Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | July 12, 2021, 5:59 p.m. | July 12, 2021, 6:01 p.m. |
-
VNPhone.exe "C:\Users\test22\AppData\Local\Temp\VNPhone.exe"
2216 -
explorer.exe C:\Windows\Explorer.EXE
1848
Name | Response | Post-Analysis Lookup |
---|---|---|
cdn.poopycloud.com | 188.124.36.145 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | POST method with no referer header | suspicious_request | POST https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=FIRST_REQUEST | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=INFO | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=REQUEST |
request | POST https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=FIRST_REQUEST |
request | GET https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=FIRST_REQUEST&AspxAutoDetectCookieSupport=1 |
request | POST https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=INFO |
request | POST https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=REQUEST |
request | POST https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=FIRST_REQUEST |
request | POST https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=INFO |
request | POST https://cdn.poopycloud.com/timeout/voip.aspx?guid=7C6024AD&v=1.7&cg=REQUEST |
description | VNPhone.exe tried to sleep 120 seconds, actually delayed analysis time by 120 seconds |
name | RT_VERSION | language | None | filetype | data | sublanguage | SUBLANG_ARABIC_YEMEN | offset | 0x0009bad8 | size | 0x00000270 |
file | C:\Users\test22\AppData\Local\Temp\nsg63A6.tmp\System.dll |
file | C:\Users\test22\AppData\Local\Temp\nsg63A6.tmp\System.dll |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MobileSrv.exe |
wmi |
MicroWorld-eScan | Trojan.GenericKD.37214946 |
McAfee | Artemis!FCA673821522 |
Sangfor | Trojan.Win32.Scar.gen |
Alibaba | Trojan:Win32/GenCBL.ef04ae4f |
K7GW | Trojan ( 0057e5db1 ) |
K7AntiVirus | Trojan ( 0057e5db1 ) |
Arcabit | Trojan.Generic.D237DAE2 |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | a variant of Win32/GenCBL.AMS |
Kaspersky | HEUR:Trojan.Win32.Scar.gen |
BitDefender | Trojan.GenericKD.37214946 |
Avast | Win32:DangerousSig [Trj] |
Ad-Aware | Trojan.GenericKD.37214946 |
Emsisoft | MalCert-S.KU (A) |
DrWeb | Trojan.Siggen13.58094 |
McAfee-GW-Edition | Artemis!Trojan |
FireEye | Trojan.GenericKD.37214946 |
Sophos | Mal/Generic-S |
Avira | TR/AD.NsisInject.jggmr |
MAX | malware (ai score=87) |
GData | Trojan.GenericKD.37214946 |
ALYac | Trojan.GenericKD.37214946 |
TrendMicro-HouseCall | TROJ_GEN.R002H0DG921 |
AVG | Win32:DangerousSig [Trj] |
Panda | Trj/CI.A |
Qihoo-360 | Win32/Trojan.Generic.HoMASYEA |