Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 22, 2024, 3:12 p.m. | Sept. 22, 2024, 3:17 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
ref.tbfull.com | 47.76.175.95 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
packer | Armadillo v1.71 |
name | RT_MANIFEST | language | LANG_CHINESE | filetype | XML 1.0 document text | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00061058 | size | 0x0000028b |
cmdline | C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\test22\AppData\Local\Temp\svchost.exe > nul |
file | C:\Users\test22\AppData\Local\Temp\svchost.exe |
section | {u'size_of_data': u'0x0005f600', u'virtual_address': u'0x00001000', u'entropy': 7.875712132280748, u'name': u'.data', u'virtual_size': u'0x0005f415'} | entropy | 7.87571213228 | description | A section with a high entropy has been found | |||||||||
entropy | 0.997385620915 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\test22\AppData\Local\Temp\svchost.exe > nul |
cmdline | ping -n 2 127.0.0.1 |
host | 150.158.102.191 |
service_name | Euvwop Hijbc | service_path | C:\Windows\System32\Arstl.exe -auto |
dead_host | 47.76.175.95:14996 |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Generic.lbym |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Trojan.ZRI.S12023332 |
Skyhigh | BehavesLike.Win32.Generic.fc |
ALYac | Dump:Generic.KillMBR.A.3821C283 |
Cylance | Unsafe |
VIPRE | Dump:Generic.KillMBR.A.3821C283 |
Sangfor | Backdoor.Win32.Farfli.V78s |
CrowdStrike | win/malicious_confidence_100% (D) |
BitDefender | Dump:Generic.KillMBR.A.3821C283 |
K7GW | Trojan ( 005800661 ) |
K7AntiVirus | Trojan ( 005800661 ) |
Arcabit | Dump:Generic.KillMBR.A.3821C283 |
VirIT | Trojan.Win32.Rootkit.BGPI |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Farfli.DBU |
APEX | Malicious |
Avast | Win32:BackdoorX-gen [Trj] |
ClamAV | Win.Trojan.Farfli-7639977-0 |
Kaspersky | HEUR:Trojan.Win32.Generic |
Alibaba | Backdoor:Win32/Farfli.effa9c6f |
NANO-Antivirus | Trojan.Win32.Farfli.henrej |
MicroWorld-eScan | Dump:Generic.KillMBR.A.3821C283 |
Rising | Backdoor.Farfli!1.E02F (CLASSIC) |
Emsisoft | Dump:Generic.KillMBR.A.3821C283 (B) |
F-Secure | Trojan.TR/Dropper.Gen |
DrWeb | Trojan.Rootkit.22030 |
Zillya | Trojan.Farfli.Win32.34496 |
TrendMicro | TROJ_GEN.R002C0DHB24 |
McAfeeD | ti!1D83BDBA4198 |
CTX | exe.trojan.farfli |
Sophos | Troj/Farfli-EB |
SentinelOne | Static AI - Suspicious PE |
FireEye | Generic.mg.d2b9d12a630cf96b |
Jiangmin | Backdoor.Farfli.dmf |
Webroot | W32.Trojan.Gen |
Detected | |
Avira | TR/Dropper.Gen |
Antiy-AVL | Trojan/Win32.Farfli.ctt |
Kingsoft | Win32.Hack.Convagent.gen |
Microsoft | Backdoor:Win32/Farfli.BF!MTB |
ZoneAlarm | HEUR:Backdoor.Win32.Convagent.gen |
GData | Dump:Generic.KillMBR.A.3821C283 |
Varist | W32/Farfli.GY.gen!Eldorado |
AhnLab-V3 | Downloader/Win.WQ.C5657779 |
McAfee | GenericRXKB-WQ!D2B9D12A630C |
DeepInstinct | MALICIOUS |
VBA32 | Trojan.Rootkit |