOleInPlaceSiteEx@@
.?AUIOleInPlaceSiteWindowless@@
.?AUIObjectWithSite@@
.?AUIAxWinHostWindow@@
.?AUIAxWinHostWindowLic@@
.?AUIAxWinAmbientDispatch@@
.?AUIAxWinAmbientDispatchEx@@
.?AUIDocHostUIHandler@@
.?AVCMessageMap@ATL@@
.?AV?$CWindowImplBaseT@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@
.?AV?$CWindowImplRoot@VCWindow@ATL@@@ATL@@
.?AVCWindow@ATL@@
.?AV?$CDialogImplBaseT@VCWindow@ATL@@@ATL@@
.?AVCAxFrameWindow@ATL@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AV?$CWindowImpl@VCAxFrameWindow@ATL@@VCWindow@2@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@
.?AVCAxUIWindow@ATL@@
.?AV?$CWindowImpl@VCAxUIWindow@ATL@@VCWindow@2@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@
.?AVCAxHostWindow@ATL@@
.?AV?$CComCoClass@VCAxHostWindow@ATL@@$1?GUID_NULL@@3U_GUID@@B@ATL@@
.?AV?$CWindowImpl@VCAxHostWindow@ATL@@VCWindow@2@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@
.?AV?$IObjectWithSiteImpl@VCAxHostWindow@ATL@@@ATL@@
.?AV?$IDispatchImpl@UIAxWinAmbientDispatchEx@@$1?_GUID_b2d0778b_ac99_4c58_a5c8_e7724e5316b5@@3U__s_GUID@@B$1?m_libid@CAtlModule@ATL@@2U_GUID@@A$0PPPP@$0PPPP@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$CComPolyObject@VCAxHostWindow@ATL@@@ATL@@
.?AV?$CComObject@VCAxFrameWindow@ATL@@@ATL@@
.?AV?$CComObject@VCAxUIWindow@ATL@@@ATL@@
.?AV?$CComEnum@UIEnumUnknown@@$1?_GUID_00000100_0000_0000_c000_000000000046@@3U__s_GUID@@BPAUIUnknown@@V?$_CopyInterface@UIUnknown@@@ATL@@VCComSingleThreadModel@6@@ATL@@
.?AV?$CComEnumImpl@UIEnumUnknown@@$1?_GUID_00000100_0000_0000_c000_000000000046@@3U__s_GUID@@BPAUIUnknown@@V?$_CopyInterface@UIUnknown@@@ATL@@@ATL@@
.?AV?$CComObject@V?$CComEnum@UIEnumUnknown@@$1?_GUID_00000100_0000_0000_c000_000000000046@@3U__s_GUID@@BPAUIUnknown@@V?$_CopyInterface@UIUnknown@@@ATL@@VCComSingleThreadModel@6@@ATL@@@ATL@@
.?AVCEulaModule@@
.?AV?$CAtlExeModuleT@VCEulaModule@@@ATL@@
.?AV?$CAtlModuleT@VCEulaModule@@@ATL@@
.?AU?$CAtlValidateModuleConfiguration@$0A@VCEulaModule@@@ATL@@
.?AV?$CDlgEula@$0MK@@@
.?AV?$CAxDialogImpl@V?$CDlgEula@$0MK@@@VCWindow@ATL@@@ATL@@
.?AV?$IDispEventImpl@$0MJ@V?$CDlgEula@$0MK@@@$1?GUID_NULL@@3U_GUID@@B$1?2@3U3@B$0A@$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispEventSimpleImpl@$0MJ@V?$CDlgEula@$0MK@@@$1?GUID_NULL@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$0MJ@$1?GUID_NULL@@3U_GUID@@B@ATL@@
.?AV?$CDlgEula@$0MJ@@@
.?AV?$CAxDialogImpl@V?$CDlgEula@$0MJ@@@VCWindow@ATL@@@ATL@@
.?AV?$IDispEventImpl@$0MJ@V?$CDlgEula@$0MJ@@@$1?GUID_NULL@@3U_GUID@@B$1?2@3U3@B$0A@$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispEventSimpleImpl@$0MJ@V?$CDlgEula@$0MJ@@@$1?GUID_NULL@@3U_GUID@@B@ATL@@
.?AV?$CComContainedObject@VCAxHostWindow@ATL@@@ATL@@
.?AV?$CDlgDecl@$0MP@$0MK@@@
.?AV?$CAxDialogImpl@V?$CDlgDecl@$0MP@$0MK@@@VCWindow@ATL@@@ATL@@
.?AV?$CDlgDecl@$0MO@$0MK@@@
.?AV?$CAxDialogImpl@V?$CDlgDecl@$0MO@$0MK@@@VCWindow@ATL@@@ATL@@
.?AV?$CDlgDecl@$0MP@$0MJ@@@
.?AV?$CAxDialogImpl@V?$CDlgDecl@$0MP@$0MJ@@@VCWindow@ATL@@@ATL@@
.?AV?$CDlgDecl@$0MO@$0MJ@@@
.?AV?$CAxDialogImpl@V?$CDlgDecl@$0MO@$0MJ@@@VCWindow@ATL@@@ATL@@
.?AVtype_info@@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
0,010?0D0R0W0c0m0s0w00000
1*1Q1111 262?2D2I2[2f2o2t2y2222222222222
3.3B3Z3333333
444?4R4^4j4s4x4}444444
5s55555.6G666l77788888)9;9B9P9_99999%:::::0;a;h;o;v;};;;;;;;;;;;
<2<K<R<X<n<<<<<
=A=j====
>D>O>>>>>>>>
?.?3?J?g?????
