Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 7, 2024, 9:27 a.m. | June 7, 2024, 9:29 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
82.157.201.41 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section |
packer | NsPacK V3.7 -> LiuXingPing |
cmdline | C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\test22\AppData\Local\Temp\xxun.exe > nul |
file | C:\Users\test22\AppData\Local\Temp\xxun.exe |
section | {u'size_of_data': u'0x00076a00', u'virtual_address': u'0x00140000', u'entropy': 7.999350239067291, u'name': u'', u'virtual_size': u'0x00077c3c'} | entropy | 7.99935023907 | description | A section with a high entropy has been found | |||||||||
entropy | 1.0 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\test22\AppData\Local\Temp\xxun.exe > nul |
cmdline | ping -n 2 127.0.0.1 |
host | 82.157.201.41 |
service_name | Dtldtl Dumdu | service_path | C:\Windows\System32\Meume.exe -auto |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Agent.l7ah |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Trojan.FarfliRI.S27524112 |
Skyhigh | BehavesLike.Win32.Generic.gc |
ALYac | Trojan.GenericKD.73025391 |
Cylance | Unsafe |
VIPRE | Trojan.GenericKD.73025391 |
Sangfor | Backdoor.Win32.Farfli.V8fd |
K7AntiVirus | Trojan ( 005257651 ) |
BitDefender | Trojan.GenericKD.73025391 |
K7GW | Trojan ( 005257651 ) |
Cybereason | malicious.3707f7 |
Arcabit | Trojan.Generic.D45A476F |
VirIT | Win32.Kriz.4029 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/GenKryptik.DZUJ |
APEX | Malicious |
McAfee | Artemis!3311B8C3707F |
Avast | Win32:Malware-gen |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Alibaba | Backdoor:Win32/Farfli.d51279f3 |
NANO-Antivirus | Trojan.Win32.Farfli.jnxxnz |
MicroWorld-eScan | Trojan.GenericKD.73025391 |
Rising | Backdoor.Gh0st!1.DF86 (CLOUD) |
Emsisoft | Trojan.GenericKD.73025391 (B) |
F-Secure | Heuristic.HEUR/AGEN.1339093 |
DrWeb | Win32.HLLW.Autoruner.1891 |
Zillya | Trojan.GenKryptik.Win32.675040 |
TrendMicro | TROJ_GEN.R002C0DEQ24 |
McAfeeD | Real Protect-LS!3311B8C3707F |
Trapmine | malicious.high.ml.score |
FireEye | Generic.mg.3311b8c3707f7583 |
Sophos | Mal/Packer |
Ikarus | Trojan.Win32.Crypt |
Jiangmin | Backdoor/Huigezi.ezb |
Detected | |
Avira | HEUR/AGEN.1339093 |
MAX | malware (ai score=85) |
Antiy-AVL | Trojan/Win32.GenKryptik |
Kingsoft | malware.kb.b.978 |
Gridinsoft | Trojan.Win32.Gen.tr |
Xcitium | TrojWare.Win32.Trojan.NSPM.~gen@20n73t |
Microsoft | Backdoor:Win32/Farfli!pz |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Trojan.GenericKD.73025391 |
AhnLab-V3 | Worm/Win32.IRCBot.C6996 |
BitDefenderTheta | AI:Packer.E67BFE3B1E |
DeepInstinct | MALICIOUS |