file.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Aug. 12, 2023, 6:47 p.m. | Aug. 12, 2023, 6:53 p.m. |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| No hosts contacted. | ||
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| pdb_path | C:\pepeyu\vupuluh.pdb |
| resource name | XIZAPAWEWAZAWIGADAKEL |
| name | XIZAPAWEWAZAWIGADAKEL | language | LANG_PORTUGUESE | filetype | ASCII text, with very long lines, with no line terminators | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x014c2318 | size | 0x00002082 | ||||||||||||||||||
| name | RT_ICON | language | LANG_PORTUGUESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x014c1e80 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_PORTUGUESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x014c1e80 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_PORTUGUESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x014c1e80 | size | 0x00000468 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_PORTUGUESE | filetype | data | sublanguage | SUBLANG_PORTUGUESE_BRAZILIAN | offset | 0x014c22e8 | size | 0x00000030 | ||||||||||||||||||
| section | {u'size_of_data': u'0x00040200', u'virtual_address': u'0x00001000', u'entropy': 7.721625566399219, u'name': u'.text', u'virtual_size': u'0x00040088'} | entropy | 7.7216255664 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.767964071856 | description | Overall entropy of this PE file is high | |||||||||||
| Bkav | W32.AIDetectMalware |
| Elastic | malicious (high confidence) |
| ClamAV | Win.Packer.pkr_ce1a-9980177-0 |
| FireEye | Generic.mg.d5fbc84f128e2f19 |
| CAT-QuickHeal | Ransom.Stop.P5 |
| Malwarebytes | Trojan.MalPack.GS |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Trojan ( 0056f9be1 ) |
| K7GW | Trojan ( 0056f9be1 ) |
| Cybereason | malicious.21467e |
| Cyren | W32/Kryptik.KJB.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| tehtris | Generic.Malware |
| APEX | Malicious |
| Cynet | Malicious (score: 100) |
| Kaspersky | VHO:Trojan-Ransom.Win32.Stop.gen |
| Tencent | Trojan.Win32.Obfuscated.gen |
| Sophos | ML/PE-A |
| McAfee-GW-Edition | BehavesLike.Win32.Shohdi.fh |
| Trapmine | malicious.moderate.ml.score |
| SentinelOne | Static AI - Malicious PE |
| Microsoft | Trojan:Win32/Wacatac.B!ml |
| ZoneAlarm | VHO:Trojan-Ransom.Win32.Stop.gen |
| Detected | |
| Acronis | suspicious |
| Cylance | unsafe |
| Rising | Trojan.Kryptik!1.B663 (CLASSIC) |
| Ikarus | Worm.Win32.Dorkbot |
| MaxSecure | Trojan.Malware.300983.susgen |
| Fortinet | W32/GenKryptik.ERHN!tr |
| DeepInstinct | MALICIOUS |
| CrowdStrike | win/malicious_confidence_100% (D) |