Helpstore.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Aug. 13, 2024, 9:42 a.m. | Aug. 13, 2024, 9:45 a.m. |
-
Helpstore.exe "C:\Users\test22\AppData\Local\Temp\Helpstore.exe"
2544
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| googlesharepoint.com | 152.32.201.190 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| resource name | TEST |
| file | C:\ProgramData\AviraProductFamily\avcenter.exe |
| file | C:\ProgramData\AviraProductFamily\ccwkrlib.dll |
| section | {u'size_of_data': u'0x00166c00', u'virtual_address': u'0x00021000', u'entropy': 7.934456465055119, u'name': u'.rsrc', u'virtual_size': u'0x00166a08'} | entropy | 7.93445646506 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.920757138274 | description | Overall entropy of this PE file is high | |||||||||||
| file | C:\ProgramData\AviraProductFamily\avcenter.exe |
| file | C:\ProgramData\AviraProductFamily\RES.RC |
| file | C:\ProgramData\AviraProductFamily\ccwkrlib.dll |
| Bkav | W32.AIDetectMalware |
| Lionic | Trojan.Win32.Agent.Y!c |
| Cynet | Malicious (score: 100) |
| Cylance | Unsafe |
| Sangfor | Trojan.Win32.Kryptik.Vake |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/Kryptik.HWQL |
| APEX | Malicious |
| Avast | FileRepMalware [Misc] |
| Kaspersky | HEUR:Trojan.Win32.Agent.gen |
| Alibaba | TrojanDropper:Win32/Kryptik.ab794673 |
| Rising | Trojan.Agent!8.B1E (TFE:5:gyxpKOOvVlE) |
| Zillya | Dropper.Agent.Win32.566594 |
| McAfeeD | ti!86EF578CA592 |
| Trapmine | malicious.moderate.ml.score |
| FireEye | Generic.mg.fc2aa8460ff7dd8a |
| Sophos | Mal/Generic-S |
| SentinelOne | Static AI - Suspicious PE |
| Jiangmin | Trojan.Agent.esyn |
| Detected | |
| Kingsoft | Win32.Trojan.Agent.gen |
| Microsoft | Trojan:Win32/Wacatac.B!ml |
| ZoneAlarm | HEUR:Trojan.Win32.Agent.gen |
| Varist | W32/ABTrojan.IHMJ-5816 |
| BitDefenderTheta | Gen:NN.ZexaF.36810.HvW@au2xsmoi |
| DeepInstinct | MALICIOUS |
| Malwarebytes | MachineLearning/Anomalous.96% |
| Ikarus | Trojan.Win32.Crypt |
| Tencent | Win32.Trojan.Agent.Kajl |
| MaxSecure | Trojan.Malware.300983.susgen |
| Fortinet | W32/Kryptik.HWQL!tr |
| AVG | FileRepMalware [Misc] |
| Paloalto | generic.ml |
| CrowdStrike | win/malicious_confidence_70% (W) |
| alibabacloud | Trojan:Win/Agent.gyf |
| dead_host | 192.168.56.101:49186 |
| dead_host | 192.168.56.101:49180 |
| dead_host | 192.168.56.101:49171 |
| dead_host | 192.168.56.101:49170 |
| dead_host | 192.168.56.101:49167 |
| dead_host | 192.168.56.101:49176 |
| dead_host | 192.168.56.1:8080 |
| dead_host | 192.168.56.101:49179 |
| dead_host | 192.168.56.101:49168 |
| dead_host | 192.168.56.1:1080 |
| dead_host | 192.168.56.101:49174 |
| dead_host | 152.32.201.190:80 |
| dead_host | 192.168.56.101:49173 |
| dead_host | 192.168.56.101:49177 |
| dead_host | 192.168.56.101:49183 |
| dead_host | 192.168.56.101:49185 |
| dead_host | 192.168.56.101:49182 |