Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 7, 2022, 1:57 p.m. | June 7, 2022, 2:01 p.m. |
-
-
-
cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\03841b01.bat" "
2672
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
v8.ter.tf | ||
ddos.dnsnb8.net | 63.251.106.25 | |
2969761768.vip |
CNAME
uq9nwxh3.hyhuxa.top
CNAME
c9v864gr.n.hyhuxa.top
|
193.221.95.83 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
section | \xd5S\xff\xd7\xa3ux |
name | RT_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00011134 | size | 0x000002e8 | ||||||||||||||||||
name | RT_RCDATA | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000b130 | size | 0x00003000 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00011420 | size | 0x00000014 | ||||||||||||||||||
name | RT_VERSION | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00011438 | size | 0x00000448 |
file | C:\tmp6o6lvv\bin\execsc.exe |
file | C:\Users\test22\AppData\Local\Temp\38BA1B54.exe |
file | C:\util\pafish.exe |
file | C:\Users\test22\AppData\Local\Temp\131A0973.exe |
file | C:\Users\test22\AppData\Local\Temp\4C243FD6.exe |
file | C:\tmp6o6lvv\bin\inject-x86.exe |
file | C:\Program Files (x86)\7-Zip\7zG.exe |
file | C:\Program Files (x86)\Hnc\PDF80\x64\HNCE2PPRCONV80.exe |
file | C:\Users\test22\AppData\Local\Temp\46BB686B.exe |
file | C:\Program Files\7-Zip\Uninstall.exe |
file | C:\Users\test22\AppData\Local\Temp\03841b01.bat |
file | C:\Users\test22\AppData\Local\Temp\63057192.exe |
file | C:\Program Files (x86)\7-Zip\7zFM.exe |
file | C:\Python27\Lib\distutils\command\wininst-7.1.exe |
file | C:\Python27\Lib\site-packages\setuptools\gui.exe |
file | C:\Users\test22\AppData\Local\Temp\aBYIeT.exe |
file | C:\Users\test22\AppData\Local\Temp\566810BA.exe |
file | C:\Users\test22\AppData\Local\Temp\31763395.exe |
file | C:\tmp6o6lvv\bin\is32bit.exe |
file | C:\Users\test22\AppData\Local\Temp\2E764A70.exe |
file | C:\Users\test22\AppData\Local\Temp\03841b01.bat |
file | C:\Users\test22\AppData\Local\Temp\aBYIeT.exe |
section | {u'size_of_data': u'0x00004e00', u'virtual_address': u'0x0000c000', u'entropy': 7.85161823887119, u'name': u'UPX1', u'virtual_size': u'0x00005000'} | entropy | 7.85161823887 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00004200', u'virtual_address': u'0x00012000', u'entropy': 6.934358700790351, u'name': u'\\xd5S\\xff\\xd7\\xa3ux', u'virtual_size': u'0x00005000'} | entropy | 6.93435870079 | description | A section with a high entropy has been found | |||||||||
entropy | 0.923076923077 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX |
service_name | Klmnopq Stuabc | service_path | C:\Windows\iyammc.exe |
file | C:\Users\test22\AppData\Local\Temp\aBYIeT.exe |
Bkav | W32.FamVT.DumpModuleInfectiousNME.PE |
DrWeb | Trojan.DownLoader18.16955 |
MicroWorld-eScan | Win32.VJadtre.3 |
FireEye | Generic.mg.b238708a6c194f7c |
CAT-QuickHeal | Trojan.GenericRI.S17164152 |
McAfee | W32/Kudj |
Malwarebytes | Trojan.FakeMS |
Sangfor | [ASPACK V2.12] |
K7AntiVirus | Trojan ( 004bcce41 ) |
BitDefender | Win32.VJadtre.3 |
K7GW | Trojan ( 004bcce41 ) |
Cybereason | malicious.a6c194 |
BitDefenderTheta | AI:FileInfector.991137D00F |
Cyren | W32/PatchLoad.E |
Elastic | malicious (moderate confidence) |
ESET-NOD32 | Win32/Wapomi.BA |
APEX | Malicious |
ClamAV | Win.Trojan.Downloader-64720 |
Kaspersky | Virus.Win32.Nimnul.f |
NANO-Antivirus | Trojan.Win32.Banload.cstqaj |
ViRobot | Win32.Ramnit.F |
Rising | Virus.Roue!1.9E10 (CLASSIC) |
Ad-Aware | Win32.VJadtre.3 |
Sophos | ML/PE-A + W32/Nimnul-A |
Comodo | Packed.Win32.MUPX.Gen@24tbus |
Baidu | Win32.Virus.Otwycal.d |
Zillya | Virus.Nimnul.Win32.5 |
TrendMicro | PE_WAPOMI.BM |
McAfee-GW-Edition | BehavesLike.Win32.Virut.pc |
Trapmine | malicious.high.ml.score |
Emsisoft | Win32.VJadtre.3 (B) |
SentinelOne | Static AI - Malicious PE |
GData | Win32.Virus.Wapomi.A |
Jiangmin | Win32/Nimnul.f |
Avira | W32/Jadtre.B |
MAX | malware (ai score=89) |
Gridinsoft | Trojan.Heur!.03212289 |
SUPERAntiSpyware | Trojan.Agent/Gen-FakeMS |
ZoneAlarm | Virus.Win32.Nimnul.f |
Microsoft | Virus:Win32/Mikcer.B |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Win32/VJadtre.Gen |
Acronis | suspicious |
VBA32 | Virus.Nimnul.19209 |
ALYac | Win32.VJadtre.3 |
TACHYON | Virus/W32.Ramnit.C |
Cylance | Unsafe |
Panda | W32/Pcarrier.A |
Zoner | Probably Heur.ExeHeaderL |
TrendMicro-HouseCall | PE_WAPOMI.BM |
dead_host | 192.168.56.103:49252 |
dead_host | 192.168.56.103:49266 |
dead_host | 192.168.56.103:49247 |
dead_host | 192.168.56.103:49236 |
dead_host | 192.168.56.103:49167 |
dead_host | 192.168.56.103:49198 |
dead_host | 192.168.56.103:49225 |
dead_host | 192.168.56.103:49244 |
dead_host | 192.168.56.103:49280 |
dead_host | 192.168.56.103:49182 |
dead_host | 192.168.56.103:49187 |
dead_host | 192.168.56.103:49209 |
dead_host | 192.168.56.103:49261 |
dead_host | 192.168.56.103:49206 |
dead_host | 192.168.56.103:49275 |
dead_host | 20.27.51.23:6681 |
dead_host | 192.168.56.103:49233 |
dead_host | 192.168.56.103:49264 |
dead_host | 192.168.56.103:49269 |
dead_host | 192.168.56.103:49241 |
dead_host | 192.168.56.103:49250 |
dead_host | 192.168.56.103:49272 |
dead_host | 192.168.56.103:49255 |
dead_host | 192.168.56.103:49277 |
dead_host | 192.168.56.103:49227 |
dead_host | 192.168.56.103:49258 |
dead_host | 192.168.56.103:49216 |
dead_host | 192.168.56.103:49204 |
dead_host | 192.168.56.103:49239 |
dead_host | 192.168.56.103:49221 |