watchdog.exe

The executable uses a known packer (1 event)

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Creates executable files on the filesystem (1 event)

file	C:\Windows\windefender.exe

Drops a binary and executes it (1 event)

file	C:\Windows\windefender.exe

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section	{u'size_of_data': u'0x001e4e00', u'virtual_address': u'0x002b1000', u'entropy': 7.879271669074457, u'name': u'UPX1', u'virtual_size': u'0x001e5000'}				entropy	7.87927166907				description	A section with a high entropy has been found
entropy	0.999742268041				description	Overall entropy of this PE file is high

The executable is compressed using UPX (3 events)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX
section	UPX2				description	Section name indicates UPX

Communicates with host for which no DNS query was performed (2 events)

host	104.21.19.200
host	172.217.25.14

Creates known Jorik Trojan Files, Registry Keys and/or Mutexes (1 event)

file	C:\Windows\windefender.exe

Detects the presence of Wine emulator (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress April 23, 2021, 6:13 p.m.	ordinal: 0 function_address: 0x0018fe3d function_name: wine_get_version module: ntdll module_address: 0x773a0000		3221225785	0
LdrGetProcedureAddress April 23, 2021, 6:13 p.m.	ordinal: 0 function_address: 0x0018fe3d function_name: wine_get_version module: ntdll module_address: 0x773a0000		3221225785	0

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.MarutbotPTA.Trojan
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.6512ae7c9f36206f
CAT-QuickHeal	Trojan.Marut
McAfee	GenericRXAA-FA!6512AE7C9F36
Cylance	Unsafe
Zillya	Trojan.RanumBot.Win32.308
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0055a98e1 )
Alibaba	Trojan:Win32/RanumBot.405c2eb0
K7GW	Trojan ( 0055a98e1 )
Cybereason	malicious.c9f362
BitDefenderTheta	Gen:NN.ZexaF.34678.5nGfaSBVp6f
Cyren	W32/Trojan.NRHD-1969
ESET-NOD32	a variant of WinGo/RanumBot.J
TrendMicro-HouseCall	Trojan.Win32.GLUPTEBA.WLEE
Avast	FileRepMalware
Kaspersky	HEUR:Trojan.Win32.Marut.vho
BitDefender	Trojan.GenericKD.36261419
NANO-Antivirus	Trojan.Win32.Marut.hsnadn
Paloalto	generic.ml
AegisLab	Trojan.Win32.Marut.4!c
MicroWorld-eScan	Trojan.GenericKD.36261419
Tencent	Win32.Trojan-dropper.Convagent.Wlyw
Ad-Aware	Trojan.GenericKD.36261419
Sophos	ML/PE-A
Comodo	Malware@#37jr6ytmzr2a4
DrWeb	Trojan.SpyBot.795
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Trojan.Win32.GLUPTEBA.WLEE
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
SentinelOne	Static AI - Suspicious PE
Emsisoft	Trojan.GenericKD.36261419 (B)
APEX	Malicious
Jiangmin	TrojanDropper.Agent.gjrl
Webroot	W32.Trojan.Gen
Avira	TR/Redcap.ullcl
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Ransom.Win32.Wacatac.vb
Microsoft	Trojan:Win32/RanumBot!MSR
GData	Trojan.GenericKD.36261419
AhnLab-V3	Trojan/Win32.RanumBot.C4227130
VBA32	Trojan.Marut
ALYac	Trojan.Agent.Ranumbot
MAX	malware (ai score=100)
Malwarebytes	Trojan.Ranumbot
Rising	Trojan.RanumBot!8.112AC (CLOUD)
Yandex	Trojan.Marut!aoCxZZG8cmU
Ikarus	Trojan.WinGo.Ranumbot