w-12.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Oct. 10, 2023, 4:57 p.m. | Oct. 10, 2023, 5:02 p.m. |
-
w-12.exe "C:\Users\test22\AppData\Local\Temp\w-12.exe"
2668
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| packer | UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser |
| section | {u'size_of_data': u'0x00351400', u'virtual_address': u'0x005f8000', u'entropy': 7.886656281072496, u'name': u'UPX1', u'virtual_size': u'0x00352000'} | entropy | 7.88665628107 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.999852832965 | description | Overall entropy of this PE file is high | |||||||||||
| section | UPX0 | description | Section name indicates UPX | ||||||
| section | UPX1 | description | Section name indicates UPX | ||||||
| section | UPX2 | description | Section name indicates UPX | ||||||
| Bkav | W32.AIDetectMalware |
| Elastic | malicious (moderate confidence) |
| Skyhigh | BehavesLike.Win32.Generic.wc |
| McAfee | Artemis!0CB677593212 |
| Sangfor | Trojan.Win32.Save.a |
| Alibaba | Trojan:Win32/Windigo.b3862a64 |
| CrowdStrike | win/malicious_confidence_70% (W) |
| BitDefenderTheta | Gen:NN.ZexaF.36738.upGfa4D27Al |
| Symantec | ML.Attribute.HighConfidence |
| Cynet | Malicious (score: 100) |
| APEX | Malicious |
| Kaspersky | Trojan-Proxy.Win32.Windigo.axz |
| Trapmine | malicious.high.ml.score |
| Webroot | W32.Trojan.Gen |
| Antiy-AVL | GrayWare/Win32.Kryptik.ffp |
| Gridinsoft | Trojan.Win32.Kryptik.sa |
| ZoneAlarm | Trojan-Proxy.Win32.Windigo.axz |
| Detected | |
| Rising | Trojan.Generic@AI.96 (RDML:JETLrtUwq2gL1qzQhMNicg) |
| Ikarus | Trojan.WinGo.Shellcoderunner |
| MaxSecure | Trojan.Malware.300983.susgen |
| DeepInstinct | MALICIOUS |