Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 8, 2021, 11:27 a.m. | March 8, 2021, 11:29 a.m. |
-
netsh.exe netsh firewall add allowedprogram "C:\Users\test22\AppData\Local\Temp\Update.exe" "Update.exe" ENABLE
2256
Name | Response | Post-Analysis Lookup |
---|---|---|
gore.p-e.kr | 125.185.111.249 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
url | http://www.expedia.com/favicon.ico |
url | http://uk.ask.com/favicon.ico |
url | http://www.priceminister.com/ |
url | http://ru.wikipedia.org/ |
url | http://www.merlin.com.pl/favicon.ico |
url | http://www.cnet.com/favicon.ico |
url | http://search.nifty.com/ |
url | http://ns.adobe.com/exif/1.0/ |
url | http://www.etmall.com.tw/ |
url | http://search.goo.ne.jp/ |
url | http://fr.wikipedia.org/favicon.ico |
url | http://busca.estadao.com.br/favicon.ico |
url | http://search.hanafos.com/favicon.ico |
url | http://search.chol.com/favicon.ico |
url | http://amazon.fr/ |
url | http://www.amazon.co.jp/ |
url | http://www.mtv.com/favicon.ico |
url | http://busqueda.aol.com.mx/ |
url | http://search.live.com/results.aspx?FORM=SOLTDF |
url | http://msdn.microsoft.com/ |
url | http://msdn.microsoft.com/workshop/security/privacy/overview/privacyimportxml.asp) |
url | http://www.sify.com/favicon.ico |
url | http://yellowpages.superpages.com/ |
url | http://suche.freenet.de/ |
url | http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson |
url | http://search.aol.com/ |
url | http://browse.guardian.co.uk/ |
url | http://www.mercadolibre.com.mx/ |
url | http://www.asharqalawsat.com/ |
url | http://www.facebook.com/ |
url | http://si.wikipedia.org/favicon.ico |
url | http://www.rtl.de/favicon.ico |
url | http://search.msn.com/results.aspx?q= |
url | http://www.microsoft.com/pki/certs/MicrosoftWinPCA.crt0 |
url | http://search.naver.com/favicon.ico |
url | http://en.wikipedia.org/favicon.ico |
url | http://si.wikipedia.org/w/api.php?action=opensearch |
url | http://udn.com/favicon.ico |
url | http://rover.ebay.com |
url | http://search.ebay.fr/ |
url | http://www.univision.com/ |
url | http://pt.wikipedia.org/w/api.php?action=opensearch |
url | http://it.wikipedia.org/favicon.ico |
url | http://uk.ask.com/ |
url | http://www.google.co.uk/ |
url | http://cnweb.search.live.com/results.aspx?q= |
url | http://www.google.cz/ |
url | http://www.google.co.jp/ |
url | http://search.ebay.co.uk/ |
url | http://www.weather.com/ |
description | Code injection with CreateRemoteThread in a remote process | rule | inject_thread | ||||||
description | Create a windows service | rule | create_service | ||||||
description | Create a COM server | rule | create_com_service | ||||||
description | Communications over UDP network | rule | network_udp_sock | ||||||
description | Listen for incoming communication | rule | network_tcp_listen | ||||||
description | Communications over P2P network | rule | network_p2p_win | ||||||
description | Communications over HTTP | rule | network_http | ||||||
description | File downloader/dropper | rule | network_dropper | ||||||
description | Communications over FTP | rule | network_ftp | ||||||
description | Communications over RAW socket | rule | network_tcp_socket | ||||||
description | Communications use DNS | rule | network_dns | ||||||
description | Communication using dga | rule | network_dga | ||||||
description | Escalade priviledges | rule | escalate_priv | ||||||
description | Take screenshot | rule | screenshot | ||||||
