Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 9, 2021, 4:55 p.m. | April 9, 2021, 4:58 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .gfids |
section | {u'size_of_data': u'0x00005400', u'virtual_address': u'0x0000e000', u'entropy': 7.728914838630295, u'name': u'.rdata', u'virtual_size': u'0x0000531e'} | entropy | 7.72891483863 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00005800', u'virtual_address': u'0x00014000', u'entropy': 7.9439277584380195, u'name': u'.data', u'virtual_size': u'0x00005d20'} | entropy | 7.94392775844 | description | A section with a high entropy has been found | |||||||||
entropy | 0.263803680982 | description | Overall entropy of this PE file is high |
host | 172.217.25.14 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Variant.Razy.859016 |
ALYac | Trojan.Agent.Bazar |
Sangfor | Riskware.Win32.Wacapew.C |
BitDefender | Gen:Variant.Razy.859016 |
Symantec | Trojan.Gen.2 |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | Trojan.Win64.Zenpak.ki |
Avast | FileRepMetagen [Malware] |
Rising | Trojan.Zenpak!8.10372 (CLOUD) |
Ad-Aware | Gen:Variant.Razy.859016 |
Emsisoft | Gen:Variant.Razy.859016 (B) |
McAfee-GW-Edition | BehavesLike.Win64.CoinMiner.ch |
FireEye | Generic.mg.ffdff96a587983de |
GData | Gen:Variant.Razy.859016 |
Webroot | W32.Malware.Gen |
MAX | malware (ai score=86) |
Kingsoft | Win32.Troj.Generic_a.a.(kcloud) |
Microsoft | Trojan:Win32/Wacatac.B!ml |
Cynet | Malicious (score: 100) |
McAfee | RDN/Bazarcall |
Fortinet | W32/PossibleThreat |
AVG | FileRepMetagen [Malware] |
CrowdStrike | win/malicious_confidence_80% (W) |
Qihoo-360 | Win64/Trojan.Zenpak.HgEASSYA |