Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 26, 2021, 11:43 a.m. | May 26, 2021, 11:44 a.m. |
-
IMG_3615_763_8.exe C:\Users\test22\AppData\Local\Temp\IMG_3615_763_8.exe
1204
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
20.43.94.199 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | {u'size_of_data': u'0x00039600', u'virtual_address': u'0x00002000', u'entropy': 7.9400557132422165, u'name': u'.text', u'virtual_size': u'0x000394bc'} | entropy | 7.94005571324 | description | A section with a high entropy has been found | |||||||||
entropy | 0.925403225806 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Bypass DEP | rule | disable_dep |
host | 20.43.94.199 |
Elastic | malicious (high confidence) |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
Cybereason | malicious.f2e21e |
ESET-NOD32 | a variant of Win32/Injector.EPKO |
APEX | Malicious |
Sophos | Generic ML PUA (PUA) |
eGambit | Unsafe.AI_Score_99% |
GData | MSIL.Trojan.BSE.XNY6ZA |
BitDefenderTheta | Gen:NN.ZemsilCO.34692.pm0@amLPQQf |
Malwarebytes | Malware.AI.3778805661 |
Ikarus | Trojan.MSIL.Inject |
MaxSecure | Trojan.Malware.300983.susgen |