Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 18, 2024, 6:18 p.m. | June 18, 2024, 6:20 p.m. |
-
127pos.exe "C:\Users\test22\AppData\Local\Temp\127pos.exe"
2552
Name | Response | Post-Analysis Lookup |
---|---|---|
www.gdbaodao.cn | 14.19.217.34 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49161 -> 14.19.217.34:2002 | 2008350 | ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile | Potential Corporate Privacy Violation |
TCP 192.168.56.101:49161 -> 14.19.217.34:2002 | 2008350 | ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile | Potential Corporate Privacy Violation |
TCP 192.168.56.101:49161 -> 14.19.217.34:2002 | 2008350 | ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile | Potential Corporate Privacy Violation |
Suricata TLS
No Suricata TLS
name | RT_RCDATA | language | LANG_CHINESE | filetype | ISO-8859 text, with very long lines, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000d979c | size | 0x0000175f | ||||||||||||||||||
name | RT_RCDATA | language | LANG_CHINESE | filetype | ISO-8859 text, with very long lines, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000d979c | size | 0x0000175f | ||||||||||||||||||
name | RT_VERSION | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000dafb0 | size | 0x000001a0 | ||||||||||||||||||
name | RT_MANIFEST | language | LANG_CHINESE | filetype | XML 1.0 document, ASCII text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000db150 | size | 0x000001e1 |
Lionic | Trojan.Win32.Agent.Y!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 99) |
Skyhigh | BehavesLike.Win32.Injector.ch |
ALYac | Trojan.GenericKD.70790719 |
Cylance | Unsafe |
VIPRE | Trojan.GenericKD.70790719 |
Sangfor | Trojan.Win32.Agent.Vy75 |
K7AntiVirus | Riskware ( 00584baa1 ) |
BitDefender | Trojan.GenericKD.70790719 |
K7GW | Riskware ( 00584baa1 ) |
Cybereason | malicious.bc4f88 |
Arcabit | Trojan.Generic.D4382E3F |
Symantec | Trojan.Gen.MBT |
APEX | Malicious |
McAfee | Artemis!3445E5CBC4F8 |
Avast | Win32:Malware-gen |
ClamAV | Win.Malware.Autoit-7533156-0 |
Kaspersky | Trojan.Win32.Agent.xbibxg |
Alibaba | Trojan:Win32/Generic.520cd8a3 |
MicroWorld-eScan | Trojan.GenericKD.70790719 |
Emsisoft | Trojan.GenericKD.70790719 (B) |
F-Secure | Trojan.TR/Agent.sdpxi |
Zillya | Trojan.GenericTKA.Win32.190 |
McAfeeD | ti!9A388D2527A4 |
FireEye | Generic.mg.3445e5cbc4f883d4 |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Agent |
Jiangmin | Trojan.Pasta.ahk |
Webroot | W32.Malware.Gen |
Detected | |
Avira | TR/Agent.sdpxi |
MAX | malware (ai score=89) |
Antiy-AVL | Trojan/Win32.Pasta |
Kingsoft | Win32.Trojan.Agent.xbibxg |
Gridinsoft | Trojan.Win32.Agent.vb!s1 |
Xcitium | Malware@#1292zhclokdxu |
Microsoft | Trojan:Win32/Phonzy.A!ml |
ZoneAlarm | Trojan.Win32.Agent.xbibxg |
GData | Trojan.GenericKD.70790719 |
Varist | W32/ABRisk.FFEN-7417 |
DeepInstinct | MALICIOUS |
VBA32 | Backdoor.Bladabindi |
Malwarebytes | Generic.Malware.AI.DDS |
Panda | Trj/Chgt.AD |
MaxSecure | Win.MxResIcn.Heur.Gen |
Fortinet | W32/PossibleThreat |
AVG | Win32:Malware-gen |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_100% (W) |