Pluton.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Sept. 10, 2021, 9:13 a.m. | Sept. 10, 2021, 9:16 a.m. |
-
Pluton.exe "C:\Users\test22\AppData\Local\Temp\Pluton.exe"
872
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| pdb_path | C:\jefinegofe\vut\nuberabiwunu-rujo\xenimisow-zubepap\tofevif.pdb |
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KYRGYZ | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x01ff2b58 | size | 0x00000468 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_KYRGYZ | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x01fec7a0 | size | 0x0000005a | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_KYRGYZ | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x01fec7a0 | size | 0x0000005a | ||||||||||||||||||
| section | {u'size_of_data': u'0x00050600', u'virtual_address': u'0x00030000', u'entropy': 7.973910989326512, u'name': u'.data', u'virtual_size': u'0x01fb801c'} | entropy | 7.97391098933 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.58614402917 | description | Overall entropy of this PE file is high | |||||||||||
| Lionic | Hacktool.Win32.Shellcode.3!c |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Trojan.GenericKD.46878259 |
| FireEye | Generic.mg.b147f58ffee25ee8 |
| McAfee | Packed-GDT!B147F58FFEE2 |
| Cylance | Unsafe |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Trojan ( 0058183f1 ) |
| Alibaba | Ransom:Win32/StopCrypt.0586a22d |
| K7GW | Trojan ( 0058183f1 ) |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Arcabit | Trojan.Generic.D2CB4E33 |
| BitDefenderTheta | Gen:NN.ZexaF.34126.IqW@aWWy9ylG |
| Cyren | W32/Kryptik.EYC.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/Kryptik.HMGF |
| APEX | Malicious |
| Paloalto | generic.ml |
| ClamAV | Win.Packed.Generic-9888857-0 |
| Kaspersky | HEUR:Exploit.Win32.Shellcode.gen |
| BitDefender | Trojan.GenericKD.46878259 |
| Avast | Win32:TrojanX-gen [Trj] |
| Ad-Aware | Trojan.GenericKD.46878259 |
| Emsisoft | Trojan.Crypt (A) |
| F-Secure | Exploit.EXP/YAV.Minerva.kxlup |
| DrWeb | Trojan.DownLoader41.37215 |
| TrendMicro | TrojanSpy.Win32.RACEALER.SMTH |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.hc |
| Sophos | Mal/Generic-S |
| Ikarus | Trojan.Win32.Krypt |
| Jiangmin | Exploit.ShellCode.eda |
| Avira | EXP/YAV.Minerva.kxlup |
| Antiy-AVL | Trojan[Exploit]/Win32.ShellCode |
| Gridinsoft | Trojan.Win32.Downloader.sa |
| Microsoft | Ransom:Win32/StopCrypt.MPK!MTB |
| ZoneAlarm | HEUR:Exploit.Win32.Shellcode.gen |
| GData | Trojan.GenericKD.46878259 |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | Infostealer/Win.SmokeLoader.R439080 |
| Acronis | suspicious |
| VBA32 | Trojan.Injuke |
| ALYac | Trojan.GenericKD.46878259 |
| MAX | malware (ai score=87) |
| Malwarebytes | Trojan.MalPack.GS |
| TrendMicro-HouseCall | Ransom_HPGANDCRAB.SMONT2 |
| Rising | Malware.Obscure/Heur!1.A89F (CLASSIC) |
| SentinelOne | Static AI - Malicious PE |
| MaxSecure | Trojan.Malware.300983.susgen |
| Fortinet | W32/Kryptik.HMGB!tr |
| AVG | Win32:TrojanX-gen [Trj] |