Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Oct. 12, 2023, 7:42 a.m. | Oct. 12, 2023, 7:48 a.m. |
-
-
-
shutdown.exe shutdown -s -t 0
2792
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | |
section | .themida |
section | .boot |
name | RT_STRING | language | LANG_JAPANESE | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x000cf368 | size | 0x000003c2 | ||||||||||||||||||
name | RT_VERSION | language | LANG_JAPANESE | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x000cf770 | size | 0x00000314 |
cmdline | "C:\Windows\System32\cmd.exe" /k shutdown -s -t 0 |
section | {u'size_of_data': u'0x00012a00', u'virtual_address': u'0x00001000', u'entropy': 7.977143640145685, u'name': u' ', u'virtual_size': u'0x00028b4d'} | entropy | 7.97714364015 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00003c00', u'virtual_address': u'0x0002a000', u'entropy': 7.936196679757506, u'name': u' ', u'virtual_size': u'0x000087b2'} | entropy | 7.93619667976 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00000200', u'virtual_address': u'0x00033000', u'entropy': 7.5283354212755, u'name': u' ', u'virtual_size': u'0x000024c0'} | entropy | 7.52833542128 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00014600', u'virtual_address': u'0x00036000', u'entropy': 7.967505081502434, u'name': u' ', u'virtual_size': u'0x0007b0bc'} | entropy | 7.9675050815 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00001e00', u'virtual_address': u'0x000b2000', u'entropy': 7.835646604699191, u'name': u' ', u'virtual_size': u'0x000020e4'} | entropy | 7.8356466047 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x001ef600', u'virtual_address': u'0x003f1000', u'entropy': 7.953323762586698, u'name': u'.boot', u'virtual_size': u'0x001ef600'} | entropy | 7.95332376259 | description | A section with a high entropy has been found | |||||||||
entropy | 0.955121607526 | description | Overall entropy of this PE file is high |
process | system |
cmdline | "C:\Windows\System32\cmd.exe" /k shutdown -s -t 0 |
cmdline | cmd /k shutdown -s -t 0 |
cmdline | shutdown -s -t 0 |
registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion |
registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion |
registry | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Convagent.trYj |
tehtris | Generic.Malware |
MicroWorld-eScan | Trojan.GenericKD.69201153 |
CAT-QuickHeal | Trojan.IGENERIC |
Skyhigh | BehavesLike.Win32.Generic.vc |
McAfee | Artemis!1C576ECE1CB9 |
Malwarebytes | Malware.Heuristic.1003 |
Sangfor | Infostealer.Win32.Agent.Vyt3 |
Alibaba | TrojanSpy:Win32/Stealer.7a561349 |
Cybereason | malicious.cb133a |
Arcabit | Trojan.Generic.D41FED01 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Generik.GHXLWDM |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | Trojan-Spy.Win32.Stealer.etvw |
BitDefender | Trojan.GenericKD.69201153 |
NANO-Antivirus | Virus.Win32.Gen-Crypt.ccnc |
Avast | Win32:BotX-gen [Trj] |
Tencent | Malware.Win32.Gencirc.13ef0cf2 |
Emsisoft | Trojan.GenericKD.69201153 (B) |
F-Secure | Trojan.TR/Spy.Stealer.zbxji |
DrWeb | Trojan.DownLoader46.4223 |
VIPRE | Trojan.GenericKD.69201153 |
TrendMicro | Trojan.Win32.AMADEY.YXDIJZ |
Trapmine | malicious.high.ml.score |
FireEye | Generic.mg.1c576ece1cb91883 |
Sophos | Mal/Generic-S |
SentinelOne | Static AI - Malicious PE |
Webroot | W32.Trojan.GenKD |
Varist | W32/ABRisk.QAYP-4728 |
Avira | TR/Spy.Stealer.zbxji |
MAX | malware (ai score=89) |
Antiy-AVL | Trojan[Spy]/Win32.Stealer |
Gridinsoft | Ransom.Win32.Bladabindi.sa |
Microsoft | Trojan:Win32/Amadey.AY!MTB |
ViRobot | Trojan.Win.Z.Agent.2317328 |
ZoneAlarm | Trojan-Spy.Win32.Stealer.etvw |
GData | Trojan.GenericKD.69201153 |
Detected | |
AhnLab-V3 | Trojan/Win.Generic.C5484992 |
BitDefenderTheta | Gen:NN.ZexaF.36738.nU0@aOdEYHkO |
ALYac | Trojan.GenericKD.69201153 |
VBA32 | BScope.Backdoor.MSIL.Bladabindi |
Cylance | unsafe |
Panda | Trj/Agent.FUM |
TrendMicro-HouseCall | Trojan.Win32.AMADEY.YXDIJZ |
Rising | Stealer.Agent!8.C2 (TFE:5:jKUXB83mU0D) |