Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 13, 2021, 9:57 a.m. | April 13, 2021, 10:21 a.m. |
-
cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "LbLUjM" C:\Users\test22\AppData\Local\Temp\40.jpg
9068
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
host | 172.217.25.14 |
Bkav | VEX.Webshell |
CAT-QuickHeal | HTML.BackDoor.A |
McAfee | PHP/BackDoor.a |
Sangfor | Trojan.Generic-PHP.Save.b5d246ba |
Symantec | PHP.Backdoor.Trojan |
ESET-NOD32 | PHP/PhpSpy.F |
Baidu | PHP.Backdoor.WebShell.al |
Avast | PHP:Agent-RV [Trj] |
NANO-Antivirus | Trojan.Script.PHPShell.bgynzy |
Tencent | Bk.YDWebShell.PHP.WebshellGen.11102132 |
F-Secure | Malware.PHP/Shell.AT |
DrWeb | PHP.Spy.4 |
McAfee-GW-Edition | PHP/BackDoor.a |
Jiangmin | Backdoor.PHP.Agent.a |
Avira | PHP/Shell.AT |
AegisLab | Trojan.Script.Generic.4!c |
Microsoft | Trojan:PHP/R57Shell.A |
Cynet | Malicious (score: 99) |
AhnLab-V3 | WebShell/PHP.Generic.S1330 |
Rising | Trojan.PhpSpy!8.D55 (TOPIS:E0:mNzl6Ks1geM) |
Ikarus | Trojan.PHP.Phpspy |
AVG | PHP:Agent-RV [Trj] |
Qihoo-360 | ex_webshell.php.backdoor.v |