Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 13, 2021, 9:57 a.m.	April 13, 2021, 10:21 a.m.

Size	75.5KB
Type	PHP script, ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`5906b1fd9fb562ecb3c54a1ca1f6e50d`
SHA256	`3983ff02d45989af1d09ae13db0fdff6de1144614abca753cda74e77c50ad2d9`
CRC32	`BAB06153`
ssdeep	`1536:d8ivjRmK1+tpDEfT6aaRGpUhigu2aixg9t7p0UJ4Tb5KCyOtuS1LCta:dNmK1+tpkGhVu2aie0UJ435KaD0Y`
Yara	None matched

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "LbLUjM" C:\Users\test22\AppData\Local\Temp\40.jpg
9068

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

No Suricata Alerts

No Suricata TLS

host

172.217.25.14

Bkav	VEX.Webshell
CAT-QuickHeal	HTML.BackDoor.A
McAfee	PHP/BackDoor.a
Sangfor	Trojan.Generic-PHP.Save.b5d246ba
Symantec	PHP.Backdoor.Trojan
ESET-NOD32	PHP/PhpSpy.F
Baidu	PHP.Backdoor.WebShell.al
Avast	PHP:Agent-RV [Trj]
NANO-Antivirus	Trojan.Script.PHPShell.bgynzy
Tencent	Bk.YDWebShell.PHP.WebshellGen.11102132
F-Secure	Malware.PHP/Shell.AT
DrWeb	PHP.Spy.4
McAfee-GW-Edition	PHP/BackDoor.a
Jiangmin	Backdoor.PHP.Agent.a
Avira	PHP/Shell.AT
AegisLab	Trojan.Script.Generic.4!c
Microsoft	Trojan:PHP/R57Shell.A
Cynet	Malicious (score: 99)
AhnLab-V3	WebShell/PHP.Generic.S1330
Rising	Trojan.PhpSpy!8.D55 (TOPIS:E0:mNzl6Ks1geM)
Ikarus	Trojan.PHP.Phpspy
AVG	PHP:Agent-RV [Trj]
Qihoo-360	ex_webshell.php.backdoor.v

40.jpg