M00000@1w11
222o22222
3#3*3@3]3m3t333333
4#484M4T4i4p444555$67
8999<:b:6;j;;3<8<<U=======>N>S>Z>>>>>
?$?G?t???
0.0<0L0Y0`00000
101=1L1q111(2+4s4~44
5G5u5Z6677
9A9Q9u9{99999*:::::::+;;;
<i<<<Z=_==
>^>z>>>>>4?N?W?c?i?t?????
R0c000
1Z1z1111182o22
333#454u44
5-5>5555
606u666%7H7g777748G8f8888
:$:A:I:Y:n:{:::;k;;
<<G=X=j=======
><>U>f>x>>>8?]?s????
0I00021|122f33333
4'444;4D4`4y4
4444:5{555
6-626<6F6N66666666666b7j7p777
9B9H9h99999996:B:q::::
;;I;;;;
<.<4<f<<<-=>==
>7>[>>???
0-0Q0000
101k1i2p2222!3i333
4A44555
6?6666666)7Y7^777
8I8888888888888
99&9-949;9B9I9P9W9^9w9~99999999999999999999999999999
:=:%;:;_;m;
<+<N<U<m<r<x<<<
=3=8=>=d====
?;?Q?j??
,0<0K0Q0x00001P1111111%2\222
333F3L3r3}333
4P4y444
5G5T5Z5b5x555555,6_66666D7777
8-848A8c8z8888888
9&9-969b999
:Y:c:r:y:;<<<>?
R01&45I6
7=7[77Y88$9E9J999
:-:P:h:|:
<(<e<<<
=I=X=i=y========
>->>>`>o>}>>>>!?1???
3?3m3w3333Y44
5 595H5k5z5555G6R6s6
66666666
7#7C7o78 9D99999999
::C;d;
;L={===S>\>>>>>>>>>>>>
?*?B?a????????
070S0X00000091]1q111111
2)212D2g22222222
303D3_3j3t3{33333
4+4A4444
5I5j5555
616<6Q66666<7X7e7k7777
8/8>8G8M8S8888888
9"979H9N9c9s9z999999999
:~:::::
;';-;@;U;`;v;;;;;;;
<Q<n<<<<.=5=R=======
>R>r>>-?9???Q?[?d?n?t?}?????????????????
0,0?0U0u0000000000000
1O1Y1_1i111111111111
2U2[2a2g2m2s2z2222222222222222
3 3)383~33333
4+4?4E44
5&5/5<5k5s5555555555
646W6}687^7777
9/999Z9d999999
:;:::::
;@;s;;;;;;
(3,3034383<3@3D3P3T3X3d4h4l4p44444
6 66666
7$707<7H7T7`7l7x77778
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9999999999999\:`:d:h:l:p:t:;;;;;;;;;;;;;;;;;;;;;
< <<<<<<<<<<<<<<<<<<<<<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=================================
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
? ?$?(?????????????
|00000000000001111,202|22222222222
3(3,3D3T3X3`3x3333333333333
4,40444<4T4d4h4l4p4x44444444444
5$5<5L5P5T5X5\5d5|555555555555
6(686<6@6H6`6p6t6x6|666666666666666
7,70747<7T7d7h7l7p7x77777777777777
8 8$8,8D8T8X8`8x888888888888888
9 9$9,9D9T9X9\9`9d9l999999999999999999
: :8:<:T:X:p::::::::::::::
; ;$;(;,;0;4;8;<;@;D;L;d;h;;;;;;;;;;;;;;;;;;;;;;;;;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<\<t<x<<<<<<<<<<
=(=,=0=4=8=<=D=\=`=x=|=========
> >$><>@>X>\>t>x>>>>>>>>>
?$?<?@?X?\?t?x?????????
