Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 24, 2021, 6:50 p.m.	June 24, 2021, 7:03 p.m.

Size	1.6MB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0ae26770b96b47165c58ed621143d439`
SHA256	`9cfe68bda9f84af57673caee7fcb737e6edbaef0b1385de2f1e5c9083a446351`
CRC32	`F2B70790`
ssdeep	`49152:u73fDYyWgxfSX71z2dlqkfaHnV7i4NbYpvU:u7vc3gxqL1zjTnV7i4apvU`
Yara	PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsDLL - (no description) IsPE32 - (no description)

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\dll.rar.dll,start
4244
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\dll.rar.dll,
8768

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch
212.22.85.147	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 24, 2021, 6:50 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.Arma

One or more processes crashed (3 events)

Time & API	Arguments	Status
__exception__ June 24, 2021, 6:50 p.m.	stacktrace: start+0x710746 dll+0x71ddf9 @ 0x1071ddf9 start+0x741c86 dll+0x74f339 @ 0x1074f339 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x729bd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1414ed rundll32+0x1baf @ 0x141baf rundll32+0x12e8 @ 0x1412e8 rundll32+0x1901 @ 0x141901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: eb 09 0f 9e 0c 6b a6 18 6f 76 61 c3 e9 69 ff ff exception.instruction: jmp 0x10672fd5 exception.exception_code: 0x80000003 exception.symbol: start+0x665917 dll+0x672fca exception.address: 0x10672fca registers.esp: 2487248 registers.edi: 0 registers.eax: 0 registers.ebp: 2487292 registers.edx: 779032 registers.ebx: 6 registers.esi: 5595408 registers.ecx: 5595408	1
__exception__ June 24, 2021, 6:50 p.m.	stacktrace: exception.instruction_r: 8d 1c bd 00 00 00 00 eb d2 89 4d 00 86 df 66 0f exception.instruction: lea ebx, dword ptr [edi*4] exception.exception_code: 0x80000004 exception.symbol: start+0x69b37b dll+0x6a8a2e exception.address: 0x106a8a2e registers.esp: 2486260 registers.edi: 275428184 registers.eax: 275148957 registers.ebp: 2486496 registers.edx: 3094685427 registers.ebx: 1100546646 registers.esi: 2486260 registers.ecx: 3879984074	1
__exception__ June 24, 2021, 6:50 p.m.	stacktrace: rundll32+0x1326 @ 0x141326 rundll32+0x1901 @ 0x141901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 17 83 c7 04 49 74 af ba ff fe fe 7e 8b 06 03 exception.instruction: mov dword ptr [edi], edx exception.exception_code: 0xc0000005 exception.symbol: start+0x10696 dll+0x1dd49 exception.address: 0x1001dd49 registers.esp: 2489076 registers.edi: 5363520 registers.eax: 2130246910 registers.ebp: 2489236 registers.edx: 3250896545 registers.ebx: 64 registers.esi: 268638468 registers.ecx: 16	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 4865 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x71f81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x740f1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 region_size: 1310720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 region_size: 1576960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 region_size: 294912 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76aaa000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 24, 2021, 6:50 p.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d40000 process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x000ad400', u'virtual_address': u'0x00001000', u'entropy': 7.999686371992886, u'name': u'.text', u'virtual_size': u'0x00666000'}

entropy

7.99968637199

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x000efa00', u'virtual_address': u'0x00667000', u'entropy': 7.587950801219693, u'name': u'.Arma', u'virtual_size': u'0x000f0000'}

entropy

7.58795080122

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00001000', u'virtual_address': u'0x0075a000', u'entropy': 7.982072279348737, u'name': u'.Arma', u'virtual_size': u'0x00001000'}

entropy

7.98207227935

description

A section with a high entropy has been found

entropy

0.998492159228

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (2 events)

host	172.217.25.14
host	212.22.85.147

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34017347
FireEye	Generic.mg.0ae26770b96b4716
ALYac	Trojan.GenericKD.34017347
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 004b8a421 )
Alibaba	Packed:Win32/NoobyProtect.0904c65a
K7GW	Trojan ( 004b8a421 )
CrowdStrike	win/malicious_confidence_100% (D)
Arcabit	Trojan.Generic.D2071043
Invincea	Generic PUA HN (PUA)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Malware.Noobyprotect-6622929-0
Kaspersky	HEUR:Packed.Win32.Blackv.gen
BitDefender	Trojan.GenericKD.34017347
NANO-Antivirus	Trojan.Win32.Blackv.fomxft
AegisLab	Trojan.Win32.Generic.msN0
Avast	Win32:Malware-gen
Ad-Aware	Trojan.GenericKD.34017347
Emsisoft	Trojan.GenericKD.34017347 (B)
Comodo	Malware@#1575040vv5gta
F-Secure	Heuristic.HEUR/AGEN.1131523
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R007C0PFC20
McAfee-GW-Edition	BehavesLike.Win32.Spyware.tc
Sophos	Generic PUA HN (PUA)
Ikarus	PUA.NoobyProtect
Jiangmin	Packed.Blackv.foi
Avira	HEUR/AGEN.1131523
Antiy-AVL	HackTool/Win32.AGeneric
Microsoft	PUA:Win32/Vigua.A
ZoneAlarm	HEUR:Packed.Win32.Blackv.gen
GData	Win32.Riskware.NoobyProtect.B
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Blackv.C1937607
Acronis	suspicious
McAfee	Packed-LF!0AE26770B96B
MAX	malware (ai score=99)
VBA32	Trojan.Zpevdo
ESET-NOD32	a variant of Win32/Packed.NoobyProtect.L suspicious
TrendMicro-HouseCall	TROJ_GEN.R007C0PFC20
Rising	PUF.Vigua!8.10186 (TFE:3:DlLP3814fGN)
Yandex	Riskware.NoobyProtect!
SentinelOne	DFI - Malicious PE
MaxSecure	Trojan.Malware.10661653.susgen
Fortinet	W32/Generic_PUA_HN.LF!tr

dll.rar

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All