Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | March 11, 2021, 3:44 p.m. | March 11, 2021, 3:44 p.m. |
-
start.exea "C:\Users\test22\AppData\Local\Temp\start.exea"
900
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .wus |
section | .mep |
resource name | PUS |
section | {u'size_of_data': u'0x000ad200', u'virtual_address': u'0x00001000', u'entropy': 7.918815108081629, u'name': u'.text', u'virtual_size': u'0x000ad0c1'} | entropy | 7.91881510808 | description | A section with a high entropy has been found | |||||||||
entropy | 0.861854387057 | description | Overall entropy of this PE file is high |
url | http://www.openssl.org/support/faq.html |
url | http://www.i |
description | Code injection with CreateRemoteThread in a remote process | rule | inject_thread | ||||||
description | Create a windows service | rule | create_service | ||||||
description | Communications over UDP network | rule | network_udp_sock | ||||||
description | Listen for incoming communication | rule | network_tcp_listen | ||||||
description | Communications over P2P network | rule | network_p2p_win | ||||||
description | Communications over HTTP | rule | network_http | ||||||
description | File downloader/dropper | rule | network_dropper | ||||||
description | Communications over FTP | rule | network_ftp | ||||||
description | Communications over RAW socket | rule | network_tcp_socket | ||||||
description | Communications use DNS | rule | network_dns | ||||||
description | Communication using dga | rule | network_dga | ||||||
description | Escalade priviledges | rule | escalate_priv | ||||||
description | Take screenshot | rule | screenshot | ||||||
description | Run a keylogger | rule | keylogger | ||||||
description | Steal credential | rule | cred_local | ||||||
description | Record Audio | rule | sniff_audio | ||||||
description | APC queue tasks migration | rule | migrate_apc | ||||||
description | Malware can spread east-west using share drive | rule | spreading_share | ||||||
description | Create or check mutex | rule | win_mutex | ||||||
description | Affect system registries | rule | win_registry | ||||||
description | Affect system token | rule | win_token | ||||||
description | Affect private profile | rule | win_private_profile | ||||||
description | Affect private profile | rule | win_files_operation | ||||||
description | Match Winsock 2 API library declaration | rule | Str_Win32_Winsock2_Library | ||||||
description | Match Windows Inet API library declaration | rule | Str_Win32_Wininet_Library | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook |
Bkav | W32.AIDetect.malware1 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKDZ.73131 |
FireEye | Generic.mg.32f3be8697cbd7c4 |
CAT-QuickHeal | Trojanransom.Stop |
McAfee | Packed-GBF!32F3BE8697CB |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 005783f91 ) |
Alibaba | Ransom:Win32/generic.ali2000027 |
K7GW | Trojan ( 005783f91 ) |
Cybereason | malicious.697cbd |
Arcabit | Trojan.Generic.D11DAB |
BitDefenderTheta | Gen:NN.ZexaF.34608.YG0@aqqPEFhG |
Cyren | W32/Azorult.P.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
TrendMicro-HouseCall | TrojanSpy.Win32.RANSOM.USMANBP21 |
Avast | Win32:BotX-gen [Trj] |
ClamAV | Win.Dropper.Mokes-9835362-0 |
Kaspersky | HEUR:Trojan-Ransom.Win32.Stop.gen |
BitDefender | Trojan.GenericKDZ.73131 |
NANO-Antivirus | Trojan.Win32.Stop.imjfpm |
Paloalto | generic.ml |
ViRobot | Trojan.Win32.Z.Stop.823808 |
Tencent | Win32.Trojan.Raas.Auto |
Ad-Aware | Trojan.GenericKDZ.73131 |
Emsisoft | Trojan.Crypt (A) |
DrWeb | Trojan.Hosts.48251 |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TrojanSpy.Win32.RANSOM.USMANBP21 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.cc |
Sophos | Mal/Generic-S |
SentinelOne | Static AI - Malicious PE |
ESET-NOD32 | a variant of Win32/Kryptik.HJPL |
Webroot | W32.Trojan.Gen |
Avira | TR/AD.InstaBot.BH |
Gridinsoft | Trojan.Win32.Kryptik.vb |
Microsoft | Trojan:Win32/Azorult.MZ!MTB |
AegisLab | Trojan.Win32.Stop.j!c |
ZoneAlarm | HEUR:Trojan-Ransom.Win32.Stop.gen |
GData | Trojan.GenericKDZ.73131 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Malware/Gen.RL_Reputation.R367821 |
Acronis | suspicious |
VBA32 | BScope.Backdoor.Mokes |
ALYac | Trojan.Ransom.Stop |
MAX | malware (ai score=100) |
Malwarebytes | Trojan.MalPack.GS |
APEX | Malicious |
Rising | Ransom.Stop!8.10810 (C64:YzY0OnE6veYr8he4) |