Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Jan. 6, 2024, 5:16 p.m. | Jan. 6, 2024, 5:18 p.m. |
-
setup.exe "C:\Users\test22\AppData\Local\Temp\setup.exe"
2540 -
explorer.exe C:\Windows\Explorer.EXE
1452
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .00cfg |
section | .gxfg |
section | _RDATA |
section | .vmp\xe2\x80\xa6" |
section | .vmp\xe2\x80\xa6t |
section | .vmp\xe2\x80\xa6~ |
resource name | PNG |
resource name | STYLE_XML |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\vcruntime140.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\vcruntime140_1.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\libssl-1_1.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\python311.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\WW9_64.exe |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\libcrypto-1_1.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\pythoncom311.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\pywintypes311.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\python3.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\libffi-8.dll |
section | {u'size_of_data': u'0x00ba2c00', u'virtual_address': u'0x000e0000', u'entropy': 7.994434590563711, u'name': u'.vmp\\xe2\\x80\\xa6~', u'virtual_size': u'0x00ba2abc'} | entropy | 7.99443459056 | description | A section with a high entropy has been found | |||||||||
entropy | 0.983938230315 | description | Overall entropy of this PE file is high |
section | .vmp\xe2\x80\xa6" | description | Section name indicates VMProtect | ||||||
section | .vmp\xe2\x80\xa6t | description | Section name indicates VMProtect | ||||||
section | .vmp\xe2\x80\xa6~ | description | Section name indicates VMProtect |
file | C:\Users\test22\AppData\Local\Temp\onefile_2540_133490217658438500\WW9_64.exe |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.Scar.4!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKD.70765906 |
FireEye | Generic.mg.b13686dff2f18689 |
CAT-QuickHeal | Trojan.Scar |
Skyhigh | BehavesLike.Win64.MultiPlug.wc |
McAfee | Artemis!B13686DFF2F1 |
Cylance | unsafe |
Zillya | Trojan.Scar.Win32.183153 |
Sangfor | Trojan.Win32.Agent.Ve05 |
K7AntiVirus | Riskware ( 00584baa1 ) |
Alibaba | Trojan:Win32/Generic.f01ed82f |
K7GW | Riskware ( 00584baa1 ) |
VirIT | Trojan.Win64.Agent.BUT |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Generik.HTHAXXJ |
APEX | Malicious |
Kaspersky | Trojan.Win32.Scar.txcz |
BitDefender | Trojan.GenericKD.70765906 |
Avast | Win64:TrojanX-gen [Trj] |
Tencent | Malware.Win32.Gencirc.13fa3bac |
Emsisoft | Trojan.GenericKD.70765906 (B) |
F-Secure | Trojan.TR/Scar.uazdt |
VIPRE | Trojan.GenericKD.70765906 |
TrendMicro | TrojanSpy.Win64.REDLINE.YXDLMZ |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Win64.Agent |
Webroot | W32.Trojan.Gen |
Detected | |
Avira | TR/Scar.uazdt |
Varist | W64/ABRisk.DERM-1075 |
Antiy-AVL | Trojan/Win32.Scar |
Kingsoft | Win32.Trojan.Scar.txcz |
Microsoft | Trojan:Win32/Znyonm |
Gridinsoft | Trojan.Win64.SmokeLoader.tr |
Xcitium | Malware@#21v7m5v9qoauh |
Arcabit | Trojan.Generic.D437CD52 |
ZoneAlarm | Trojan.Win32.Scar.txcz |
GData | Trojan.GenericKD.70765906 |
Cynet | Malicious (score: 99) |
AhnLab-V3 | Malware/Win.Generic.C5562505 |
VBA32 | TrojanPSW.RedLine |
ALYac | Trojan.GenericKD.70765906 |
MAX | malware (ai score=87) |
Malwarebytes | Trojan.MalPack |
Panda | Trj/Agent.RP |
TrendMicro-HouseCall | TrojanSpy.Win64.REDLINE.YXDLMZ |
Rising | Trojan.Scar!8.33F (TFE:5:hbppntGHPkK) |
MaxSecure | Trojan.Malware.221434372.susgen |