Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 11, 2021, 10:51 a.m. | June 11, 2021, 11:03 a.m. |
-
Document1 - Microsoft Word.docx.exe "C:\Users\test22\AppData\Local\Temp\Document1 - Microsoft Word.docx.exe"
2952-
-
iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3916 CREDAT:145409
5168 -
iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3916 CREDAT:79875
1904
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1848
IP Address | Status | Action |
---|---|---|
117.18.232.200 | Active | Moloch |
142.250.199.67 | Active | Moloch |
142.250.204.109 | Active | Moloch |
142.250.204.99 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.161.182 | Active | Moloch |
172.217.174.202 | Active | Moloch |
172.217.25.14 | Active | Moloch |
216.58.220.206 | Active | Moloch |
59.18.30.209 | Active | Moloch |
59.18.35.205 | Active | Moloch |
59.18.49.83 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49825 216.58.220.206:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com | 9d:69:c5:54:30:b2:d0:84:13:b8:4f:65:af:db:c3:18:4f:35:2b:5a |
TLSv1 192.168.56.102:49824 216.58.220.206:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com | 9d:69:c5:54:30:b2:d0:84:13:b8:4f:65:af:db:c3:18:4f:35:2b:5a |
TLSv1 192.168.56.102:49828 172.217.161.182:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=edgestatic.com | 92:9f:7b:0c:6f:d8:c6:f4:a4:45:65:7f:d6:38:24:88:79:dd:ae:14 |
TLSv1 192.168.56.102:49829 172.217.161.182:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=edgestatic.com | 92:9f:7b:0c:6f:d8:c6:f4:a4:45:65:7f:d6:38:24:88:79:dd:ae:14 |
TLSv1 192.168.56.102:49831 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49832 172.217.174.202:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | 0c:b8:82:34:93:46:2b:86:b2:28:eb:7c:42:37:d1:9c:24:93:05:62 |
TLSv1 192.168.56.102:49833 172.217.174.202:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | 0c:b8:82:34:93:46:2b:86:b2:28:eb:7c:42:37:d1:9c:24:93:05:62 |
TLSv1 192.168.56.102:49826 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49827 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49830 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49834 142.250.204.99:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 8e:1d:aa:2d:91:c8:61:04:77:65:7f:07:fe:a3:24:81:05:31:84:87 |
TLSv1 192.168.56.102:49835 142.250.204.99:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 8e:1d:aa:2d:91:c8:61:04:77:65:7f:07:fe:a3:24:81:05:31:84:87 |
TLSv1 192.168.56.102:49841 59.18.35.205:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49840 59.18.35.205:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49836 142.250.204.99:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 8e:1d:aa:2d:91:c8:61:04:77:65:7f:07:fe:a3:24:81:05:31:84:87 |
TLSv1 192.168.56.102:49838 142.250.204.99:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 8e:1d:aa:2d:91:c8:61:04:77:65:7f:07:fe:a3:24:81:05:31:84:87 |
TLSv1 192.168.56.102:49844 142.250.204.109:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=accounts.google.com | 82:f2:63:96:17:cb:b0:24:89:aa:8d:14:32:53:98:6e:a1:2b:17:97 |
TLSv1 192.168.56.102:49839 59.18.35.205:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49846 142.250.199.67:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 54:06:19:45:ff:99:47:3c:1d:59:41:96:a7:e7:ac:d0:e0:ee:10:8a |
TLSv1 192.168.56.102:49837 142.250.204.99:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 8e:1d:aa:2d:91:c8:61:04:77:65:7f:07:fe:a3:24:81:05:31:84:87 |
TLSv1 192.168.56.102:49845 142.250.204.109:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=accounts.google.com | 82:f2:63:96:17:cb:b0:24:89:aa:8d:14:32:53:98:6e:a1:2b:17:97 |
