Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 22, 2024, 5:18 p.m.	Sept. 22, 2024, 6:25 p.m.

Size	1.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d2d166937422f379e6dd15041d83af21`
SHA256	`c59da5938f667c04ca2ba3639b6cb3d5813fc189d4b2f412613b4bfa36ae0664`
CRC32	`F9A9E188`
ssdeep	`24576:mZGjH3HfO7fC0Nj3+8OioUMxW24Q7Q9p+Lz:mUrwP+8OiSWaOp+Lz`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format

audiodg.exe "C:\Users\test22\AppData\Local\Temp\audiodg.exe"
652

Name	Response	Post-Analysis Lookup
maan2u.com	A 112.137.173.77	112.137.173.77

IP Address	Status	Action
112.137.173.77	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49164 -> 112.137.173.77:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49164 -> 112.137.173.77:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 112.137.173.77:443 -> 192.168.56.103:49164	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 112.137.173.77:443 -> 192.168.56.103:49164	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49163 -> 112.137.173.77:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49163 -> 112.137.173.77:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49163 -> 112.137.173.77:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 112.137.173.77:443 -> 192.168.56.103:49163	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 112.137.173.77:443 -> 192.168.56.103:49163	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 22, 2024, 5:18 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.itext

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 22, 2024, 5:18 p.m.	stacktrace: 0x3587692 0x35876c5 0x35875e0 0x357e4a0 0x3592573 0x359c354 DriverCallback+0x4e waveOutOpen-0xa2e winmm+0x3af0 @ 0x74273af0 timeEndPeriod+0x54a timeKillEvent-0x57 winmm+0xa535 @ 0x7427a535 timeEndPeriod+0x449 timeKillEvent-0x158 winmm+0xa434 @ 0x7427a434 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 48553316 registers.edi: 1 registers.eax: 48553316 registers.ebp: 48553396 registers.edx: 0 registers.ebx: 48555120 registers.esi: 778876592 registers.ecx: 7	1	0	0

Allocates read-write-execute memory (usually to unpack itself) (50 out of 629 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02070000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 39999996 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480764 process_handle: 0xffffffff		3221225496

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 22, 2024, 5:18 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 180224 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x03571000 process_handle: 0xffffffff	1	0	0

Disables proxy possibly for traffic interception (1 event)

Time & API	Arguments	Status	Return	Repeated
RegSetValueExA Sept. 22, 2024, 5:18 p.m.	key_handle: 0x0000031c regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) value: 0 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	1	0	0

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Injuke.16!c
Cynet	Malicious (score: 99)
ALYac	Trojan.GenericKD.74112358
Cylance	Unsafe
VIPRE	Trojan.GenericKD.74112358
Sangfor	Downloader.Win32.Injuke.Vpzf
CrowdStrike	win/malicious_confidence_60% (D)
BitDefender	Trojan.GenericKD.74112358
K7GW	Trojan ( 005ba59a1 )
K7AntiVirus	Trojan ( 005ba59a1 )
Arcabit	Trojan.Generic.D46ADD66
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/TrojanDownloader.ModiLoader.AEV
Avast	Win32:MalwareX-gen [Trj]
Kaspersky	Trojan.Win32.Injuke.ohxv
Alibaba	Trojan:Win32/Injuke.643afae2
MicroWorld-eScan	Trojan.GenericKD.74112358
Rising	Downloader.Agent!1.EFE4 (CLASSIC)
Emsisoft	Trojan.GenericKD.74112358 (B)
F-Secure	Trojan.TR/AD.Nekark.dvynl
DrWeb	Trojan.Starter.8287
TrendMicro	Backdoor.Win32.REMCOS.YXEILZ
McAfeeD	ti!C59DA5938F66
CTX	exe.trojan.injuke
Sophos	Mal/Generic-S
FireEye	Trojan.GenericKD.74112358
Jiangmin	Backdoor.Remcos.ecb
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/AD.Nekark.dvynl
Antiy-AVL	Trojan/Win32.Injuke
Kingsoft	Win32.Trojan.Injuke.ohxv
Xcitium	Malware@#47qt3chbclmz
Microsoft	Trojan:Win32/Remcos.VAT!MTB
ZoneAlarm	Trojan.Win32.Injuke.ohxv
GData	Trojan.GenericKD.74112358
Varist	W32/Trojan.JVQF-5857
AhnLab-V3	Trojan/Win.Remcos.C5669884
McAfee	Artemis!D2D166937422
DeepInstinct	MALICIOUS
VBA32	TScope.Trojan.Delf
Malwarebytes	Malware.AI.4007074893
Ikarus	Trojan.Win32.Krypt
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Backdoor.Win32.REMCOS.YXEILZ
Tencent	Win32.Trojan.Injuke.Zylw
Yandex	Trojan.Igent.b2YTJ9.11
huorong	TrojanDownloader/Delf.bb

audiodg.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All