ghsalncr.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | June 9, 2024, 4:20 a.m. | June 9, 2024, 4:21 a.m. |
-
ghsalncr.exe "C:\Users\test22\AppData\Local\Temp\ghsalncr.exe"
2644
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| section | .OKOK12D |
| section | {u'size_of_data': u'0x00b39a00', u'virtual_address': u'0x00642000', u'entropy': 7.818803977699677, u'name': u'.OKOK12D', u'virtual_size': u'0x00b39970'} | entropy | 7.8188039777 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.999869519833 | description | Overall entropy of this PE file is high | |||||||||||
| Bkav | W32.AIDetectMalware |
| tehtris | Generic.Malware |
| Cynet | Malicious (score: 100) |
| Skyhigh | BehavesLike.Win32.Generic.wc |
| Cylance | Unsafe |
| Sangfor | Suspicious.Win32.Save.a |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | malicious (high confidence) |
| ESET-NOD32 | a variant of Win32/Packed.VMProtect.BC suspicious |
| APEX | Malicious |
| Avast | FileRepMalware |
| McAfeeD | Real Protect-LS!6EC12DAB45F4 |
| Trapmine | malicious.high.ml.score |
| FireEye | Generic.mg.6ec12dab45f4cd79 |
| Sophos | Generic ML PUA (PUA) |
| Gridinsoft | Trojan.Heur!.022120A1 |
| BitDefenderTheta | Gen:NN.ZexaF.36806.@FW@a0o855hi |
| VBA32 | BScope.TrojanPSW.Stealer |
| SentinelOne | Static AI - Malicious PE |
| MaxSecure | Trojan.Malware.300983.susgen |
| AVG | FileRepMalware |