description | Run a keylogger | rule | keylogger | ||||||
description | Steal credential | rule | cred_local | ||||||
description | Record Audio | rule | sniff_audio | ||||||
description | APC queue tasks migration | rule | migrate_apc | ||||||
description | Malware can spread east-west file | rule | spreading_file | ||||||
description | Malware can spread east-west using share drive | rule | spreading_share | ||||||
description | Create or check mutex | rule | win_mutex | ||||||
description | Affect system registries | rule | win_registry | ||||||
description | Affect system token | rule | win_token | ||||||
description | Affect private profile | rule | win_private_profile | ||||||
description | Affect private profile | rule | win_files_operation | ||||||
description | Match Winsock 2 API library declaration | rule | Str_Win32_Winsock2_Library | ||||||
description | Match Windows Inet API library declaration | rule | Str_Win32_Wininet_Library | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Disable Firewall | rule | disable_firewall | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | inject_thread | ||||||
description | Hijack network configuration | rule | hijack_network | ||||||
description | Create a windows service | rule | create_service | ||||||
description | Create a COM server | rule | create_com_service | ||||||
description | Communications over UDP network | rule | network_udp_sock | ||||||
description | Listen for incoming communication | rule | network_tcp_listen |
dead_host | 125.185.111.249:5555 |
Elastic | malicious (high confidence) |
DrWeb | Trojan.DownLoader21.44181 |
MicroWorld-eScan | Generic.MSIL.Bladabindi.814D18B9 |
CAT-QuickHeal | Backdoor.Bladabindi.B3 |
McAfee | Trojan-FIGN |
Cylance | Unsafe |
Zillya | Trojan.Bladabindi.Win32.72266 |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 700000121 ) |
Alibaba | Backdoor:MSIL/Bladabindi.fbd6c1c2 |
K7GW | Trojan ( 700000121 ) |
Cybereason | malicious.e2dea3 |
Arcabit | Generic.MSIL.Bladabindi.814D18B9 |
BitDefenderTheta | Gen:NN.ZemsilF.34590.cmW@a0DXh0o |
Cyren | W32/MSIL_Troj.AP.gen!Eldorado |
Symantec | Backdoor.Ratenjay!gen3 |
ESET-NOD32 | a variant of MSIL/Bladabindi.AR |
APEX | Malicious |
Avast | MSIL:Bladabindi-JK [Trj] |
ClamAV | Win.Trojan.B-468 |
Kaspersky | HEUR:Trojan.Win32.Generic |
BitDefender | Generic.MSIL.Bladabindi.814D18B9 |
NANO-Antivirus | Trojan.Win32.Autoruner2.ebrjyu |
Paloalto | generic.ml |
AegisLab | Trojan.Win32.Generic.4!c |
Tencent | Win32.Trojan.Generic.Dyqg |
Ad-Aware | Generic.MSIL.Bladabindi.814D18B9 |
Emsisoft | Generic.MSIL.Bladabindi.814D18B9 (B) |
Comodo | TrojWare.MSIL.Spy.Agent.CP@4pqytu |
F-Secure | Trojan.TR/ATRAPS.Gen |
Baidu | MSIL.Backdoor.Bladabindi.a |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | BKDR_BLADABI.SMC |
McAfee-GW-Edition | BehavesLike.Win32.Backdoor.nm |
FireEye | Generic.mg.808e1ade2dea30a7 |
Sophos | Mal/Generic-R + Troj/Bbindi-W |
Ikarus | Worm.MSIL.Bladabindi |
Jiangmin | TrojanDropper.Autoit.dce |
MaxSecure | Trojan.Malware.300983.susgen |
Avira | TR/ATRAPS.Gen |
MAX | malware (ai score=100) |
Antiy-AVL | Trojan[Backdoor]/MSIL.Bladabindi.as |
Microsoft | Backdoor:MSIL/Bladabindi.B |
ViRobot | Backdoor.Win32.Agent.37888.AL |
ZoneAlarm | HEUR:Trojan.Win32.Generic |
GData | MSIL.Trojan-Spy.Bladabindi.BQ |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win32.Korat.R207428 |
Acronis | suspicious |
VBA32 | Trojan.Downloader |