popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

32ja.exe

Emotet Generic Malware Malicious Library Confuser .NET UPX Malicious Packer Anti_VM ftp PE64 AntiDebug PE File DLL OS Processor Check PE32 ZIP Format AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 26, 2025, 2:21 p.m. April 26, 2025, 2:26 p.m.
Size 4.7MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 765e85042d83c00e6afcd972a51638d1
SHA256 86db694cf3e5543f9f2a405afeeb9bf113daf6b9f07ccfdb7a1f478c96e51076
CRC32 CB314EC8
ssdeep 98304:i5TJXv2bedNmNA9dRLC6ZfpaH/jztKgOdizi9+HnAlD/L:i1ObedNmSZZfQHO0ziQAlDj
PDB Path D:\haozip5.9.4\rczip\bin\Win32\release\pdb\HaoZip7zSetup.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • ConfuserEx_Zero - Confuser .NET
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
e.0000o.xyz
A 198.98.57.188
198.98.57.188
d.drawal.tk
IP Address Status Action
164.124.101.2 Active Moloch
198.98.57.188 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:54148 -> 164.124.101.2:53 2012811 ET DNS Query to a .tk domain - Likely Hostile Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488 .
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Ok.
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Ok.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Path not found - C:\Windows\IME\Microsof
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: ts\%windir%\IME\Microsofts
console_handle: 0x00000013
1 1 0

WriteConsoleW

 buffer: SUCCESS: The scheduled task "Microsoft\Windows\UPnP\Spoolsv" has successfully been created.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: if
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: not
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: exist "C:\Users\test22\AppData\Local\Temp\32ja.exe"
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: del
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\HZ~F2DB.tmp.bat
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: else
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ping
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 127.0.0.1 -n 2
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: del
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: "C:\Users\test22\AppData\Local\Temp\32ja.exe"
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\HZ~F2DB.tmp.bat
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: if
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: not
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: exist "C:\Users\test22\AppData\Local\Temp\32ja.exe"
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: del
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\HZ~F2DB.tmp.bat
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: else
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ping
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 127.0.0.1 -n 2
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: del
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: "C:\Users\test22\AppData\Local\Temp\32ja.exe"
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\HZ~F2DB.tmp.bat
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: The batch file cannot be found.
console_handle: 0x0000000b
1 1 0

WriteConsoleA

 buffer: Pinging 127.0.0.1
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: with 32 bytes of data:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Reply from 127.0.0.1:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: bytes=32
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: time<1ms
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: TTL=128
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Reply from 127.0.0.1:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: bytes=32
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: time<1ms
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: TTL=128
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
console_handle: 0x00000007
1 1 0
pdb_path D:\haozip5.9.4\rczip\bin\Win32\release\pdb\HaoZip7zSetup.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
Update+0xebe61 app_updater+0xece61 @ 0x4ece61
Update+0xfa2ee app_updater+0xfb2ee @ 0x4fb2ee
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: eb 09 cc 63 f3 96 65 dc 26 51 d0 c3 e9 51 ff ff
exception.symbol: Update+0x407ea app_updater+0x417ea
exception.instruction: jmp 0x4417f5
exception.module: app_updater.exe
exception.exception_code: 0x80000003
exception.offset: 268266
exception.address: 0x4417ea
registers.esp: 1638008
registers.edi: 0
registers.eax: 0
registers.ebp: 1638052
registers.edx: 582600
registers.ebx: 5
registers.esi: 6155296
registers.ecx: 6155296
1 0 0

__exception__

 stacktrace: 
0x246

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 1637020
registers.edi: 4648314
registers.eax: 460185112
registers.ebp: 1637020
registers.edx: 168
registers.ebx: 4415510
registers.esi: 1637256
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x246

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 33684284
registers.edi: 4648314
registers.eax: 460185112
registers.ebp: 33684284
registers.edx: 168
registers.ebx: 4415510
registers.esi: 33684520
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x256

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 40958776
registers.edi: 4648314
registers.eax: 528875662
registers.ebp: 40958776
registers.edx: 168
registers.ebx: 4415496
registers.esi: 40959012
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x256

