Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 17, 2021, 1:17 p.m. | June 17, 2021, 1:19 p.m. |
-
jgfz.jpg "C:\Users\test22\AppData\Local\Temp\jgfz.jpg"
3324
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .aspack |
section | .adata |
packer | ASPack v2.12 -> Alexey Solodovnikov |
name | RT_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00008460 | size | 0x000025a8 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000844c | size | 0x00000014 | ||||||||||||||||||
name | RT_VERSION | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00008218 | size | 0x00000234 | ||||||||||||||||||
name | RT_MANIFEST | language | LANG_CHINESE | filetype | XML 1.0 document, ASCII text, with very long lines, with no line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00008048 | size | 0x000001cd |
host | 172.217.25.14 |
regkey | HKEY_CURRENT_USER\Software\FlySky\E\Install |
Cynet | Malicious (score: 100) |
Malwarebytes | Malware.AI.2494098217 |
Cybereason | malicious.db600b |
Cyren | W32/Trojan.VZXV-0476 |
Paloalto | generic.ml |
NANO-Antivirus | Trojan.Win32.Drop.dlhwif |
McAfee-GW-Edition | BehavesLike.Win32.Kudj.lm |
FireEye | Generic.mg.51c10802ed8cbcb4 |
Sophos | Generic ML PUA (PUA) |
APEX | Malicious |
Jiangmin | RiskTool.FlyStudio.awa |
Antiy-AVL | Trojan/Generic.ASMalwS.1B32082 |
Microsoft | Trojan:Win32/Wacatac.B!ml |
McAfee | Artemis!51C10802ED8C |
VBA32 | Trojan.KillFiles |
Cylance | Unsafe |
Ikarus | Trojan.StartPage |
Fortinet | W32/FlyStudio.C!tr |