Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 30, 2024, 10:58 a.m. | Aug. 30, 2024, 11:23 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
45.33.6.223 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .vmp0 |
section | .vmp1 |
section | {u'size_of_data': u'0x00831200', u'virtual_address': u'0x0084b000', u'entropy': 7.9519917884491065, u'name': u'.vmp1', u'virtual_size': u'0x00831200'} | entropy | 7.95199178845 | description | A section with a high entropy has been found | |||||||||
entropy | 0.999880803385 | description | Overall entropy of this PE file is high |
section | .vmp0 | description | Section name indicates VMProtect | ||||||
section | .vmp1 | description | Section name indicates VMProtect |
host | 45.33.6.223 |
Bkav | W64.AIDetectMalware |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win64.Generic.rc |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
Symantec | ML.Attribute.HighConfidence |
tehtris | Generic.Malware |
ESET-NOD32 | a variant of Win64/Packed.VMProtect.L suspicious |
APEX | Malicious |
F-Secure | Heuristic.HEUR/AGEN.1315472 |
McAfeeD | Real Protect-LS!4B3659CDD58A |
FireEye | Generic.mg.4b3659cdd58a9f5c |
Sophos | Mal/VMProtBad-A |
SentinelOne | Static AI - Suspicious PE |
Detected | |
Avira | HEUR/AGEN.1315472 |
Microsoft | Program:Win32/Wacapew.C!ml |
DeepInstinct | MALICIOUS |
Ikarus | PUA.VMProtect |
CrowdStrike | win/malicious_confidence_90% (D) |