Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 2, 2024, 7:37 a.m.	Jan. 2, 2024, 7:47 a.m.

Size	1.7MB
Type	PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
MD5	`be8cdde4842fd762856c98114130651e`
SHA256	`5c946bc51595505a29eb5d16ed410aef05c8b09a1b7ddc8a261835ad2b935a77`
CRC32	`1750B2EA`
ssdeep	`24576:09Qv76UpurjnWc0641KTW1qoVmv/cGrZiH/K1+oeZZt0HnZYRUN:HDpMWj51sWPGcGrYH/K1neZZGHqi`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format Generic_Malware_Zero - Generic Malware

HomepageReverse.exe "C:\Users\test22\AppData\Local\Temp\HomepageReverse.exe"
1960
- cmd.exe cmd /k cmd < Elder & exit
  2148
  - cmd.exe cmd
    2208
    - findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
      2332
    - tasklist.exe tasklist
      2296
    - tasklist.exe tasklist
      2444
    - findstr.exe findstr /I "wrsa.exe"
      2480
    - cmd.exe cmd /c mkdir 20701
      2552
    - cmd.exe cmd /c copy /b Democrat + Entitled + Garage + Nintendo + Aka 20701\Receptors.pif
      2596
    - cmd.exe cmd /c copy /b Textbooks + Leader + Print 20701\p
      2640
    - Receptors.pif 20701\Receptors.pif 20701\p
      2684
    - PING.EXE ping -n 5 localhost
      2756

Name	Response	Post-Analysis Lookup
hUbDLxwHbtXNnaaxVEnnFg.hUbDLxwHbtXNnaaxVEnnFg

IP Address	Status	Action
164.124.101.2	Active	Moloch
91.92.240.171	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.103:49176 91.92.240.171:2469	C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=91.92.240.171: Self-signed certificate	C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=91.92.240.171: Self-signed certificate	b8:44:f4:1c:5f:52:72:c6:9c:b1:1b:6a:87:10:cd:95:89:94:8a:df
TLS 1.2 192.168.56.103:49178 91.92.240.171:2469	C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=91.92.240.171: Self-signed certificate	C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=91.92.240.171: Self-signed certificate	b8:44:f4:1c:5f:52:72:c6:9c:b1:1b:6a:87:10:cd:95:89:94:8a:df
TLS 1.2 192.168.56.103:49179 91.92.240.171:443	C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=91.92.240.171: Self-signed certificate	C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=91.92.240.171: Self-signed certificate	b8:44:f4:1c:5f:52:72:c6:9c:b1:1b:6a:87:10:cd:95:89:94:8a:df
TLS 1.2 192.168.56.103:49177 91.92.240.171:2469	C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=91.92.240.171: Self-signed certificate	C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=91.92.240.171: Self-signed certificate	b8:44:f4:1c:5f:52:72:c6:9c:b1:1b:6a:87:10:cd:95:89:94:8a:df

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Jan. 2, 2024, 7:38 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Jan. 2, 2024, 7:38 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 2, 2024, 7:38 a.m.			0	0

Command line console output was observed (50 out of 416 events)

Time & API	Arguments	Status	Return
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: Set dEeFKjkDLfxhTzpBjLdUzwLkogguoPdsAIxRMIAvzVCwV=g console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: bARPsysxfSRvcYtc=YrMlZaPDkTAnnJfNZRGdZZkohtYV console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'bARPsysxfSRvcYtc' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: tnfmGeRIyboeku=QWQpBJvuntWZRE console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'tnfmGeRIyboeku' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: UzTauckYSHbtUzbgNTqssgPxCIsQ=KrqtoDPoTZQFYYCrEC console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'UzTauckYSHbtUzbgNTqssgPxCIsQ' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: qQouRjFGEmPnrxDiDbqMQIuUT=MafhdYuEPEBXo console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'qQouRjFGEmPnrxDiDbqMQIuUT' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: CXkItBMlxQYGDPXaJgjHmjddpR=mEYGGfopSbbPabBYm console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'CXkItBMlxQYGDPXaJgjHmjddpR' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: KxdGbUhKAafGUmh=jFclsdcGtVjnT console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'KxdGbUhKAafGUmh' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: XgRemvwTitaWOQ=kDYBplVCgXzYKBBIOQfxwPRqQuz console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'XgRemvwTitaWOQ' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: Set sRcBFLSahXJZwLCyybssFcEyncTcLYKrRbkbBRz=v console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: pxRidafhMUzPeSVjfelSvHf=GoEAtDhtzIvqNY console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'pxRidafhMUzPeSVjfelSvHf' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: eEoYrshPEflkO=yjCyFAiOOppGg console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'eEoYrshPEflkO' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: xvUmsUiggIkUazZkUs=VgvTVonqgPYPvrScoxL console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'xvUmsUiggIkUazZkUs' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: UeQXTTLiOOCfRozuXCZsTTSmfTO=AXRQobETbnZwbdkmhJXgKLbFcz console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'UeQXTTLiOOCfRozuXCZsTTSmfTO' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: wpsHqyUHRX=uxDmImCXUDHakGWmuOAkcPvC console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'wpsHqyUHRX' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: uRZWCJxCBDCKleYebmbzQyw=FOSdLdsXqPC console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'uRZWCJxCBDCKleYebmbzQyw' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: DwsTjQKezOVLCpYfZoTwQV=OQtQkjFKcAdmvoDi console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: 'DwsTjQKezOVLCpYfZoTwQV' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\15598> console_handle: 0x00000007	1	1
WriteConsoleW Jan. 2, 2024, 7:38 a.m.	buffer: xYKQTiOCsw=RWBQHKDroZmPOtAkkKBicwTGRlAVI console_handle: 0x00000007	1	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (10 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Jan. 2, 2024, 7:37 a.m.	process_identifier: 1960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 2, 2024, 7:38 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00760000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 2, 2024, 7:38 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 155648 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03cf1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 2, 2024, 7:38 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d17000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 2, 2024, 7:38 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 331776 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d27000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 2, 2024, 7:38 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d78000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 2, 2024, 7:38 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d79000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 2, 2024, 7:38 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d7a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 2, 2024, 7:38 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 61440 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05fe0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 2, 2024, 7:38 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4132864 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05fef000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\15598\20701\Receptors.pif

