Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 3, 2021, 12:55 a.m. | Sept. 3, 2021, 12:57 a.m. |
-
2.exe "C:\Users\test22\AppData\Local\Temp\2.exe"
2948
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
packer | Armadillo v1.71 |
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00054650 | size | 0x00000128 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00054650 | size | 0x00000128 | ||||||||||||||||||
name | RT_DIALOG | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000542a8 | size | 0x000000bc | ||||||||||||||||||
name | RT_DIALOG | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000542a8 | size | 0x000000bc | ||||||||||||||||||
name | RT_STRING | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00054a60 | size | 0x0000003a | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00054778 | size | 0x00000022 | ||||||||||||||||||
name | RT_VERSION | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000547a0 | size | 0x000002c0 |
host | 139.196.224.137 |
Lionic | Trojan.Win32.Generic.mxIB |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.Cud.Gen.1 |
FireEye | Generic.mg.294fab1523dc3b50 |
CAT-QuickHeal | Trojan.Redosdru.18844 |
Cylance | Unsafe |
Zillya | Downloader.Agent.Win32.335022 |
Sangfor | Backdoor.Win32.Generic.ky |
K7AntiVirus | Trojan-Downloader ( 004fefdf1 ) |
Alibaba | Backdoor:Win32/Farfli.13c |
K7GW | Trojan-Downloader ( 004fefdf1 ) |
Cybereason | malicious.523dc3 |
Symantec | Downloader!gm |
ESET-NOD32 | a variant of Win32/TrojanDownloader.Agent.CWO |
APEX | Malicious |
Paloalto | generic.ml |
ClamAV | Win.Downloader.Farfli-6453698-0 |
Kaspersky | HEUR:Backdoor.Win32.Generic |
BitDefender | Trojan.Cud.Gen.1 |
Avast | Win32:Malware-gen |
Tencent | Malware.Win32.Gencirc.10b77a37 |
Ad-Aware | Trojan.Cud.Gen.1 |
TACHYON | Backdoor/W32.Agent.688196 |
Emsisoft | Trojan.Cud.Gen.1 (B) |
Comodo | TrojWare.Win32.TrojanDownloader.Farfli.CWO@7k0rzk |
DrWeb | Trojan.DownLoader36.59104 |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | BKDR_ZEGOST.SM17 |
McAfee-GW-Edition | Farfli!294FAB1523DC |
Sophos | Mal/Generic-S |
Ikarus | Trojan-Downloader.Win32.Farfli |
Jiangmin | Backdoor.Generic.ajkp |
Avira | HEUR/AGEN.1111749 |
Antiy-AVL | Trojan/Generic.ASMalwS.203D8BE |
Microsoft | TrojanDownloader:Win32/Farfli.F!bit |
Gridinsoft | Trojan.Win32.Downloader.sa |
Arcabit | Trojan.Cud.Gen.1 |
ViRobot | Trojan.Win32.Z.Farfli.688196 |
GData | Trojan.Cud.Gen.1 |
Cynet | Malicious (score: 99) |
AhnLab-V3 | Malware/Win32.RL_Generic.R369242 |
McAfee | Farfli!294FAB1523DC |
MAX | malware (ai score=86) |
VBA32 | BScope.TrojanDownloader.Farfli |
Malwarebytes | Backdoor.Farfli |
TrendMicro-HouseCall | BKDR_ZEGOST.SM17 |
Rising | Downloader.Agent!1.ABFC (CLASSIC) |
Yandex | Trojan.GenAsa!6HyyeQhbdKM |
SentinelOne | Static AI - Suspicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
dead_host | 192.168.56.101:49245 |
dead_host | 192.168.56.101:49222 |
dead_host | 192.168.56.101:49253 |
dead_host | 192.168.56.101:49202 |
dead_host | 192.168.56.101:49231 |
dead_host | 139.196.224.137:8080 |
dead_host | 192.168.56.101:49211 |
dead_host | 192.168.56.101:49242 |
dead_host | 192.168.56.101:49206 |
dead_host | 192.168.56.101:49219 |
dead_host | 192.168.56.101:49237 |
dead_host | 192.168.56.101:49250 |
dead_host | 192.168.56.101:49215 |
dead_host | 192.168.56.101:49246 |
dead_host | 192.168.56.101:49223 |
dead_host | 192.168.56.101:49254 |
dead_host | 192.168.56.101:49224 |
dead_host | 192.168.56.101:49234 |
dead_host | 192.168.56.101:49243 |
dead_host | 192.168.56.101:49197 |
dead_host | 192.168.56.101:49207 |
dead_host | 192.168.56.101:49228 |
dead_host | 192.168.56.101:49238 |
dead_host | 192.168.56.101:49251 |
dead_host | 192.168.56.101:49208 |
dead_host | 192.168.56.101:49247 |
dead_host | 192.168.56.101:49216 |
dead_host | 192.168.56.101:49255 |
dead_host | 192.168.56.101:49212 |
dead_host | 192.168.56.101:49225 |
dead_host | 192.168.56.101:49235 |
dead_host | 192.168.56.101:49256 |
dead_host | 192.168.56.101:49233 |
dead_host | 192.168.56.101:49220 |
dead_host | 192.168.56.101:49229 |
dead_host | 192.168.56.101:49239 |
dead_host | 192.168.56.101:49209 |
dead_host | 192.168.56.101:49240 |
dead_host | 192.168.56.101:49204 |
dead_host | 192.168.56.101:49217 |
dead_host | 192.168.56.101:49213 |
dead_host | 192.168.56.101:49226 |
dead_host | 192.168.56.101:49257 |
dead_host | 192.168.56.101:49221 |
dead_host | 192.168.56.101:49252 |
dead_host | 192.168.56.101:49201 |
dead_host | 192.168.56.101:49230 |
dead_host | 192.168.56.101:49232 |
dead_host | 192.168.56.101:49210 |
dead_host | 192.168.56.101:49241 |