Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 24, 2021, 7:05 p.m. | June 24, 2021, 7:17 p.m. |
-
launcher_packed.img "C:\Users\test22\AppData\Local\Temp\launcher_packed.img"
5628
Name | Response | Post-Analysis Lookup |
---|---|---|
broseset.kro.kr | 139.99.89.153 | |
pccomd.kro.kr | 139.99.89.153 | |
rwtpt.kro.kr | 139.99.89.153 | |
rotpt.p-e.kr | 139.99.89.153 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | yB0G |
section | 8boXFi |
section | DNaERNM |
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002000.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002001.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002002.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002003.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002004.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002009.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002010.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002011.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002012.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002013.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002015.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002016.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002018.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002019.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002024.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002025.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002026.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00002027.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012000.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012001.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012002.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012003.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012004.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012009.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012010.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012011.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012012.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012013.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012015.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012016.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012018.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012019.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012024.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012025.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012026.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Character/00012027.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/BasicEff.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/CharacterEff.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/Direction.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/Direction1.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/Direction2.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/Direction3.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/Direction4.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/ItemEff.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/MapEff.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/OnUserEff.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/PetEff.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/SetEff.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/SetItemInfoEff.img | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://158.247.226.251/Effect/SkillName1.img |
request | GET http://rotpt.p-e.kr/ |
request | GET http://pccomd.kro.kr/ |
request | GET http://rwtpt.kro.kr/ |
request | GET http://broseset.kro.kr/ |
request | GET http://158.247.226.251/Character/00002000.img |
request | GET http://158.247.226.251/Character/00002001.img |
request | GET http://158.247.226.251/Character/00002002.img |
request | GET http://158.247.226.251/Character/00002003.img |
request | GET http://158.247.226.251/Character/00002004.img |
request | GET http://158.247.226.251/Character/00002009.img |
request | GET http://158.247.226.251/Character/00002010.img |
request | GET http://158.247.226.251/Character/00002011.img |
request | GET http://158.247.226.251/Character/00002012.img |
request | GET http://158.247.226.251/Character/00002013.img |
request | GET http://158.247.226.251/Character/00002015.img |
request | GET http://158.247.226.251/Character/00002016.img |
request | GET http://158.247.226.251/Character/00002018.img |
request | GET http://158.247.226.251/Character/00002019.img |
request | GET http://158.247.226.251/Character/00002024.img |
request | GET http://158.247.226.251/Character/00002025.img |
request | GET http://158.247.226.251/Character/00002026.img |
request | GET http://158.247.226.251/Character/00002027.img |
request | GET http://158.247.226.251/Character/00012000.img |
request | GET http://158.247.226.251/Character/00012001.img |
request | GET http://158.247.226.251/Character/00012002.img |
request | GET http://158.247.226.251/Character/00012003.img |
request | GET http://158.247.226.251/Character/00012004.img |
request | GET http://158.247.226.251/Character/00012009.img |
request | GET http://158.247.226.251/Character/00012010.img |
request | GET http://158.247.226.251/Character/00012011.img |
request | GET http://158.247.226.251/Character/00012012.img |
request | GET http://158.247.226.251/Character/00012013.img |
request | GET http://158.247.226.251/Character/00012015.img |
request | GET http://158.247.226.251/Character/00012016.img |
request | GET http://158.247.226.251/Character/00012018.img |
request | GET http://158.247.226.251/Character/00012019.img |
request | GET http://158.247.226.251/Character/00012024.img |
request | GET http://158.247.226.251/Character/00012025.img |
request | GET http://158.247.226.251/Character/00012026.img |
request | GET http://158.247.226.251/Character/00012027.img |
request | GET http://158.247.226.251/Effect/BasicEff.img |
request | GET http://158.247.226.251/Effect/CharacterEff.img |
request | GET http://158.247.226.251/Effect/Direction.img |
request | GET http://158.247.226.251/Effect/Direction1.img |
request | GET http://158.247.226.251/Effect/Direction2.img |
request | GET http://158.247.226.251/Effect/Direction3.img |
request | GET http://158.247.226.251/Effect/Direction4.img |
request | GET http://158.247.226.251/Effect/ItemEff.img |
request | GET http://158.247.226.251/Effect/MapEff.img |
request | GET http://158.247.226.251/Effect/OnUserEff.img |
name | RT_VERSION | language | LANG_KOREAN | filetype | data | sublanguage | SUBLANG_KOREAN | offset | 0x04ccbbc0 | size | 0x000002c8 |
section | {u'size_of_data': u'0x00448200', u'virtual_address': u'0x04884000', u'entropy': 7.99983731690658, u'name': u'8boXFi', u'virtual_size': u'0x00448200'} | entropy | 7.99983731691 | description | A section with a high entropy has been found | |||||||||
entropy | 0.915503678855 | description | Overall entropy of this PE file is high |
host | 158.247.226.251 | |||
host | 172.217.25.14 |
process | launcher_packed.img | useragent | InetURL/1.0 | ||||||
process | launcher_packed.img | useragent | tes |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\9000001.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\3502001.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\6230600.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\4300004.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\6500015.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8830001.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\7130020.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\8620018.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\8250023.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Character\00002001.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\3401011.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\9001016.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\8610024.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Effect\SkillName3.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8105004.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\4250001.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\4230122.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\1150001.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8300003.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8800004.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\5300001.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\8820009.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\9300037.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\6400002.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8810004.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\2230113.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\9300081.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8820010.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8210000.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\9300096.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8810016.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\9300063.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8140111.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\9300078.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\4300001.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\4230123.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\9200018.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8150101.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8641003.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8642010.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\7130101.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\4220000.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\8141300.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8642019.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Character\00002009.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\8810126.img |
file | C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\5130103.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\8642001.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\9300068.img |
file | C:\Users\test22\AppData\Local\Temp\Data\Mob\8620017.img |
Bkav | W32.AIDetect.malware1 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Variant.Zusy.386268 |
FireEye | Gen:Variant.Zusy.386268 |
McAfee | GenericRXAA-AA!AC04A63FBB82 |
Cylance | Unsafe |
VIPRE | Trojan.Crypt.Krap (v) |
BitDefenderTheta | Gen:NN.ZexaF.34758.@p0@amEDXtpO |
Cyren | W32/Agent.CYU.gen!Eldorado |
APEX | Malicious |
Avast | Win32:MalwareX-gen [Trj] |
BitDefender | Gen:Variant.Zusy.386268 |
Ad-Aware | Gen:Variant.Zusy.386268 |
Sophos | Generic ML PUA (PUA) |
Comodo | Packed.Win32.MNSP.Gen@2697wr |
Emsisoft | Gen:Variant.Zusy.386268 (B) |
Avira | TR/Crypt.ASPM.Gen |
Microsoft | Trojan:Win32/Caynamer.A!ml |
Gridinsoft | Trojan.Heur!.032524E1 |
GData | Gen:Variant.Zusy.386268 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win32.Agent.C108865 |
VBA32 | TScope.Malware-Cryptor.SB |
ALYac | Gen:Variant.Zusy.386268 |
MAX | malware (ai score=89) |
Rising | Malware.Heuristic!ET#94% (RDMK:cmRtazrygsFf9Ts86lFb4RzLT7kw) |
SentinelOne | Static AI - Suspicious PE |
AVG | Win32:MalwareX-gen [Trj] |
Panda | Trj/Genetic.gen |