Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 17, 2023, 9:42 a.m. | March 17, 2023, 10:06 a.m. |
-
6.ocx "C:\Users\test22\AppData\Local\Temp\6.ocx"
2560
Name | Response | Post-Analysis Lookup |
---|---|---|
3005.qmananan.com | 206.233.132.92 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .vmp0 |
section | .vmp1 |
name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x001b9058 | size | 0x0002b07c |
section | {u'size_of_data': u'0x000b0000', u'virtual_address': u'0x00109000', u'entropy': 7.918257762449476, u'name': u'.vmp1', u'virtual_size': u'0x000afdee'} | entropy | 7.91825776245 | description | A section with a high entropy has been found | |||||||||
entropy | 0.8 | description | Overall entropy of this PE file is high |
section | .vmp0 | description | Section name indicates VMProtect | ||||||
section | .vmp1 | description | Section name indicates VMProtect |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb |
FireEye | Generic.mg.ef4a2bb28bee4196 |
Cylance | unsafe |
Sangfor | Trojan.Win32.Agent.A02q |
K7AntiVirus | Trojan ( 7000001c1 ) |
K7GW | Trojan ( 7000001c1 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.Heur.RP.ED8E8F |
BitDefenderTheta | AI:Packer.EDAA4FEB1F |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Packed.VMProtect.ABO |
APEX | Malicious |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb |
Avast | Win32:RATX-gen [Trj] |
Tencent | Win32.Trojan.Crypt.Lajl |
Sophos | Mal/VMProtBad-A |
VIPRE | Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb |
McAfee-GW-Edition | BehavesLike.Win32.Generic.tm |
Trapmine | malicious.high.ml.score |
Emsisoft | Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb (B) |
Ikarus | Trojan.Win32.VMProtect |
Detected | |
Avira | TR/Crypt.XPACK.Gen |
MAX | malware (ai score=81) |
Microsoft | Trojan:Win32/Farfli.DSK!MTB |
GData | Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win.Farfli.R562279 |
Acronis | suspicious |
VBA32 | BScope.Backdoor.Farfli |
ALYac | Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb |
Malwarebytes | Malware.AI.1768574864 |
Rising | Trojan.Generic@AI.100 (RDMK:cmRtazoLb3Z0aDToUkpQRn1XQhqL) |
SentinelOne | Static AI - Suspicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/Zard.30!tr |
AVG | Win32:RATX-gen [Trj] |
Panda | Trj/Genetic.gen |
dead_host | 192.168.56.101:49191 |
dead_host | 192.168.56.101:49202 |
dead_host | 192.168.56.101:49231 |
dead_host | 192.168.56.101:49165 |
dead_host | 192.168.56.101:49242 |
dead_host | 206.233.132.92:3005 |
dead_host | 192.168.56.101:49237 |
dead_host | 192.168.56.101:49259 |
dead_host | 192.168.56.101:49193 |
dead_host | 192.168.56.101:49254 |
dead_host | 192.168.56.101:49188 |
dead_host | 192.168.56.101:49207 |
dead_host | 192.168.56.101:49228 |
dead_host | 192.168.56.101:49247 |
dead_host | 192.168.56.101:49181 |
dead_host | 192.168.56.101:49256 |
dead_host | 192.168.56.101:49198 |
dead_host | 192.168.56.101:49209 |
dead_host | 192.168.56.101:49204 |
dead_host | 192.168.56.101:49217 |
dead_host | 192.168.56.101:49244 |
dead_host | 192.168.56.101:49170 |
dead_host | 192.168.56.101:49187 |
dead_host | 192.168.56.101:49214 |
dead_host | 192.168.56.101:49227 |
dead_host | 192.168.56.101:49161 |
dead_host | 192.168.56.101:49222 |
dead_host | 192.168.56.101:49176 |
dead_host | 192.168.56.101:49233 |
dead_host | 192.168.56.101:49175 |
dead_host | 192.168.56.101:49250 |
dead_host | 192.168.56.101:49184 |
dead_host | 192.168.56.101:49203 |
dead_host | 192.168.56.101:49224 |
dead_host | 192.168.56.101:49166 |
dead_host | 192.168.56.101:49243 |
dead_host | 192.168.56.101:49177 |
dead_host | 192.168.56.101:49238 |
dead_host | 192.168.56.101:49172 |
dead_host | 192.168.56.101:49194 |
dead_host | 192.168.56.101:49255 |
dead_host | 192.168.56.101:49189 |
dead_host | 192.168.56.101:49200 |
dead_host | 192.168.56.101:49229 |
dead_host | 192.168.56.101:49240 |
dead_host | 192.168.56.101:49182 |
dead_host | 192.168.56.101:49257 |
dead_host | 192.168.56.101:49199 |
dead_host | 192.168.56.101:49252 |
dead_host | 192.168.56.101:49210 |