vbc.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | March 17, 2023, 9:38 a.m. | March 17, 2023, 9:49 a.m. |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| 5rrgmeftoclglat5t7mmd9a.62wtco97ne9fk1j06ldaz |
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| pdb_path | C:\Bile mew\vawo jevev\Xefaniya\Kah\quohipof.pdb |
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_ICON | language | LANG_SERBIAN | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b860 | size | 0x00000128 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_SERBIAN | filetype | data | sublanguage | SUBLANG_SERBIAN_CYRILLIC | offset | 0x0047b988 | size | 0x000000ca | ||||||||||||||||||
| section | {u'size_of_data': u'0x001b1a00', u'virtual_address': u'0x00001000', u'entropy': 7.96105948698657, u'name': u'.text', u'virtual_size': u'0x001b1833'} | entropy | 7.96105948699 | description | A section with a high entropy has been found | |||||||||
| section | {u'size_of_data': u'0x00032c00', u'virtual_address': u'0x00449000', u'entropy': 7.67083445837491, u'name': u'.rsrc', u'virtual_size': u'0x00032a58'} | entropy | 7.67083445837 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.981261078754 | description | Overall entropy of this PE file is high | |||||||||||
| Bkav | W32.AIDetectNet.01 |
| Lionic | Trojan.Win32.Strab.4!c |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Trojan.GenericKD.65921610 |
| FireEye | Generic.mg.b12fe6628b451459 |
| McAfee | Artemis!B12FE6628B45 |
| Malwarebytes | Trojan.Downloader |
| VIPRE | Trojan.GenericKD.65921610 |
| Sangfor | Trojan.Win32.Save.a |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Alibaba | TrojanDownloader:Win32/Strab.d37dbc21 |
| Arcabit | Trojan.Generic.D3EDE24A |
| BitDefenderTheta | Gen:NN.ZexaF.36344.7vX@aOE5XcbG |
| Cyren | W32/ABRisk.UQLX-4129 |
| Symantec | Trojan Horse |
| ESET-NOD32 | a variant of Win32/TrojanDownloader.Agent.GPV |
| APEX | Malicious |
| Paloalto | generic.ml |
| Cynet | Malicious (score: 100) |
| Kaspersky | HEUR:Trojan.Win32.Strab.gen |
| BitDefender | Trojan.GenericKD.65921610 |
| Avast | Win32:DropperX-gen [Drp] |
| Tencent | Win32.Trojan-Downloader.Oader.Tzfl |
| TrendMicro | TrojanSpy.Win32.RHADAMANTHYS.YXDCNZ |
| McAfee-GW-Edition | Artemis!Trojan |
| Emsisoft | Trojan.GenericKD.65921610 (B) |
| Webroot | W32.Trojan.Gen |
| Avira | TR/Dldr.Agent.eakhl |
| MAX | malware (ai score=88) |
| Antiy-AVL | Trojan/Win32.Sabsik |
| Gridinsoft | Ransom.Win32.Sabsik.sa |
| Microsoft | Trojan:Win32/Casdet!rfn |
| ViRobot | Trojan.Win.Z.Stealer.2028120 |
| GData | Trojan.GenericKD.65921610 |
| Detected | |
| AhnLab-V3 | Trojan/Win.Generic.R562533 |
| VBA32 | BScope.TrojanSpy.Stealer |
| ALYac | Backdoor.Remcos.A |
| Cylance | unsafe |
| TrendMicro-HouseCall | TrojanSpy.Win32.RHADAMANTHYS.YXDCNZ |
| Rising | Backdoor.Agent!8.C5D (TFE:5:Tpf88tZVTGP) |
| Ikarus | Trojan-Downloader.Win32.Agent |
| Fortinet | W32/Agent.GPV!tr.dldr |
| AVG | Win32:DropperX-gen [Drp] |
| Panda | Trj/Chgt.AD |