Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 1, 2021, 9:31 a.m. | April 1, 2021, 9:33 a.m. |
-
payment_03939.exe "C:\Users\test22\AppData\Local\Temp\payment_03939.exe"
1468
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .cuwu |
section | .new |
resource name | WEXE |
name | WEXE | language | LANG_TURKISH | filetype | ASCII text, with very long lines, with no line terminators | sublanguage | SUBLANG_DEFAULT | offset | 0x026dcaf0 | size | 0x00000bf7 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x026dc620 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x026dc620 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x026dc620 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x026dc620 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x026dc620 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x026dc620 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x026dc620 | size | 0x00000468 | ||||||||||||||||||
name | RT_DIALOG | language | LANG_TURKISH | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x026dd728 | size | 0x000000c8 | ||||||||||||||||||
name | RT_STRING | language | LANG_TURKISH | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x026ddc50 | size | 0x00000274 | ||||||||||||||||||
name | RT_STRING | language | LANG_TURKISH | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x026ddc50 | size | 0x00000274 | ||||||||||||||||||
name | RT_STRING | language | LANG_TURKISH | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x026ddc50 | size | 0x00000274 | ||||||||||||||||||
name | RT_ACCELERATOR | language | LANG_TURKISH | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x026dd6e8 | size | 0x00000040 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_TURKISH | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x026dca88 | size | 0x00000068 |
section | {u'size_of_data': u'0x00029200', u'virtual_address': u'0x00001000', u'entropy': 7.026967063901736, u'name': u'.text', u'virtual_size': u'0x000291b1'} | entropy | 7.0269670639 | description | A section with a high entropy has been found | |||||||||
entropy | 0.6955602537 | description | Overall entropy of this PE file is high |
Bkav | W32.AIDetect.malware1 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKD.45948209 |
FireEye | Generic.mg.b65ddd031511351f |
McAfee | Packed-GBF!B65DDD031511 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
CrowdStrike | win/malicious_confidence_100% (W) |
Alibaba | TrojanPSW:Win32/Recealer.93ef3f78 |
K7GW | Trojan ( 005797a11 ) |
K7AntiVirus | Trojan ( 005797a11 ) |
Cyren | W32/Kryptik.DRC.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Avast | Win32:PWSX-gen [Trj] |
ClamAV | Win.Malware.Generic-9846132-0 |
Kaspersky | VHO:Trojan-PSW.Win32.Convagent.gen |
BitDefender | Trojan.GenericKD.45948209 |
Paloalto | generic.ml |
AegisLab | Trojan.Win32.Convagent.i!c |
Ad-Aware | Trojan.GenericKD.45948209 |
Sophos | Mal/Generic-R + Troj/Kryptik-TR |
DrWeb | Trojan.Gozi.749 |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TROJ_GEN.R06CC0PCL21 |
McAfee-GW-Edition | BehavesLike.Win32.Trojan.dh |
Emsisoft | Trojan.GenericKD.45948209 (B) |
SentinelOne | Static AI - Suspicious PE |
GData | Trojan.GenericKD.45948209 |
Avira | TR/AD.Ursnif.slaiz |
Gridinsoft | Trojan.Heur!.02854021 |
Arcabit | Trojan.Generic.D2BD1D31 |
Microsoft | PWS:Win32/Recealer.GKM!MTB |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win32.Glupteba.R373406 |
Acronis | suspicious |
BitDefenderTheta | Gen:NN.ZexaF.34628.ouW@amPRwhnG |
ALYac | Trojan.GenericKD.45948209 |
MAX | malware (ai score=89) |
Malwarebytes | Trojan.MalPack.GS |
ESET-NOD32 | a variant of Win32/Kryptik.HKBD |
TrendMicro-HouseCall | TROJ_GEN.R06CC0PCL21 |
Rising | Trojan.Kryptik!1.D3F3 (CLOUD) |
Ikarus | Trojan.Crypt |
Fortinet | W32/Kryptik.HKBB!tr |
MaxSecure | Trojan.Malware.300983.susgen |
AVG | Win32:PWSX-gen [Trj] |
Panda | Trj/GdSda.A |
Qihoo-360 | Win32/TrojanPSW.Gozi.HwoCFKcA |