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 43580204
registers.edi: 4648314
registers.eax: 528875662
registers.ebp: 43580204
registers.edx: 168
registers.ebx: 4415496
registers.esi: 43580440
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x256

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 39648056
registers.edi: 4648314
registers.eax: 238567363
registers.ebp: 39648056
registers.edx: 168
registers.ebx: 4415492
registers.esi: 39648292
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x256

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 42269500
registers.edi: 4648314
registers.eax: 1724737105
registers.ebp: 42269500
registers.edx: 168
registers.ebx: 4415488
registers.esi: 42269736
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x256

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 44890956
registers.edi: 4648314
registers.eax: 1724737105
registers.ebp: 44890956
registers.edx: 168
registers.ebx: 4415488
registers.esi: 44891192
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x246

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 33684284
registers.edi: 4648314
registers.eax: 460185112
registers.ebp: 33684284
registers.edx: 168
registers.ebx: 4415510
registers.esi: 33684520
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x256

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 40958776
registers.edi: 4648314
registers.eax: 528875662
registers.ebp: 40958776
registers.edx: 168
registers.ebx: 4415496
registers.esi: 40959012
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x256

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 43580204
registers.edi: 4648314
registers.eax: 528875662
registers.ebp: 43580204
registers.edx: 168
registers.ebx: 4415496
registers.esi: 43580440
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x256

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 39648056
registers.edi: 4648314
registers.eax: 238567363
registers.ebp: 39648056
registers.edx: 168
registers.ebx: 4415492
registers.esi: 39648292
registers.ecx: 1485149878
1 0 0

__exception__

 stacktrace: 
0x256

exception.instruction_r: 66 8b d0 8d 14 b5 00 00 00 00 8b d6 eb da 67 8e
exception.symbol: Update+0x6ae74 app_updater+0x6be74
exception.instruction: mov dx, ax
exception.module: app_updater.exe
exception.exception_code: 0x80000004
exception.offset: 441972
exception.address: 0x46be74
registers.esp: 42269500
registers.edi: 4648314
registers.eax: 1724737105
registers.ebp: 42269500
registers.edx: 168
registers.ebx: 4415488
registers.esi: 42269736
registers.ecx: 1485149878
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fb2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2620
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00510000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00540000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2620
region_size: 1576960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02060000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 65536
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76f20000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2620
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2620
region_size: 294912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 24576
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x759aa000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
process_handle: 0xffffffff
1 0 0
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000659f0 size 0x0000405e
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d0a0 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d0a0 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d0a0 size 0x00000468
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d9dc size 0x00000150
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d9dc size 0x00000150
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d9dc size 0x00000150
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0007755c size 0x0000015e
file C:\Windows\IME\Brypt\pcrecpp-0.dll
file C:\Windows\IME\Brypt\eteb-2.dll
file C:\Windows\IME\Brypt\tucl.dll
file C:\Windows\IME\Brypt\adfw.dll
file C:\Windows\IME\Brypt\coli-0.dll
file C:\Windows\IME\Brypt\zibe.dll
file C:\Windows\IME\Brypt\x64.dll
file C:\Windows\IME\Brypt\etebCore-2.x64.dll
file C:\Windows\IME\Brypt\posh.dll
file C:\Windows\IME\Brypt\etchCore-0.x64.dll
file C:\Windows\IME\Brypt\pcre-0.dll
file C:\Windows\IME\Brypt\cnli-1.dll
file C:\Windows\IME\Brypt\etch-0.dll
file C:\Windows\IME\Brypt\trfo-2.dll
file C:\Windows\IME\Brypt\trch-1.dll
file C:\Windows\IME\Brypt\riar.dll
file C:\Windows\IME\Brypt\posh-0.dll
file C:\Windows\IME\Brypt\ucl.dll
file C:\Windows\IME\Brypt\tucl-1.dll
file C:\Windows\IME\Brypt\exma.dll
file C:\Windows\IME\Brypt\trfo.dll
file C:\Windows\IME\Brypt\tibe-1.dll
file C:\Windows\IME\Brypt\crli-0.dll
file C:\Windows\IME\Brypt\esco-0.dll
file C:\Windows\IME\Brypt\ssleay32.dll
file C:\Windows\IME\Brypt\svchost.exe
file C:\Windows\IME\Brypt\etebCore-2.x86.dll
file C:\Windows\IME\Brypt\trfo-0.dll
file C:\Windows\IME\Brypt\cnli-0.dll
file C:\Windows\IME\Brypt\zlib1.dll
file C:\Windows\IME\Brypt\tibe.dll
file C:\Windows\IME\Brypt\libeay32.dll
file C:\Windows\IME\Brypt\exma-1.dll
file C:\Windows\IME\Brypt\dmgd-4.dll
file C:\Windows\IME\Brypt\pcla-0.dll
file C:\Windows\IME\Brypt\riar-2.dll
file C:\Windows\IME\Brypt\iconv.dll
file C:\Windows\IME\Brypt\dmgd-1.dll
file C:\Windows\IME\Brypt\libiconv-2.dll
file C:\Windows\IME\Microsofts\app_updater.exe
file C:\Windows\IME\Brypt\xdvl-0.dll
file C:\Users\test22\AppData\Local\Temp\HZ~F2DB.tmp.bat
file C:\Windows\IME\Brypt\libxml2.dll
file C:\Windows\IME\Brypt\out.dll
file C:\Windows\IME\Brypt\etchCore-0.x86.dll
file C:\Windows\IME\Brypt\adfw-2.dll
file C:\Windows\IME\Brypt\x86.dll
file C:\Windows\IME\Brypt\libcurl.dll
file C:\Windows\IME\Brypt\trch-0.dll
file C:\Windows\IME\Brypt\pcreposix-0.dll
Time & API Arguments Status Return Repeated

