ScreenShot
Created | 2021.06.25 14:07 | Machine | s1_win7_x6401 |
Filename | 48998.2017-07-31_69.06.43.vbs | ||
Type | ASCII text, with CRLF line terminators | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 37 detected (Nemucod, VBS01, LockyDownloader, druvzi, MaliciousEmail, CLASSIC, Malware@#2fr9nxoak1y59, Kriptik, S252, ai score=98, qexvmc) | ||
md5 | 876d628a42f354504873d1a4bdcbdb2a | ||
sha256 | 4f88054c9b880bed03cf5803cdc64d59fd4a96e00581407a7a8e4f3e29366b03 | ||
ssdeep | 96:p9EijpW8aSaXwdxg+Fg6e1N+lfLn+8Xo0lXdrmitpOhwWx4mpnviqS:VpW8Iwq637L4AfU/x4mtvbS | ||
imphash | |||
impfuzzy |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
watch | Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
watch | Wscript.exe initiated network communications indicative of a script based payload download |
watch | wscript.exe-based dropper (JScript |
notice | One or more potentially interesting buffers were extracted |
notice | Performs some HTTP requests |
Rules (0cnts)
Level | Name | Description | Collection |
---|