jgfz.jpg| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | June 17, 2021, 1:17 p.m. | June 17, 2021, 1:19 p.m. |
-
jgfz.jpg "C:\Users\test22\AppData\Local\Temp\jgfz.jpg"
3324
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| section | .aspack |
| section | .adata |
| packer | ASPack v2.12 -> Alexey Solodovnikov |
| name | RT_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00008460 | size | 0x000025a8 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000844c | size | 0x00000014 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00008218 | size | 0x00000234 | ||||||||||||||||||
| name | RT_MANIFEST | language | LANG_CHINESE | filetype | XML 1.0 document, ASCII text, with very long lines, with no line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00008048 | size | 0x000001cd | ||||||||||||||||||
| host | 172.217.25.14 | |||
| regkey | HKEY_CURRENT_USER\Software\FlySky\E\Install |
| Cynet | Malicious (score: 100) |
| Malwarebytes | Malware.AI.2494098217 |
| Cybereason | malicious.db600b |
| Cyren | W32/Trojan.VZXV-0476 |
| Paloalto | generic.ml |
| NANO-Antivirus | Trojan.Win32.Drop.dlhwif |
| McAfee-GW-Edition | BehavesLike.Win32.Kudj.lm |
| FireEye | Generic.mg.51c10802ed8cbcb4 |
| Sophos | Generic ML PUA (PUA) |
| APEX | Malicious |
| Jiangmin | RiskTool.FlyStudio.awa |
| Antiy-AVL | Trojan/Generic.ASMalwS.1B32082 |
| Microsoft | Trojan:Win32/Wacatac.B!ml |
| McAfee | Artemis!51C10802ED8C |
| VBA32 | Trojan.KillFiles |
| Cylance | Unsafe |
| Ikarus | Trojan.StartPage |
| Fortinet | W32/FlyStudio.C!tr |