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\15598\20701\Receptors.pif

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\15598\Democrat
file	C:\Users\test22\AppData\Local\Temp\15598\20701\Receptors.pif

Executes one or more WMI queries (1 event)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (7 events)

Time & API	Arguments	Status	Return
Process32NextW Jan. 2, 2024, 7:38 a.m.	snapshot_handle: 0x00000130 process_name: taskhost.exe process_identifier: 1540	1	1
Process32NextW Jan. 2, 2024, 7:38 a.m.	snapshot_handle: 0x00000130 process_name: SearchProtocolHost.exe process_identifier: 776	1	1
Process32NextW Jan. 2, 2024, 7:38 a.m.	snapshot_handle: 0x00000130 process_name: pw.exe process_identifier: 1804	1	1
Process32NextW Jan. 2, 2024, 7:38 a.m.	snapshot_handle: 0x00000130 process_name: cmd.exe process_identifier: 2148	1	1
Process32NextW Jan. 2, 2024, 7:38 a.m.	snapshot_handle: 0x00000130 process_name: conhost.exe process_identifier: 2184	1	1
Process32NextW Jan. 2, 2024, 7:38 a.m.	snapshot_handle: 0x00000130 process_name: WmiPrvSE.exe process_identifier: 2404	1	1
Process32NextW Jan. 2, 2024, 7:38 a.m.	snapshot_handle: 0x00000130 process_name: inject-x86.exe process_identifier: 2736	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00068400', u'virtual_address': u'0x000f6000', u'entropy': 7.92971741972278, u'name': u'UPX1', u'virtual_size': u'0x00069000'}

entropy

7.92971741972

description

A section with a high entropy has been found

entropy

0.803468208092

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Jan. 2, 2024, 7:38 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW Jan. 2, 2024, 7:38 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Expresses interest in specific running processes (2 events)

process	receptors.pif
process	cmd.exe

Potentially malicious URLs were found in the process memory dump (3 events)

url	http://www.microsoft.com/schemas/ie8tldlistdescription/1.0
url	http://purl.org/rss/1.0/
url	http://www.passport.com

Yara rule detected in process memory (33 events)

description	Create a windows service	rule	Create_Service
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Communication using DGA	rule	Network_DGA
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	Take ScreenShot	rule	ScreenShot
description	Escalate priviledges	rule	Escalate_priviledges
description	Steal credential	rule	local_credential_Steal
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	Hijack network configuration	rule	Hijack_Network
description	Record Audio	rule	Sniff_Audio
description	Communications over HTTP	rule	Network_HTTP
description	Communications use DNS	rule	Network_DNS
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__ConsoleCtrl
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	(no description)	rule	Check_Dlls
description	Checks if being debugged	rule	anti_dbg
description	Anti-Sandbox checks for ThreatExpert	rule	antisb_threatExpert
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	File Downloader	rule	Network_Downloader
description	Match Windows Inet API call	rule	Str_Win32_Internet_API
description	Install itself for autorun at Windows startup	rule	Persistence
description	Communications over FTP	rule	Network_FTP
description	Run a KeyLogger	rule	KeyLogger
description	Communications over P2P network	rule	Network_P2P_Win

The executable is compressed using UPX (2 events)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Uses Windows utilities for basic Windows functionality (4 events)

cmdline	cmd /c mkdir 20701
cmdline	tasklist
cmdline	cmd /c copy /b Democrat + Entitled + Garage + Nintendo + Aka 20701\Receptors.pif
cmdline	ping -n 5 localhost

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: 80905196bba682cc6b55ee4618888bdf8594b3ad

Communicates with host for which no DNS query was performed (1 event)

host

91.92.240.171

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2208 resumed a thread in remote process 2684
NtResumeThread Jan. 2, 2024, 7:38 a.m.	thread_handle: 0x0000008c suspend_count: 0 process_identifier: 2684	1	0	0

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 events)

Lionic	Trojan.Win32.Agent.Y!c
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.71043016
FireEye	Generic.mg.be8cdde4842fd762
Malwarebytes	Generic.Malware/Suspicious
VIPRE	Trojan.GenericKD.71043016
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	Win32/TrojanDropper.Delf.ACT
Kaspersky	Backdoor.Win32.Agent.myuthb
BitDefender	Trojan.GenericKD.71043016
Tencent	Win32.Backdoor.Agent.Hajl
DrWeb	Trojan.Siggen22.62312
TrendMicro	Trojan.Win32.PRIVATELOADER.YXEAAZ
Sophos	Mal/Generic-S
Webroot	W32.Infostealer.Gen
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win32.Sabsik
Kingsoft	Win32.Hack.Agent.a
Gridinsoft	Malware.Win32.Gen.tr
Arcabit	Trojan.Generic.D43C07C8
ZoneAlarm	Backdoor.Win32.Agent.myuthb
GData	Trojan.GenericKD.71043016
VBA32	BScope.TrojanRansom.Blocker
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.PRIVATELOADER.YXEAAZ
Rising	Backdoor.Agent!8.C5D (CLOUD)
Fortinet	W32/PossibleThreat
DeepInstinct	MALICIOUS

HomepageReverse.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All