Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 11, 2023, 1:45 p.m.	Oct. 11, 2023, 1:47 p.m.

Size	11.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5dd5dcb6da07a09fa38ceb7257e6d777`
SHA256	`37308b7b961e0b3d3d6d4d197c6f6f1b6c4adaf4a3eb8e855e770445818d7302`
CRC32	`FA3DA3DE`
ssdeep	`196608:sOyqLNsxsmbWZNvYzhsch7stnbfF4sdJ+k5y8BepqgH:7fLqtbWZizh3hAN4sd8ygH`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description) DllRegisterServer_Zero - execute regsvr32.exe OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware

DS.exe "C:\Users\test22\AppData\Local\Temp\DS.exe"
2536

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
43.154.131.186	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 11, 2023, 1:45 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 11, 2023, 1:45 p.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	TEXTINCLUDE
resource name	WAVE

Allocates read-write-execute memory (usually to unpack itself) (21 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734e2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 45056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010d0000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02ad0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 1:45 p.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW Oct. 11, 2023, 1:45 p.m.	total_number_of_free_bytes: 13311807488 free_bytes_available: 13311807488 root_path: C:\ total_number_of_bytes: 34252779520	1	1	0

Foreign language identified in PE resource (50 out of 70 events)

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c08f78

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c08f78

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

C source, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c08f78

size

0x00000151

name

WAVE

language

LANG_CHINESE

filetype

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0e060

size

0x00001448

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0f5f8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0f5f8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0f5f8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0f5f8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0f5f8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0f5f8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0f5f8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0f5f8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

AmigaOS bitmap font

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0f5f8

size

0x00000134

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0b5e0

size

0x00000144

name

RT_MENU

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a5a8

size

0x00000284

name

RT_MENU

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a5a8

size

0x00000284

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0a0f0

size

0x0000018c

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0bff8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0bff8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00c0bff8

size

0x00000024

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x002ac000', u'virtual_address': u'0x00001000', u'entropy': 7.248587330087921, u'name': u'.text', u'virtual_size': u'0x002ab948'}

entropy

7.24858733009

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x007f0000', u'virtual_address': u'0x002ad000', u'entropy': 7.595811118138885, u'name': u'.rdata', u'virtual_size': u'0x007ef5f6'}

entropy

7.59581111814

description

A section with a high entropy has been found

entropy

0.924438393465

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

43.154.131.186

Queries information on disks, possibly for anti-virtualization (2 events)

Time & API	Arguments	Status	Return	Repeated
NtCreateFile Oct. 11, 2023, 1:45 p.m.	create_disposition: 1 (FILE_OPEN) file_handle: 0x000001c4 filepath: \??\PhysicalDrive0 desired_access: 0x00100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE) file_attributes: 0 () filepath_r: \??\PhysicalDrive0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 0 (FILE_SUPERSEDED) share_access: 3 (FILE_SHARE_READ\|FILE_SHARE_WRITE)	1	0	0
DeviceIoControl Oct. 11, 2023, 1:45 p.m.	input_buffer: control_code: 2954240 () device_handle: 0x000001c4 output_buffer: (§	1	1	0

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

43.154.131.186:9008

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop23.10209
MicroWorld-eScan	Trojan.GenericKD.68914072
FireEye	Generic.mg.5dd5dcb6da07a09f
McAfee	Flyagent.d
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Trojan.GenericKD.68914072
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Trojan ( 0040f54a1 )
BitDefender	Trojan.GenericKD.68914072
K7GW	Trojan ( 0040f54a1 )
Cybereason	malicious.cf02e6
BitDefenderTheta	Gen:NN.ZexaF.36738.@tW@aW@qdMoH
Cyren	W32/Graftor.CS.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Malware.Trojanx-9951053-0
Kaspersky	Backdoor.Win32.Poison.kjrc
Alibaba	Backdoor:Win32/Poison.d39d55b6
NANO-Antivirus	Virus.Win32.Agent.dvixmz
Rising	Packer.Win32.Agent.f (CLASSIC)
Sophos	Mal/Generic-S
Zillya	Backdoor.Poison.Win32.100672
TrendMicro	TROJ_GEN.R002C0PGH23
McAfee-GW-Edition	BehavesLike.Win32.Generic.wc
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.GenericKD.68914072 (B)
Jiangmin	Backdoor.Poison.ese
Webroot	W32.Trojan.Agent.Gen
Antiy-AVL	Trojan[Packed]/Win32.FlyStudio
Kingsoft	Win32.Troj.Undef.a
Microsoft	Trojan:Win32/Flyagent
Gridinsoft	Ransom.Win32.Wacatac.oa!s1
Xcitium	TrojWare.Win32.Agent.OSCF@5rs7jr
Arcabit	Trojan.Generic.D41B8B98
ZoneAlarm	Backdoor.Win32.Poison.kjrc
GData	Win32.Trojan.PSE.QP57SD
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R576437
VBA32	BScope.Adware.Agent
ALYac	Trojan.GenericKD.68914072
MAX	malware (ai score=100)
DeepInstinct	MALICIOUS
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002C0PGH23

DS.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All