TLSv1 192.168.56.102:49857 216.58.220.206:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com | 9d:69:c5:54:30:b2:d0:84:13:b8:4f:65:af:db:c3:18:4f:35:2b:5a |
TLSv1 192.168.56.102:49860 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49861 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49863 172.217.161.182:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=edgestatic.com | 92:9f:7b:0c:6f:d8:c6:f4:a4:45:65:7f:d6:38:24:88:79:dd:ae:14 |
TLSv1 192.168.56.102:49862 172.217.161.182:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=edgestatic.com | 92:9f:7b:0c:6f:d8:c6:f4:a4:45:65:7f:d6:38:24:88:79:dd:ae:14 |
TLSv1 192.168.56.102:49874 59.18.30.209:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49865 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49866 172.217.174.202:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | 0c:b8:82:34:93:46:2b:86:b2:28:eb:7c:42:37:d1:9c:24:93:05:62 |
TLSv1 192.168.56.102:49867 172.217.174.202:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | 0c:b8:82:34:93:46:2b:86:b2:28:eb:7c:42:37:d1:9c:24:93:05:62 |
TLSv1 192.168.56.102:49870 142.250.204.99:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 8e:1d:aa:2d:91:c8:61:04:77:65:7f:07:fe:a3:24:81:05:31:84:87 |
TLSv1 192.168.56.102:49873 59.18.30.209:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49876 142.250.204.99:443 |
None | None | None |
TLSv1 192.168.56.102:49880 142.250.204.109:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=accounts.google.com | 82:f2:63:96:17:cb:b0:24:89:aa:8d:14:32:53:98:6e:a1:2b:17:97 |
TLSv1 192.168.56.102:49879 142.250.204.109:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=accounts.google.com | 82:f2:63:96:17:cb:b0:24:89:aa:8d:14:32:53:98:6e:a1:2b:17:97 |
TLSv1 192.168.56.102:49887 142.250.199.67:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 54:06:19:45:ff:99:47:3c:1d:59:41:96:a7:e7:ac:d0:e0:ee:10:8a |
TLSv1 192.168.56.102:49872 142.250.204.99:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 8e:1d:aa:2d:91:c8:61:04:77:65:7f:07:fe:a3:24:81:05:31:84:87 |
TLSv1 192.168.56.102:49871 142.250.204.99:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com | 8e:1d:aa:2d:91:c8:61:04:77:65:7f:07:fe:a3:24:81:05:31:84:87 |
TLSv1 192.168.56.102:49893 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49895 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49897 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49894 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49858 216.58.220.206:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com | 9d:69:c5:54:30:b2:d0:84:13:b8:4f:65:af:db:c3:18:4f:35:2b:5a |
TLSv1 192.168.56.102:49864 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49875 59.18.30.209:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49898 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49877 142.250.204.99:443 |
None | None | None |
TLSv1 192.168.56.102:49892 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49900 59.18.49.83:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49904 142.250.204.109:443 |
None | None | None |
TLSv1 192.168.56.102:49901 59.18.49.83:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49917 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49916 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49919 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49918 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49927 142.250.204.109:443 |
None | None | None |
TLSv1 192.168.56.102:49921 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49922 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49924 59.18.35.205:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49902 59.18.49.83:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49903 142.250.204.109:443 |
