act.ocx| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | March 17, 2023, 9:42 a.m. | March 17, 2023, 10 a.m. |
-
act.ocx "C:\Users\test22\AppData\Local\Temp\act.ocx"
2560
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| No hosts contacted. | ||
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| section | .vmp0 |
| section | .vmp1 |
| section | {u'size_of_data': u'0x00039c00', u'virtual_address': u'0x00047000', u'entropy': 7.889530640349294, u'name': u'.vmp1', u'virtual_size': u'0x00039ba0'} | entropy | 7.88953064035 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.995689655172 | description | Overall entropy of this PE file is high | |||||||||||
| section | .vmp0 | description | Section name indicates VMProtect | ||||||
| section | .vmp1 | description | Section name indicates VMProtect | ||||||
| FireEye | Generic.mg.214aa1ab355e70ae |
| Cylance | unsafe |
| K7AntiVirus | Trojan ( 7000001d1 ) |
| K7GW | Trojan ( 7000001d1 ) |
| CrowdStrike | win/malicious_confidence_70% (D) |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | malicious (high confidence) |
| ESET-NOD32 | a variant of Win32/Packed.VMProtect.ABO |
| APEX | Malicious |
| Cynet | Malicious (score: 100) |
| Avast | Win64:MalwareX-gen [Trj] |
| Tencent | Win32.Trojan.Black.Qzfl |
| Sophos | Mal/VMProtBad-A |
| Trapmine | malicious.moderate.ml.score |
| SentinelOne | Static AI - Suspicious PE |
| Avira | TR/Black.Gen2 |
| Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
| Detected | |
| Yandex | Trojan.GenAsa!MCKN04f+JBc |
| Ikarus | Trojan.Win32.VMProtect |
| AVG | Win64:MalwareX-gen [Trj] |