Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 24, 2021, 6:50 p.m. | June 24, 2021, 6:56 p.m. |
-
download.php "C:\Users\test22\AppData\Local\Temp\download.php"
2288
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | CODE |
section | DATA |
section | BSS |
section | .aspack |
section | .adata |
packer | ASPack v2.12 -> Alexey Solodovnikov |
name | RT_ICON | language | LANG_KOREAN | filetype | data | sublanguage | SUBLANG_KOREAN | offset | 0x0001a15c | size | 0x000008a8 | ||||||||||||||||||
name | RT_ICON | language | LANG_KOREAN | filetype | data | sublanguage | SUBLANG_KOREAN | offset | 0x0001a15c | size | 0x000008a8 | ||||||||||||||||||
name | RT_DIALOG | language | LANG_KOREAN | filetype | empty | sublanguage | SUBLANG_KOREAN | offset | 0x00017750 | size | 0x00000076 | ||||||||||||||||||
name | RT_DIALOG | language | LANG_KOREAN | filetype | empty | sublanguage | SUBLANG_KOREAN | offset | 0x00017750 | size | 0x00000076 | ||||||||||||||||||
name | RT_DIALOG | language | LANG_KOREAN | filetype | empty | sublanguage | SUBLANG_KOREAN | offset | 0x00017750 | size | 0x00000076 | ||||||||||||||||||
name | RT_DIALOG | language | LANG_KOREAN | filetype | empty | sublanguage | SUBLANG_KOREAN | offset | 0x00017750 | size | 0x00000076 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_KOREAN | filetype | data | sublanguage | SUBLANG_KOREAN | offset | 0x0001a138 | size | 0x00000022 |
section | {u'size_of_data': u'0x00007200', u'virtual_address': u'0x00001000', u'entropy': 7.981390066403979, u'name': u'CODE', u'virtual_size': u'0x0000e000'} | entropy | 7.9813900664 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00000400', u'virtual_address': u'0x0000f000', u'entropy': 7.03888112995485, u'name': u'DATA', u'virtual_size': u'0x00001000'} | entropy | 7.03888112995 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00000600', u'virtual_address': u'0x00011000', u'entropy': 6.802273252168267, u'name': u'.idata', u'virtual_size': u'0x00001000'} | entropy | 6.80227325217 | description | A section with a high entropy has been found | |||||||||
entropy | 0.729411764706 | description | Overall entropy of this PE file is high |
host | 172.217.25.14 |
Bkav | W32.AIDetect.malware1 |
Cylance | Unsafe |
K7AntiVirus | Riskware ( 0040eff71 ) |
K7GW | Riskware ( 0040eff71 ) |
APEX | Malicious |
Paloalto | generic.ml |
Jiangmin | Trojan/Generic.aqscn |
Gridinsoft | Trojan.Win32.Agent.vb!s1 |
Microsoft | Program:Win32/Wacapew.C!ml |
VBA32 | Trojan.MulDrop |
Malwarebytes | Malware.AI.3356647701 |
Yandex | Backdoor.Agent!JpE4mAkYxXE |
Ikarus | Trojan.Gendal |
MaxSecure | Trojan.Malware.300983.susgen |
CrowdStrike | win/malicious_confidence_60% (W) |