Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 12, 2021, 12:05 p.m.	May 12, 2021, 12:18 p.m.

Size	40.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1808130c6c566d8ecb43af894d4f873d`
SHA256	`534407733556dc9a993d73261613e4713d0a1b3c9b7f61ec5983e39a0641815e`
CRC32	`57704EF8`
ssdeep	`768:s9WsMWWlVif1fvBFmj4ZwpnwKjqoWTf7b2XdpG8ses30OwZA3Njnv:IWgWHi9fLnyp7ZWTz6XdU8lHOj`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)

savfx.exe "C:\Users\test22\AppData\Local\Temp\savfx.exe"
2208

Name	Response	Post-Analysis Lookup
ldvamlwhdpetnyn.ml	A 172.67.208.174 A 104.21.85.176	172.67.208.174

IP Address	Status	Action
104.21.85.176	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:57660 -> 164.124.101.2:53	2025106	ET INFO DNS Query for Suspicious .ml Domain	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA May 12, 2021, 12:05 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW May 12, 2021, 12:05 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 12, 2021, 12:05 p.m.			0	0
IsDebuggerPresent May 12, 2021, 12:05 p.m.			0	0
IsDebuggerPresent May 12, 2021, 12:05 p.m.			0	0
IsDebuggerPresent May 12, 2021, 12:05 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 12, 2021, 12:05 p.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ May 12, 2021, 12:05 p.m.	stacktrace: 0x74007d DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 38 00 68 ff ff ff 7f 6a 00 8b 8d 70 ff ff ff 8b exception.instruction: cmp byte ptr [eax], al exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x74052d registers.esp: 4125644 registers.edi: 38588652 registers.eax: 0 registers.ebp: 4125808 registers.edx: 37701 registers.ebx: 1 registers.esi: 38606320 registers.ecx: 38606320	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

May 12, 2021, 12:05 p.m.

stacktrace:

0x74007d
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 38 00 68 ff ff ff 7f 6a 00 8b 8d 70 ff ff ff 8b
exception.instruction: cmp byte ptr [eax], al
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x74052d
registers.esp: 4125644
registers.edi: 38588652
registers.eax: 0
registers.ebp: 4125808
registers.edx: 37701
registers.ebx: 1
registers.esi: 38606320
registers.ecx: 38606320

HTTP traffic contains suspicious features which may be indicative of malware related traffic (4 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E9016EAF0BF81460BF9945CE5449D7A1.html
suspicious_features	GET method with no useragent header	suspicious_request	GET http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-D81AC84B6212DE1116323F4E802355E6.html
suspicious_features	GET method with no useragent header	suspicious_request	GET http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-AC7B19FF32C64F7ABCE78DA696EEE6EC.html
suspicious_features	GET method with no useragent header	suspicious_request	GET http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-468148C620A22B5D67000517FAC984F3.html

Performs some HTTP requests (4 events)

request	GET http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E9016EAF0BF81460BF9945CE5449D7A1.html
request	GET http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-D81AC84B6212DE1116323F4E802355E6.html
request	GET http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-AC7B19FF32C64F7ABCE78DA696EEE6EC.html
request	GET http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-468148C620A22B5D67000517FAC984F3.html

Allocates read-write-execute memory (usually to unpack itself) (18 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 983040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00540000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fba1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fba2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 1966080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02260000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00412000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00740000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00545000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00547000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00436000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00437000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Moves the original executable to a new location (4 events)

Time & API	Arguments	Status	Return
MoveFileWithProgressW May 12, 2021, 12:05 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\user.config flags: 1 oldfilepath_r: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\vn0qtppl.newcfg newfilepath: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\user.config oldfilepath: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\vn0qtppl.newcfg	1	1
MoveFileWithProgressW May 12, 2021, 12:05 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\user.config flags: 1 oldfilepath_r: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\dhscswhh.newcfg newfilepath: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\user.config oldfilepath: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\dhscswhh.newcfg	1	1
MoveFileWithProgressW May 12, 2021, 12:05 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\user.config flags: 1 oldfilepath_r: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\imc2ba1e.newcfg newfilepath: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\user.config oldfilepath: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\imc2ba1e.newcfg	1	1
MoveFileWithProgressW May 12, 2021, 12:05 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\user.config flags: 1 oldfilepath_r: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\5gapm42a.newcfg newfilepath: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\user.config oldfilepath: C:\Users\test22\AppData\Local\㿆㿡㿧㿡㿳㾰㾹㿊㿤㾹㾲㿊㾱㾲㾷㿊㿂㿖㾰㾵㿤㾲㿴㾷㾴\savfx.exe_Url_okqgpzkfsdz4hwgcbrlztcqsfwcqcxe1\3.280.556.153\5gapm42a.newcfg	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses May 12, 2021, 12:05 p.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00009800', u'virtual_address': u'0x00002000', u'entropy': 6.920331358284107, u'name': u'.text', u'virtual_size': u'0x00009734'}

entropy

6.92033135828

description

A section with a high entropy has been found

entropy

0.95

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Elastic	malicious (high confidence)
DrWeb	Trojan.DownloaderNET.165
MicroWorld-eScan	Trojan.GenericKD.46200205
FireEye	Generic.mg.1808130c6c566d8e
CAT-QuickHeal	Trojan.Agensla
ALYac	Trojan.GenericKD.46200205
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 0057b97e1 )
Alibaba	Trojan:MSIL/Agensla.cbf44842
K7GW	Trojan-Downloader ( 0057b97e1 )
Cybereason	malicious.47a47a
BitDefenderTheta	Gen:NN.ZemsilCO.34688.cm0@aS9u2Ami
Cyren	W32/MSIL_Kryptik.ECN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.HVI
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
Kaspersky	HEUR:Trojan.MSIL.PowerShell.gen
BitDefender	Trojan.GenericKD.46200205
ViRobot	Trojan.Win32.Z.Agent.41472.ASC
Rising	Downloader.Agent!8.B23 (CLOUD)
Ad-Aware	Trojan.GenericKD.46200205
Emsisoft	Trojan.GenericKD.46200205 (B)
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0DDS21
McAfee-GW-Edition	RDN/Generic Downloader.x
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Dldr.Agent.zmjyv
MAX	malware (ai score=81)
Microsoft	Trojan:MSIL/Agensla.GE!MTB
Gridinsoft	Trojan.Win32.Downloader.sa
Arcabit	Trojan.Generic.D2C0F58D
AegisLab	Trojan.Win32.Generic.4!c
GData	Trojan.GenericKD.46200205
Cynet	Malicious (score: 100)
McAfee	RDN/Generic Downloader.x
Malwarebytes	Spyware.AgentTesla
TrendMicro-HouseCall	TROJ_GEN.R002C0DDS21
Tencent	Msil.Trojan.Powershell.Dvzs
Ikarus	Trojan.Inject
Fortinet	MSIL/Agent.HVE!tr.dldr
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (W)
MaxSecure	Trojan.Malware.74168641.susgen

savfx.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All