Number Of samples
1
Verified Malware Samples
Yes, this only contains malware
Threat Analysis report
https://www.hybrid-analysis.com/sample/39a9ac52de61022c426c6d0d8b2de3c8f97884355d3f1a2b26e7885e8ce42af1?environmentId=100
Disclaimer

This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Der.Reisende

Level 37
Content Creator
MWT-Tester
Verified
Joined
Dec 27, 2014
Messages
2,665
Operating System
Windows 10
Antivirus
Tencent
#3
Containment: Shadow Defender v1.4.0.680
Guest/OS: Win10 Home v1809 (Build 17763.195)
Product: Tencent PC Manager v12.3.26596.901 (Tencent Cloud Protection engine + Bitdefender Local Antivirus Engine)
Static (On-demand scan): 0/1
Dynamic (On execution): 1/1
Total: 1/1
SUD: Auto-SUD by TCPM BB
VPN: Windscribe v1.83 b18
System Status: clean
Files encrypted: no
update.png
static.png
Tencent PC Manager Global:
Realtime protection mode: Expert mode (Prompt upon detecting suspect actions)
File system protection level: High (monitor all file operations)
Action on threat detection: Choose action manually
Download Protection: Security prompt on dangerous files only
Scaner 30.12.scr triggers schtasks.exe and conhost.exe, meanwhile, it gets instantly intercepted and autoquarantined by TCPM BB. No further malicious traces, no AutoRuns. HIT.
run.png
PE.png TCP_PE.png autorun.png files.png 2o.png NPE_detail.png
Thank you @silversurfer for the file!
Norton Power Eraser (NPE) entries: Baidu registry entries belong to TPCM installation. The registry hijack for "openas\command" appears once an inital installation of TCPM has been in-app upgraded. It's safe.
 

Daniel Hidalgo

Level 33
MWT-Tester
Verified
Joined
Mar 17, 2015
Messages
2,262
Operating System
Windows 10
Antivirus
Kaspersky
#4
Containment: VMware® Workstation Pro 14.1.1 build-7528167 & Shadow Defender 1.4.0.672
Guest/OS: Windows 10 PRO RS5 build 1811 x64 bits
Product: McAfee Internet Security 2019 V. 16.0 (Default Settings)
Static (On-demand scan): 0/1
Dynamic (On execution): only the static scan with this product, the static and dynamic test with ESET at the moment
Total: 0/1
SUD: YES
VPN: Avira Phatom VPN v. 2.18.1.30309
System Status: PROTECTED
Files encrypted: NONE

1546211823338.png
1546214134922.png
1546214396535.png
Clean
1546210506086.png
 

Daniel Hidalgo

Level 33
MWT-Tester
Verified
Joined
Mar 17, 2015
Messages
2,262
Operating System
Windows 10
Antivirus
Kaspersky
#5
Containment: VMware® Workstation Pro 14.1.1 build-7528167 & Shadow Defender 1.4.0.672
Guest/OS: Windows 8.1 HOME build 9600 x64 bits
Product: ESET Internet Security 2019 V. 12.0.31.0 (Custom Settings)
Static (On-demand scan): 0/1
Dynamic (On execution): 1/1
Total: 1/1
SUD: YES
VPN: Avira Phatom VPN v. 2.18.1.30309
System Status: CLEAN
Files encrypted: NONE

Caputra de configuracion 1.png Caputra de configuracion 2.png Caputra de configuracion 3.png Caputra de configuracion 4.png Caputra de configuracion 5.png
1546215449897.png
1546215552211.png
Sample Scaner 30.12.scr HIT
Process Scaner 30.12.scr schtasks.exe and conhost.exe
Connections YES
Try to access the registry, to delete a key, however, ESET HIPS blocks access, causing an error in the execution, causing all the processes to finish, avoiding the infection


1546215906410.png 1546215924107.png 1546215943951.png
1546215633273.png
Remove Samples Folder
Run Ccleaner
Process Explorer: SAFE
Autoruns: SAFE
1546216590602.png
CLEAN
upload_2018-3-17_12-57-54.png
 

omidomi

Level 64
MWT-Tester
Verified
Joined
Apr 5, 2014
Messages
5,381
Operating System
Windows 8.1
Antivirus
Kaspersky
#6
Containment :Virtual Box 5.2.22
Guest/OS : Windows 7 Ultimate 86X
Product: WebRoot IS (9.0.24.37) - Default Setting
Static(On-demand scan): 0/1
Dynamic(On execution) : 0/1
Total :0/1
SUD : 1
VPN: Security Kiss Tunnel 0.3.2
File encrypted: No
Second Opinion Scanners: Clean
System Final Status:Not Clean
lets run sample,run in memory after seconds,crashed.
PE reported safe:

Autorun reported infected:

HMP & Zemana(custom,full) reported safe:


thanks for the sample