Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 2, 2021, 4:40 p.m. | July 2, 2021, 4:42 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
ref.tbfull.com | 39.103.200.111 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
packer | Armadillo v1.71 |
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00062f70 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00062f70 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00062f70 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00062f70 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00062f70 | size | 0x00000468 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000633d8 | size | 0x00000022 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000633d8 | size | 0x00000022 | ||||||||||||||||||
name | RT_MANIFEST | language | LANG_CHINESE | filetype | XML 1.0 document text | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00063400 | size | 0x0000028b |
file | C:\Windows\System32\Dtldt.exe |
cmdline | C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\test22\AppData\Local\Temp\spool.exe > nul |
file | C:\Users\test22\AppData\Local\Temp\spool.exe |
section | {u'size_of_data': u'0x0005f000', u'virtual_address': u'0x00001000', u'entropy': 7.865582749715651, u'name': u'.data', u'virtual_size': u'0x0005efee'} | entropy | 7.86558274972 | description | A section with a high entropy has been found | |||||||||
entropy | 0.964467005076 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\test22\AppData\Local\Temp\spool.exe > nul |
cmdline | ping -n 2 127.0.0.1 |
host | 150.158.157.34 | |||
host | 172.217.25.14 |
service_name | Jqiyhx Qxpgx | service_path | C:\Windows\System32\Dtldt.exe -auto |
Bkav | W32.AIDetect.malware1 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | DeepScan:Generic.Keylogger.2.3376591A |
FireEye | Generic.mg.bd5693ff7ade6c14 |
ALYac | DeepScan:Generic.Keylogger.2.3376591A |
Cylance | Unsafe |
VIPRE | Trojan.Win32.Generic!BT |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 0055d49e1 ) |
BitDefender | DeepScan:Generic.Keylogger.2.3376591A |
K7GW | Trojan ( 0055d49e1 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | DeepScan:Generic.Keylogger.2.3376591A |
BitDefenderTheta | AI:Packer.1E6035A91F |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Farfli.CTT |
APEX | Malicious |
Avast | Win32:BackdoorX-gen [Trj] |
Kaspersky | Backdoor.Win32.Farfli.bvyp |
Alibaba | Backdoor:Win32/Farfli.8adb5e2b |
NANO-Antivirus | Trojan.Win32.Farfli.hitbri |
Rising | Trojan.Generic@ML.100 (RDML:ZIMIPn0l+OY5llnocRyEJA) |
Ad-Aware | DeepScan:Generic.Keylogger.2.3376591A |
Emsisoft | DeepScan:Generic.Keylogger.2.3376591A (B) |
DrWeb | Trojan.Rootkit.22030 |
TrendMicro | TROJ_GEN.R002C0PFR21 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.fc |
Sophos | ML/PE-A + Mal/SwiftG-X |
SentinelOne | Static AI - Malicious PE |
Jiangmin | Heur:TrojanDropper.TDSS |
Avira | TR/Crypt.XPACK.Gen |
MAX | malware (ai score=84) |
Microsoft | HackTool:Win32/Mimikatz!atmn |
ZoneAlarm | HEUR:Backdoor.Win32.Generic |
GData | DeepScan:Generic.Keylogger.2.3376591A |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Malware/Win32.RL_Generic.R333274 |
Acronis | suspicious |
McAfee | GenericRXKB-WQ!BD5693FF7ADE |
VBA32 | BScope.Backdoor.Farfli |
Malwarebytes | Malware.AI.1358604974 |
Panda | Generic Suspicious |
TrendMicro-HouseCall | TROJ_GEN.R002C0PFR21 |
Tencent | Win32.Backdoor.Farfli.Phgg |
Yandex | Backdoor.Farfli!W+Mb7VQS57w |
Ikarus | Backdoor.Win32.Shiz |
Fortinet | W32/GenKryptik.DJUZ!tr |
MaxSecure | Trojan.Malware.300983.susgen |
AVG | Win32:BackdoorX-gen [Trj] |
Cybereason | malicious.f7ade6 |
dead_host | 192.168.56.102:49813 |
dead_host | 192.168.56.102:49818 |
dead_host | 192.168.56.102:49819 |
dead_host | 192.168.56.102:49816 |
dead_host | 39.103.200.111:14993 |
dead_host | 192.168.56.102:49814 |
dead_host | 192.168.56.102:49815 |