Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | July 9, 2024, 12:04 p.m. | July 9, 2024, 12:06 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .zinekac |
section | .rur |
section | .zareva |
resource name | DEMAFE |
name | DEMAFE | language | LANG_TURKISH | filetype | ASCII text, with very long lines, with no line terminators | sublanguage | SUBLANG_DEFAULT | offset | 0x000caee8 | size | 0x000003fa | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x000caa08 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x000caa08 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x000caa08 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x000caa08 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x000caa08 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x000caa08 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x000caa08 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_TURKISH | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x000caa08 | size | 0x00000468 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_TURKISH | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x000cae70 | size | 0x00000076 |
section | {u'size_of_data': u'0x00025000', u'virtual_address': u'0x00001000', u'entropy': 7.745706004674283, u'name': u'.text', u'virtual_size': u'0x00024f14'} | entropy | 7.74570600467 | description | A section with a high entropy has been found | |||||||||
entropy | 0.672727272727 | description | Overall entropy of this PE file is high |
Bkav | W32.AIDetectMalware |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.Corrupt.dc |
Cylance | Unsafe |
K7AntiVirus | Trojan ( 005afea61 ) |
K7GW | Trojan ( 005afea61 ) |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Avast | CrypterX-gen [Trj] |
Kaspersky | VHO:Trojan-PSW.Win32.Tepfer.gen |
Rising | Trojan.Generic@AI.98 (RDMK:cmRtazrZIZAMms6xzydGsCmls4Mj) |
McAfeeD | Real Protect-LS!019DEFE59B73 |
Trapmine | malicious.high.ml.score |
FireEye | Generic.mg.019defe59b733d4d |
Sophos | Troj/Krypt-AEE |
Detected | |
Kingsoft | malware.kb.a.1000 |
Microsoft | Program:Win32/Wacapew.C!ml |
ZoneAlarm | VHO:Trojan-PSW.Win32.Tepfer.gen |
AhnLab-V3 | Trojan/Win.PWSX-gen.R648805 |
BitDefenderTheta | Gen:NN.ZexaF.36808.nG0@auAdGFmG |
DeepInstinct | MALICIOUS |
SentinelOne | Static AI - Malicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
AVG | CrypterX-gen [Trj] |
CrowdStrike | win/malicious_confidence_100% (D) |