None | None | None |
TLSv1 192.168.56.102:49906 142.250.199.67:443 |
None | None | None |
TLSv1 192.168.56.102:49936 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49938 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49937 216.58.220.206:443 |
None | None | None |
TLSv1 192.168.56.102:49923 59.18.35.205:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49925 59.18.35.205:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googlevideo.com | e1:e2:fb:51:dd:6e:50:1d:f8:3a:fb:9e:57:b8:93:fa:dd:5f:41:2e |
TLSv1 192.168.56.102:49930 142.250.199.67:443 |
None | None | None |
TLSv1 192.168.56.102:49928 142.250.204.109:443 |
None | None | None |
pdb_path | C:\Users\HP\Desktop\Word Troll Malware\obj\Debug\Word Troll Malware.pdb |
request | GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml |
request | GET https://www.youtube.com/watch?v=Ml5L20bWCts |
request | GET https://www.youtube.com/s/desktop/8cab6c66/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js |
request | GET https://www.youtube.com/s/desktop/8cab6c66/jsbin/fetch-polyfill.vflset/fetch-polyfill.js |
request | GET https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210609.00.00&msg=%EA%B0%9C%EC%B2%B4%EA%B0%80%20%ED%95%84%EC%9A%94%ED%95%A9%EB%8B%88%EB%8B%A4.&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fdesktop%2F8cab6c66%2Fjsbin%2Fweb-animations-next-lite.min.vflset%2Fweb-animations-next-lite.min.js&line=68 |
request | GET https://i.ytimg.com/generate_204 |
request | GET https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210609.00.00&msg='MutationObserver'%EC%9D%B4(%EA%B0%80)%20%EC%A0%95%EC%9D%98%EB%90%98%EC%A7%80%20%EC%95%8A%EC%95%98%EC%8A%B5%EB%8B%88%EB%8B%A4.&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fdesktop%2F8cab6c66%2Fjsbin%2Fwebcomponents-all-noPatch.vflset%2Fwebcomponents-all-noPatch.js&line=67 |
request | GET https://www.youtube.com/s/desktop/8cab6c66/jsbin/webcomponents-all-noPatch.vflset/webcomponents-all-noPatch.js |
request | GET https://www.youtube.com/s/player/a0094ae9/www-player.css |
request | GET https://www.youtube.com/s/desktop/8cab6c66/cssbin/www-main-desktop-watch-page-skeleton.css |
request | GET https://www.youtube.com/s/desktop/8cab6c66/cssbin/www-main-desktop-player-skeleton.css |
request | GET https://www.youtube.com/s/desktop/8cab6c66/jsbin/www-i18n-constants-ko_KR.vflset/www-i18n-constants.js |
request | GET https://www.youtube.com/s/player/a0094ae9/player_ias.vflset/ko_KR/base.js |
request | GET https://www.youtube.com/s/desktop/8cab6c66/cssbin/www-onepick.css |
request | GET https://fonts.googleapis.com/css?family=Roboto:500,300,700,400|YouTube+Sans:400,500,700 |
request | GET https://r2---sn-3u-bh2le.googlevideo.com/generate_204?conn2 |
request | GET https://r2---sn-3u-bh2le.googlevideo.com/generate_204 |
request | GET https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff |
request | GET https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210609.00.00&msg='Uint8Array'%EC%9D%B4(%EA%B0%80)%20%EC%A0%95%EC%9D%98%EB%90%98%EC%A7%80%20%EC%95%8A%EC%95%98%EC%8A%B5%EB%8B%88%EB%8B%A4.&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fplayer%2Fa0094ae9%2Fplayer_ias.vflset%2Fko_KR%2Fbase.js&line=5663 |
request | GET https://www.youtube.com/s/desktop/8cab6c66/jsbin/spf.vflset/spf.js |
request | GET https://www.youtube.com/s/desktop/8cab6c66/jsbin/network.vflset/network.js |
request | GET https://www.youtube.com/s/desktop/8cab6c66/jsbin/desktop_polymer_legacy_browsers.vflset/desktop_polymer_legacy_browsers.js |
request | GET https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=ko |