CreateServiceA

 service_start_name:
start_type: 2
password:
display_name: Oracle Corporation
filepath: C:\ProgramData\javaw.exe
service_name: Java(TM) Platform Sa 8
filepath_r: C:\ProgramData\javaw.exe
desired_access: 983551
service_handle: 0x005f02e8
error_control: 0
service_type: 272
service_manager_handle: 0x005f1748
1 6226664 0
cmdline C:\Windows\System32\cmd.exe /c "C:\Users\test22\AppData\Local\Temp\HZ~F2DB.tmp.bat"
cmdline schtasks.exe /create /ru system /sc onstart /tn Microsoft\Windows\UPnP\Spoolsv /F /TR %windir%\IME\Microsofts\spoolsvs.exe
cmdline "C:\Windows\System32\schtasks.exe" /create /ru system /sc onstart /tn Microsoft\Windows\UPnP\Spoolsv /F /TR %windir%\IME\Microsofts\spoolsvs.exe
cmdline "C:\Windows\system32\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\HZ~F2DB.tmp.bat"
cmdline C:\Windows\System32\cmd.exe /c del C:\Windows\IME\MICROS~1\APP_UP~1.EXE > nul
cmdline "C:\Windows\system32\cmd.exe" /c del C:\Windows\IME\MICROS~1\APP_UP~1.EXE > nul
file C:\Windows\IME\Microsofts\app_updater.exe
file C:\Windows\IME\Microsofts\spoolsvs.exe
file C:\Users\test22\AppData\Local\Temp\32ja.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Windows\system32\cmd.exe
parameters: /c "C:\Users\test22\AppData\Local\Temp\HZ~F2DB.tmp.bat"
filepath: C:\Windows\System32\cmd.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Windows\system32\cmd.exe
parameters: /c del C:\Windows\IME\MICROS~1\APP_UP~1.EXE > nul
filepath: C:\Windows\System32\cmd.exe
1 1 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
cmdline "C:\Windows\System32\netsh.exe" advfirewall set allprofiles state off
cmdline ping 127.0.0.1 -n 2
cmdline "C:\Windows\System32\netsh.exe" firewall set opmode disable
cmdline schtasks.exe /create /ru system /sc onstart /tn Microsoft\Windows\UPnP\Spoolsv /F /TR %windir%\IME\Microsofts\spoolsvs.exe
cmdline "C:\Windows\System32\schtasks.exe" /create /ru system /sc onstart /tn Microsoft\Windows\UPnP\Spoolsv /F /TR %windir%\IME\Microsofts\spoolsvs.exe
cmdline "C:\Windows\System32\attrib.exe" +s +h +r %windir%\IME\Microsofts\spoolsvs.exe
cmdline netsh.exe advfirewall set allprofiles state off
cmdline C:\Windows\System32\cmd.exe /c del C:\Windows\IME\MICROS~1\APP_UP~1.EXE > nul
cmdline netsh.exe firewall set opmode disable
cmdline "C:\Windows\system32\cmd.exe" /c del C:\Windows\IME\MICROS~1\APP_UP~1.EXE > nul
cmdline attrib.exe +s +h +r %windir%\IME\Microsofts\spoolsvs.exe
service_name Java(TM) Platform Sa 8 service_path C:\ProgramData\javaw.exe
cmdline schtasks.exe /create /ru system /sc onstart /tn Microsoft\Windows\UPnP\Spoolsv /F /TR %windir%\IME\Microsofts\spoolsvs.exe
cmdline "C:\Windows\System32\schtasks.exe" /create /ru system /sc onstart /tn Microsoft\Windows\UPnP\Spoolsv /F /TR %windir%\IME\Microsofts\spoolsvs.exe
cmdline "C:\Windows\System32\netsh.exe" advfirewall set allprofiles state off
cmdline netsh.exe advfirewall set allprofiles state off
Process injection Process 2548 resumed a thread in remote process 2992
Process injection Process 2620 resumed a thread in remote process 3712
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000028c
suspend_count: 1
process_identifier: 2992
1 0 0

