Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Oct. 25, 2021, 5:14 p.m. | Oct. 25, 2021, 5:20 p.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\rqvufRfLLN.dll,
2612 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\rqvufRfLLN.dll,dbk_fcall_wrapper
2088 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\rqvufRfLLN.dll,TMethodImplementationIntercept
2504 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\rqvufRfLLN.dll,dbkFCallWrapperAddr
2756 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\rqvufRfLLN.dll,yQ0BvR5F0Qn58wVmjt0qsx2
2944 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\rqvufRfLLN.dll,
2256
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .itext |
section | .didata |
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c | ||||||||||||||||||
name | RT_RCDATA | language | LANG_PORTUGUESE | filetype | zlib compressed data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x00551c24 | size | 0x0000034c |
Lionic | Trojan.Win32.Malicious.4!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKD.47226183 |
FireEye | Generic.mg.419e0fb814d614d4 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Spyware ( 0053b41c1 ) |
K7GW | Spyware ( 0053b41c1 ) |
CrowdStrike | win/malicious_confidence_70% (W) |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Spy.Mekotio.EF |
APEX | Malicious |
Paloalto | generic.ml |
ClamAV | Win.Packed.Zusy-9891964-0 |
BitDefender | Trojan.GenericKD.47226183 |
Avast | FileRepMalware |
Ad-Aware | Trojan.GenericKD.47226183 |
Emsisoft | Trojan.GenericKD.47226183 (B) |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.th |
Ikarus | Trojan-Spy.Agent |
GData | Trojan.GenericKD.47226183 |
Cynet | Malicious (score: 100) |
McAfee | Artemis!419E0FB814D6 |
MAX | malware (ai score=88) |
Malwarebytes | Spyware.Agent |
Rising | Trojan.Generic@ML.93 (RDML:6kPpXUz8E/BPa2yXguHX9g) |
SentinelOne | Static AI - Malicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/Mekotio.EF!tr.spy |
AVG | FileRepMalware |