MicrosoftWordUpdater.log.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | Aug. 9, 2024, 4:15 p.m. | Aug. 9, 2024, 4:17 p.m. |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| section | _RDATA |
| section | {u'size_of_data': u'0x00032000', u'virtual_address': u'0x00016000', u'entropy': 7.700520334812183, u'name': u'.rdata', u'virtual_size': u'0x00031fb8'} | entropy | 7.70052033481 | description | A section with a high entropy has been found | |||||||||
| section | {u'size_of_data': u'0x00008800', u'virtual_address': u'0x0004d000', u'entropy': 7.962451466581888, u'name': u'.rsrc', u'virtual_size': u'0x00008738'} | entropy | 7.96245146658 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.717791411043 | description | Overall entropy of this PE file is high | |||||||||||
| Bkav | W64.AIDetectMalware |
| Elastic | malicious (moderate confidence) |
| Skyhigh | BehavesLike.Win64.Backdoor.fc |
| Cylance | Unsafe |
| Sangfor | Suspicious.Win32.Save.a |
| ESET-NOD32 | a variant of Win64/Agent.DZF |
| Rising | Trojan.Agent!8.B1E (CLOUD) |
| Trapmine | suspicious.low.ml.score |
| FireEye | Generic.mg.0d1dca5eaad49c2d |
| Detected | |
| AhnLab-V3 | Trojan/Win.Agent.R660345 |
| DeepInstinct | MALICIOUS |
| Malwarebytes | Malware.AI.1893956484 |
| Ikarus | Win32.Outbreak |
| Tencent | Win64.Trojan.Agent.Eflw |
| MaxSecure | Trojan.Malware.300983.susgen |
| Paloalto | generic.ml |
| CrowdStrike | win/malicious_confidence_100% (W) |