request | GET https://www.youtube.com/s/desktop/8cab6c66/img/favicon.ico |
request | GET https://www.youtube.com/watch?v=ZO2GU7cRrA8 |
request | GET https://www.youtube.com/s/desktop/8cab6c66/jsbin/scheduler.vflset/scheduler.js |
request | GET https://r6---sn-3u-bh2lr.googlevideo.com/generate_204?conn2 |
request | GET https://r6---sn-3u-bh2lr.googlevideo.com/generate_204 |
request | GET https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff |
request | GET https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff |
request | GET https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff |
request | GET https://www.youtube.com/watch?v=Z1nufRLDQMU |
request | GET https://r8---sn-3u-bh2el.googlevideo.com/generate_204?conn2 |
request | GET https://r8---sn-3u-bh2el.googlevideo.com/generate_204 |
file | C:\Users\test22\Documents\Da Click Aquí (6).bat |
file | C:\Users\test22\Desktop\Anti-Virus (10).bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordMalware.lnk |
file | C:\Users\test22\Documents\Da Click Aquí (14).bat |
file | C:\Users\test22\Desktop\Infección (3).VBS |
file | C:\Users\test22\Desktop\Anti-Virus (2).bat |
file | C:\Users\test22\Pictures\Captura7.bat |
file | C:\Users\test22\Documents\HELP (13).VBS |
file | C:\Users\test22\Desktop\Infección (11).VBS |
file | C:\Users\test22\Documents\HELP (5).VBS |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WordMalware.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordMalware.lnk |
section | {u'size_of_data': u'0x00812000', u'virtual_address': u'0x00002000', u'entropy': 7.820027838681018, u'name': u'.text', u'virtual_size': u'0x00811f80'} | entropy | 7.82002783868 | description | A section with a high entropy has been found | |||||||||
entropy | 0.99476376768 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3916 CREDAT:79875 |
cmdline | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome |
cmdline | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3916 CREDAT:145409 |
host | 117.18.232.200 | |||
host | 172.217.25.14 |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordMalware.lnk |
McAfee | Artemis!55A8F69DA427 |
Sangfor | Malware |
CrowdStrike | win/malicious_confidence_60% (W) |
Alibaba | Trojan:MSIL/Kladun.3a99d7ca |
K7GW | Trojan ( 004b234c1 ) |
K7AntiVirus | Trojan ( 004b234c1 ) |
Cyren | W32/Trojan.AFPP-9106 |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Paloalto | generic.ml |
Cynet | Malicious (score: 85) |
Kaspersky | HEUR:Trojan.MSIL.Kladun.gen |
BitDefender | Gen:Variant.Razy.746665 |
NANO-Antivirus | Trojan.Win32.Kladun.hxxxck |
MicroWorld-eScan | Gen:Variant.Razy.746665 |
Avast | Win32:Malware-gen |
Tencent | Msil.Trojan.Kladun.Swlc |
Ad-Aware | Gen:Variant.Razy.746665 |
Emsisoft | Gen:Variant.Razy.746665 (B) |
F-Secure | Worm.WORM/Agent.odago |
DrWeb | Trojan.MulDrop15.61336 |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TROJ_GEN.R002C0WI320 |
McAfee-GW-Edition | Artemis!Trojan |
FireEye | Gen:Variant.Razy.746665 |
Sophos | Mal/Generic-S |
Ikarus | Worm.MSIL.Agent |
GData | Gen:Variant.Razy.746665 |
Jiangmin | Trojan.MSIL.qlul |
Avira | WORM/Agent.odago |
Arcabit | Trojan.Razy.DB64A9 |
AegisLab | Trojan.MSIL.Kladun.4!c |
ZoneAlarm | HEUR:Trojan.MSIL.Kladun.gen |
Microsoft | Trojan:MSIL/Shaosmine.aj!rfn |
ALYac | Gen:Variant.Razy.746665 |
MAX | malware (ai score=85) |
Cylance | Unsafe |
ESET-NOD32 | a variant of MSIL/Agent.VX |
TrendMicro-HouseCall | TROJ_GEN.R002C0WI320 |
Yandex | Trojan.Kladun!24+odmxq0Ic |
Fortinet | W32/Kladun.VX!tr |
BitDefenderTheta | Gen:NN.ZemsilCO.34700.@p0@aGr!qEk |
AVG | Win32:Malware-gen |
Cybereason | malicious.da4271 |
Panda | Trj/GdSda.A |
Qihoo-360 | Generic/Trojan.48d |