windows_update.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | July 8, 2024, 9:40 a.m. | July 8, 2024, 9:43 a.m. |
-
windows_update.exe "C:\Users\test22\AppData\Local\Temp\windows_update.exe"
2656
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| section | {u'size_of_data': u'0x005a9c00', u'virtual_address': u'0x00a7a000', u'entropy': 7.892057871610188, u'name': u'UPX1', u'virtual_size': u'0x005aa000'} | entropy | 7.89205787161 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.999913785671 | description | Overall entropy of this PE file is high | |||||||||||
| section | UPX0 | description | Section name indicates UPX | ||||||
| section | UPX1 | description | Section name indicates UPX | ||||||
| section | UPX2 | description | Section name indicates UPX | ||||||
| Bkav | W64.AIDetectMalware |
| Lionic | Trojan.Win32.Generic.4!c |
| Cynet | Malicious (score: 100) |
| Cylance | Unsafe |
| Sangfor | Trojan.Win32.Save.a |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | malicious (moderate confidence) |
| ESET-NOD32 | a variant of WinGo/Kryptik.FF |
| APEX | Malicious |
| Paloalto | generic.ml |
| Rising | Trojan.Kryptik!8.8 (CLOUD) |
| DrWeb | Trojan.Siggen29.1328 |
| McAfeeD | ti!A14CF7FE50D0 |
| Sophos | Mal/Generic-S |
| Ikarus | Trojan.WinGo.Injector |
| Webroot | W32.Eb.Gen |
| Avira | TR/AVI.Agent.monnt |
| Antiy-AVL | GrayWare/Win32.Kryptik.ffp |
| Kingsoft | Win32.Troj.Unknown.a |
| Gridinsoft | Trojan.Win64.Kryptik.sa |
| ZoneAlarm | Backdoor.Win64.Supershell.cd |
| Detected | |
| DeepInstinct | MALICIOUS |
| Malwarebytes | Malware.AI.3056318976 |
| MaxSecure | Trojan.Malware.300983.susgen |
| Fortinet | W32/Kryptik.FF!tr |
| alibabacloud | Trojan:Multi/Kryptik.F# |