Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 8, 2021, 9:20 a.m. | July 8, 2021, 9:30 a.m. |
-
bin.exe "C:\Users\test22\AppData\Local\Temp\bin.exe"
1788
Name | Response | Post-Analysis Lookup |
---|---|---|
www.tokenizemortgage.com | 64.190.62.111 | |
www.optiao.club | 172.67.128.28 | |
www.captivatingpower.com |
CNAME
shops.myshopify.com
|
23.227.38.74 |
www.stackair.com |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.captivatingpower.com/gd5n/?8pp=03bz5JcmLhkK/7VMGmtHlfqgJZRzM8pcHaZCGIrZKaUQFLvPevS4ECc93DGk0zG6ZMfR1508&iB=Ch2p4J_0Id5xu | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.optiao.club/gd5n/?8pp=5QkX1/gLU4KjhadBhM0SoxDpbWhIrheAxeN0gI31BaKeE9/CXTmiHuZrE3HZvvpc04G5QmS6&iB=Ch2p4J_0Id5xu | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.tokenizemortgage.com/gd5n/?8pp=FOuzNm5cVvA1hM4ImFxyGIhOCZig314BbzGubiKJsfzRhRk+vE1suSoEpH6Dth31Mco5nG4L&iB=Ch2p4J_0Id5xu |
request | GET http://www.captivatingpower.com/gd5n/?8pp=03bz5JcmLhkK/7VMGmtHlfqgJZRzM8pcHaZCGIrZKaUQFLvPevS4ECc93DGk0zG6ZMfR1508&iB=Ch2p4J_0Id5xu |
request | GET http://www.optiao.club/gd5n/?8pp=5QkX1/gLU4KjhadBhM0SoxDpbWhIrheAxeN0gI31BaKeE9/CXTmiHuZrE3HZvvpc04G5QmS6&iB=Ch2p4J_0Id5xu |
request | GET http://www.tokenizemortgage.com/gd5n/?8pp=FOuzNm5cVvA1hM4ImFxyGIhOCZig314BbzGubiKJsfzRhRk+vE1suSoEpH6Dth31Mco5nG4L&iB=Ch2p4J_0Id5xu |
section | {u'size_of_data': u'0x0002c800', u'virtual_address': u'0x00001000', u'entropy': 7.401227568947362, u'name': u'.text', u'virtual_size': u'0x0002c608'} | entropy | 7.40122756895 | description | A section with a high entropy has been found | |||||||||
entropy | 1.0 | description | Overall entropy of this PE file is high |
host | 172.67.188.154 |
Bkav | W32.AIDetect.malware1 |
Lionic | Trojan.Win32.Noon.l!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Variant.Razy.679962 |
FireEye | Generic.mg.702b18b0650c0234 |
McAfee | GenericRXCD-ZZ!702B18B0650C |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 00536d121 ) |
Alibaba | Trojan:Win32/Formbook.b56a279f |
K7GW | Trojan ( 00536d121 ) |
Cybereason | malicious.0650c0 |
BitDefenderTheta | AI:Packer.3F5F296E1E |
Cyren | W32/Formbook.A.gen!Eldorado |
Symantec | Trojan.Formbook |
ESET-NOD32 | a variant of Win32/Formbook.AA |
APEX | Malicious |
Paloalto | generic.ml |
ClamAV | Win.Malware.Formbook-7399661-0 |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Gen:Variant.Razy.679962 |
NANO-Antivirus | Virus.Win32.Gen.ccmw |
Avast | Win32:Formbook-B [Trj] |
Tencent | Win32.Trojan.Crypt.Adkl |
Ad-Aware | Gen:Variant.Razy.679962 |
Sophos | ML/PE-A + Troj/Formbook-A |
DrWeb | Trojan.Siggen9.48175 |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TROJ_GEN.R002C0CG121 |
McAfee-GW-Edition | BehavesLike.Win32.VirRansom.cc |
Emsisoft | Trojan.Formbook (A) |
SentinelOne | Static AI - Malicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
Avira | TR/Crypt.ZPACK.Gen |
MAX | malware (ai score=100) |
Microsoft | Trojan:Win32/Formbook!MTB |
Arcabit | Trojan.Razy.DA601A |
GData | Gen:Variant.Razy.679962 |
Cynet | Malicious (score: 100) |
Acronis | suspicious |
ALYac | Gen:Variant.Razy.679962 |
VBA32 | BScope.TrojanPSW.Banker |
Malwarebytes | Malware.Heuristic.1004 |
TrendMicro-HouseCall | TROJ_GEN.R002C0CG121 |
Rising | Stealer.Formbook!1.C470 (CLASSIC) |
Ikarus | Trojan-Spy.FormBook |
eGambit | Unsafe.AI_Score_94% |
Fortinet | W32/GenKryptik.AYEB!tr |
AVG | Win32:Formbook-B [Trj] |
CrowdStrike | win/malicious_confidence_100% (W) |