Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 9, 2023, 9:46 p.m. | Sept. 9, 2023, 9:50 p.m. |
-
toolspub4.exe "C:\Users\test22\AppData\Local\Temp\toolspub4.exe"
2528
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
pdb_path | C:\jahexecahifupa70.pdb |
section | {u'size_of_data': u'0x00027e00', u'virtual_address': u'0x00001000', u'entropy': 7.565074029176389, u'name': u'.text', u'virtual_size': u'0x00027c04'} | entropy | 7.56507402918 | description | A section with a high entropy has been found | |||||||||
entropy | 0.532554257095 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Bypass DEP | rule | disable_dep |
Bkav | W32.AIDetectMalware |
tehtris | Generic.Malware |
FireEye | Generic.mg.98ce8687a896a63f |
CAT-QuickHeal | Ransom.Stop.P5 |
K7AntiVirus | Riskware ( 00584baa1 ) |
K7GW | Riskware ( 00584baa1 ) |
Cybereason | malicious.cafd48 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
APEX | Malicious |
ClamAV | Win.Packer.pkr_ce1a-9980177-0 |
Kaspersky | VHO:Backdoor.Win32.Agent.gen |
Rising | Trojan.Generic@AI.100 (RDML:kM1ssFOLRK09mDK65SaCaQ) |
Trapmine | malicious.moderate.ml.score |
Sophos | ML/PE-A |
Ikarus | Trojan-Spy.Agent |
ZoneAlarm | VHO:Backdoor.Win32.Agent.gen |
Cynet | Malicious (score: 100) |
AhnLab-V3 | CoinMiner/Win.Glupteba.R504956 |
Acronis | suspicious |
Cylance | unsafe |
Tencent | Trojan.Win32.Obfuscated.gen |
SentinelOne | Static AI - Suspicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/Kryptik.HFSR!tr |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_100% (D) |