Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | July 10, 2024, 7:41 a.m. | July 10, 2024, 7:43 a.m. |
-
wev233v22.exe "C:\Users\test22\AppData\Local\Temp\wev233v22.exe"
316 -
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\libffi-7.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\python310.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\vcruntime140.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\sqlite3.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\libssl-1_1.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\libcrypto-1_1.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\python3.dll |
file | C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\stub.exe |
section | {u'size_of_data': u'0x00a9e000', u'virtual_address': u'0x00038000', u'entropy': 7.9991163329710195, u'name': u'.rsrc', u'virtual_size': u'0x00a9dff0'} | entropy | 7.99911633297 | description | A section with a high entropy has been found | |||||||||
entropy | 0.988183966552 | description | Overall entropy of this PE file is high |
file | C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\stub.exe |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win64.Agent.tsAU |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win64.Generic.vc |
ALYac | Trojan.GenericKD.73397491 |
Cylance | Unsafe |
VIPRE | Trojan.GenericKD.73397491 |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 005b752d1 ) |
BitDefender | Trojan.GenericKD.73397491 |
K7GW | Trojan ( 005b752d1 ) |
Arcabit | Trojan.Generic.D45FF4F3 |
VirIT | Trojan.Win64.Agent.GZC |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Python/Packed.PSW.Agent_AGen.A suspicious |
McAfee | Artemis!F7F9D3C98351 |
Avast | Win64:Evo-gen [Trj] |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Alibaba | TrojanPSW:Win64/Generic.29985e68 |
MicroWorld-eScan | Trojan.GenericKD.73397491 |
Rising | Trojan.Agent!8.B1E (CLOUD) |
Emsisoft | Trojan.GenericKD.73397491 (B) |
F-Secure | Trojan.TR/Agent.xaczf |
Zillya | Trojan.Alien.Win64.392 |
TrendMicro | Trojan.Win64.AMADEY.YXEGHZ |
McAfeeD | ti!7BB30C9B7598 |
FireEye | Trojan.GenericKD.73397491 |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Python.Psw |
Jiangmin | Trojan.PSW.Stealer.dnf |
Detected | |
Avira | TR/Agent.xaczf |
MAX | malware (ai score=81) |
Antiy-AVL | Trojan/Win64.Agent |
Gridinsoft | Malware.Win64.Gen.tr |
Microsoft | Trojan:Win32/Casdet!rfn |
ZoneAlarm | HEUR:Trojan.Win64.Agent.gen |
GData | Win32.Malware.Antis.NPTRMW |
DeepInstinct | MALICIOUS |
VBA32 | Trojan.Win64.Agent |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | Trojan.Win64.AMADEY.YXEGHZ |
Tencent | Win64.Trojan.Agent.Ytjl |
SentinelOne | Static AI - Malicious PE |
Fortinet | Riskware/Application |
AVG | Win64:Evo-gen [Trj] |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_100% (D) |
alibabacloud | Trojan:Python/Packed.PSW.Akgpp_DArY |