Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | May 31, 2024, 10:03 a.m. | May 31, 2024, 10:05 a.m. |
-
buildjudit.exe "C:\Users\test22\AppData\Local\Temp\buildjudit.exe"
2076 -
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\sqlite3.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\python3.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\python310.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\libssl-1_1.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\stub.exe |
file | C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\libffi-7.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\vcruntime140.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\libcrypto-1_1.dll |
section | {u'size_of_data': u'0x00a9ba00', u'virtual_address': u'0x00038000', u'entropy': 7.999133105660037, u'name': u'.rsrc', u'virtual_size': u'0x00a9b8a8'} | entropy | 7.99913310566 | description | A section with a high entropy has been found | |||||||||
entropy | 0.988218704512 | description | Overall entropy of this PE file is high |
file | C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\stub.exe |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.Worgtop.d!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Trojan.MSIL |
Skyhigh | BehavesLike.Win64.Andariel.vc |
McAfee | Artemis!CC7933B503E0 |
Malwarebytes | Malware.AI.2296844395 |
VIPRE | Trojan.Generic.35935180 |
Sangfor | Trojan.Win32.Save.a |
BitDefender | Trojan.Generic.35935180 |
Arcabit | Trojan.Generic.D22453CC |
VirIT | Trojan.Win64.Agent.GRZ |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Python/PSW.Agent_AGen.V |
APEX | Malicious |
Avast | Win64:DropperX-gen [Drp] |
Kaspersky | Trojan-GameThief.MSIL.Worgtop.bzc |
Alibaba | TrojanPSW:Win64/Agent_AGen.086ad943 |
MicroWorld-eScan | Trojan.Generic.35935180 |
Rising | Stealer.Agent!8.C2 (CLOUD) |
Emsisoft | Trojan.Generic.35935180 (B) |
F-Secure | Dropper.DR/AVI.Agent.luscv |
DrWeb | Trojan.PWS.Stealer.38885 |
Zillya | Trojan.Agent.Win64.44015 |
TrendMicro | Trojan.Win64.AMADEY.YXEEXZ |
McAfeeD | ti!049F48024F31 |
FireEye | Trojan.Generic.35935180 |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Python.Psw |
Jiangmin | Trojan.PSW.Stealer.dnf |
Webroot | W32.Trojan.Gen |
Detected | |
Avira | DR/AVI.Agent.luscv |
MAX | malware (ai score=89) |
Antiy-AVL | GrayWare/Win32.Wacapew |
Kingsoft | Win32.Troj.Generic.v |
Gridinsoft | Malware.Win64.Gen.tr |
Microsoft | Trojan:Win32/Casdet!rfn |
ZoneAlarm | Trojan-GameThief.MSIL.Worgtop.bzc |
GData | Trojan.Generic.35935180 |
Varist | W64/ABRisk.MEAS-4500 |
AhnLab-V3 | Trojan/Win.DropperX-gen.C5625918 |
DeepInstinct | MALICIOUS |
VBA32 | TrojanPSW.FBStealer |
Panda | Trj/GdSda.A |
TrendMicro-HouseCall | Trojan.Win64.AMADEY.YXEEXZ |
Tencent | Msil.Trojan-GameThief.Worgtop.Ozfl |
Yandex | Trojan.PWS.FBStealer!y76knCQZjNU |
SentinelOne | Static AI - Malicious PE |