0 080H0L0P0T0X0\0d0|0000000000
1 1(1@1D1\1l1p111111111111111111111
2 2$2(2,2024282<2D2\2l2p22222222222222222
3,3<3@3P3T3X3\3`3d3h3l3t33333333333333
4 4$4(404H4X4\4`4d4l44444444444444444
5$5(5@5P5T5X5\5`5d5l555555555555555
6,60646<6T6X6p6t666666666666666666
7(787<7@7D7H7L7T7l7|77777777777777
8(8,8<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|88888888888888888888888888
9 90949D9H9X9\9l9p999999999999999999
: :8:H:L:P:T:X:\:p:t::::::::::::::::::
;$;(;,;0;4;8;<;D;\;`;x;;;;;;;;;;;;;;;;;;
<(<,<0<4<8<<<P<T<d<h<p<<0=P=X=`=l====
> >@>L>l>t>|>>>>>>>>>
? ?,?L?X?x???????
0(00080@0H0P0X0`0h0p0x0000000000 1@1H1P1X1`1h1p11111111
2 202D2L2d2p2222222
3$3,343@3d33333333333
484D4d4l4x444444
5,505P5p5555555
00040L0P0p0
2 2H2h222222
3<3\3|33333
4<4\44444
5d5555
6X666@7`77
9P999x:
;;;0<`<<<
===8>X>> ?|???
,0P000
VeriSign, Inc.10
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
140304000000Z
240303235959Z01
Symantec Corporation10
Symantec Trust Network1B0@
9Symantec Class 3 Extended Validation Code Signing CA - G20
 S|?~+G
| ^(\|
^[pxFR{I)
{n3aKE%D#6(y
(0&0$" 
http://s.symcb.com/pca3-g5.crl0
http://s.symcd.com0_
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0)
SymantecPKI-1-6290
u8*ZZL
(Nt|<qV
:_>dIAtA!
o8X~]`
<"j5c6
Symantec Corporation10
Symantec Trust Network1B0@
9Symantec Class 3 Extended Validation Code Signing CA - G20
150514000000Z
170507235959Z01
Delaware1
Private Organization1
27481291
California1
San Jose1$0"
Adobe Systems, Incorporated1
Acrobat DC1$0"
Adobe Systems, Incorporated0
)EAosTX.L
r5N1Bv
o&@V[F
Hhu|>3/O~l
US-Delaware-27481290
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0+
http://sw.symcb.com/sw.crl0
http://sw.symcd.com0'
http://sw1.symcb.com/sw.crt0
tc_\W?0dv
Oe8]>p
"y;[P's(:
cVe=AHG@
ShH<;SkYd
{Mf&[L
XV{%Y%
"C~5WwHM
Symantec Corporation10
Symantec Trust Network1B0@
9Symantec Class 3 Extended Validation Code Signing CA - G2
)<z<MWqt0.
4c|Mbk
c1V~0,
$PzYfG'aZQZO
20161223174146Z0
Symantec Corporation10
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G1
VeriSign, Inc.10
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation10
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
YYUOr]
K)).c?
