nscvhost.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Sept. 24, 2021, 5:04 p.m. | Sept. 24, 2021, 5:08 p.m. |
-
nscvhost.exe "C:\Users\test22\AppData\Local\Temp\nscvhost.exe"
2972
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| pdb_path | C:\mujipefako.pdb |
| resource name | BIR |
| resource name | HOXOVIGUBUPUWILUSI |
| resource name | MAZAYAJOFEXE |
| resource name | PEBEGOFELUGIMIVIXOZOXITACAPILEN |
| resource name | None |
| section | {u'size_of_data': u'0x000efe00', u'virtual_address': u'0x00023000', u'entropy': 7.997199302877785, u'name': u'.data', u'virtual_size': u'0x0283420c'} | entropy | 7.99719930288 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.815554611135 | description | Overall entropy of this PE file is high | |||||||||||
| Bkav | W32.AIDetect.malware1 |
| Elastic | malicious (high confidence) |
| FireEye | Generic.mg.341e63d0f0934ba1 |
| Cylance | Unsafe |
| Sangfor | Trojan.Win32.Save.a |
| Cybereason | malicious.723680 |
| Symantec | ML.Attribute.HighConfidence |
| APEX | Malicious |
| Sophos | ML/PE-A |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.tc |
| Ikarus | Trojan.Win32.Crypt |
| Cynet | Malicious (score: 100) |
| Acronis | suspicious |
| McAfee | Packed-GDT!341E63D0F093 |
| VBA32 | Malware-Cryptor.Azorult.gen |
| Rising | Trojan.Generic@ML.98 (RDML:TA5Uahl+XE63ljPj9uZgSg) |
| SentinelOne | Static AI - Malicious PE |
| MaxSecure | Trojan.Malware.300983.susgen |
| BitDefenderTheta | Gen:NN.ZexaF.34170.jz0@amu6mlkO |
| CrowdStrike | win/malicious_confidence_90% (W) |