NtResumeThread

 thread_handle: 0x00000220
suspend_count: 1
process_identifier: 3712
1 0 0
cmdline schtasks.exe /create /ru system /sc onstart /tn Microsoft\Windows\UPnP\Spoolsv /F /TR %windir%\IME\Microsofts\spoolsvs.exe
cmdline "C:\Windows\System32\schtasks.exe" /create /ru system /sc onstart /tn Microsoft\Windows\UPnP\Spoolsv /F /TR %windir%\IME\Microsofts\spoolsvs.exe
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.ShadowBrokers.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.GenericRI.S14127141
Skyhigh BehavesLike.Win32.PWSZbot.rc
ALYac Trojan.GenericKD.70600978
Cylance Unsafe
VIPRE Trojan.GenericKD.70600978
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.70600978
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Arcabit Trojan.Generic.D4354912
VirIT Trojan.Win32.Genus.XKA
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 multiple detections
APEX Malicious
Avast Other:Malware-gen [Trj]
ClamAV Win.Tool.Shadowbrokers-9800457-0
Kaspersky Trojan.Win32.ShadowBrokers.t
Alibaba Exploit:Win32/ShadowBrokers.15
NANO-Antivirus Trojan.Win32.Agent.erpjbl
MicroWorld-eScan Trojan.GenericKD.70600978
Rising Backdoor.Zegost!8.177 (CLOUD)
Emsisoft Trojan.GenericKD.70600978 (B)
F-Secure Trojan.TR/ShadowBrokers.bhlos
DrWeb BackDoor.PcClient.6599
Zillya Trojan.GenericKD.Win32.62840
TrendMicro TROJ_WMINE.SM
McAfeeD ti!86DB694CF3E5
Trapmine malicious.high.ml.score
CTX exe.trojan.shadowbrokers
Sophos Troj/Vools-AE
SentinelOne Static AI - Malicious SFX
Jiangmin Trojan.Antavmu.fjq
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1374668
Antiy-AVL GrayWare/Win32.SafeGuard.a
Kingsoft malware.kb.a.809
Gridinsoft Malware.Win32.Gen.sm!s1
Xcitium Malware@#yv6r777s7mb6
Microsoft Trojan:Win32/Vindor!pz
ZoneAlarm Troj/Vools-AE
GData Win32.Packed.NoobyProtect.B
Google Detected
AhnLab-V3 Trojan/Win.ShadowBrokers.C5488333
VBA32 TrojanDropper.Agent
DeepInstinct MALICIOUS
dead_host 198.98.57.188:7722
dead_host 192.168.56.1:445
dead_host 192.168.56.101:49172