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
/0-0+)'%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
@)]Vdq0*
LcH9@!n<
xlBna\RNkJz
T}qgQj
Symantec Corporation10
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
160112000000Z
270411235959Z01
Symantec Corporation10
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G10
o}%86(3u=
VyTfECDj
$xF_lBe
^nZ~n&
L6i\%0h
T0` H#
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
9070531/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-40
k`;X>2
5#buMx=$
$z_;o9?A_V
D<XXKpK
45tIR)
Symantec Corporation10
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
T}qgQj
161223174146Z0/
'J~dBX
/1(0&0$0"
[)[Ou)
6uTKyP_G
u]7:K|s*aP
iq^'K'{.#fZ
4?vxJLSd
NI*9AWZ*r
Comctl32.dll
@@Kernel32.dll
@@Comdlg32.dll
#32770
ATL:%p
AXWIN Frame Window
AXWIN UI Window
AtlAxWin120
WM_ATLGETHOST
WM_ATLGETCONTROL
Legal\
eula.ini
RightToLeft
labels
Software\Adobe\Acrobat Reader\DC\AdobeViewer
AtlAxWinLic120
@license.html
License Agreement
Accept
Decline
@HTML Files (*.HTML)
*.html
All Files (*.*)
License.html
DeclTitle
DeclText1
DeclText2
ERROR : Unable to initialize critical section in CAtlBaseModule
@@@@@@
@@@@@@
@@@@@@
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
Adobe Systems Incorporated
FileDescription
Eula display
FileVersion
15.23.20053.211670
InternalName
Eula.exe
LegalCopyright
Copyright 2010-2017 Adobe Systems Incorporated.  All rights reserved.
OriginalFilename
Eula.exe
ProductName
ProductVersion
15.23.20053.211670
VarFileInfo
Translation
Dialog
MS Shell Dlg
Decline
Accept
{8856F961-340A-11D0-A96B-00C04FD705A2}
Press the Accept button to agree to the License Agreement and continue.
Dialog
MS Shell Dlg
Decline
Accept
{8856F961-340A-11D0-A96B-00C04FD705A2}
Press the Accept button to agree to the License Agreement and continue.
Decline License Agreement
MS Shell Dlg
Are you sure you want to decline the End User License Agreement?
You must accept the End User License Agreement in order to use this product. To go back and accept the agreement, select the Back button. To decline, select Quit. 
Decline License Agreement
MS Shell Dlg
Are you sure you want to decline the End User License Agreement?
You must accept the End User License Agreement in order to use this product. To go back and accept the agreement, select the Back button. To decline, select Quit. 
<<<Obsolete>>
Adobe Acroba

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

ALYac	Trojan.Agent.DYAA
APEX	Malicious
AVG	Win32:Ipamor-B
Acronis	suspicious
Ad-Aware	Trojan.Agent.DYAA
AhnLab-V3	Win32/Ipamor.D
Arcabit	Trojan.Agent.DYAA
Avast	Win32:Ipamor-B
Avira	W32/Ipamor.B
BitDefender	Trojan.Agent.DYAA
BitDefenderTheta	Gen:Trojan.Heur.PT.hCZbbSVVCXkb
CAT-QuickHeal	Trojan.Agent
CMC	Virus.Win32.Ipamor!O
Comodo	Heur.Packed.MultiPacked@1z141z3
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.a82047
Cylance	Unsafe
Cyren	W32/Ipamor.D.gen!Eldorado
DrWeb	Win32.HLLP.Iparmor.35858
ESET-NOD32	a variant of Win32/Ipamor.G
Emsisoft	Trojan.Agent.DYAA (B)
Endgame	malicious (high confidence)
F-Prot	W32/Ipamor.D.gen!Eldorado
F-Secure	Malware.W32/Ipamor.B
FireEye	Generic.mg.9d68305a8204769f
Fortinet	W32/Ipamor.D
GData	Trojan.Agent.DYAA
Ikarus	Virus.Win32.Ipamor
Invincea	heuristic
Jiangmin	Trojan.Banker.Banbra.dbm
K7AntiVirus	Trojan ( 0048a3db1 )
K7GW	Trojan ( 0048a3db1 )
Kaspersky	Trojan-Banker.Win32.Banbra.vwsb
MAX	malware (ai score=81)
Malwarebytes	Trojan.Banker
McAfee	W32/Ipamor.b
McAfee-GW-Edition	BehavesLike.Win32.Ipamor.cc
MicroWorld-eScan	Trojan.Agent.DYAA
Microsoft	Virus:Win32/Ipamor.A
NANO-Antivirus	Trojan.Win32.Banbra.foobzy
Panda	Trj/Genetic.gen
Qihoo-360	HEUR/QVM18.1.01B7.Malware.Gen
Rising	Win32.MSWDM.b (TFE:1:6jJeoGVmUvT)
SentinelOne	DFI - Malicious PE
Sophos	W32/Ipamor-B
Symantec	W32.HLLP.Ipamor
Trapmine	malicious.high.ml.score
TrendMicro	PE_IPAMOR.E-O
TrendMicro-HouseCall	PE_IPAMOR.E-O
VBA32	Virus.Facepalm.231207