Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: ""
- * MalScore: 10.0
- * File Name: "Exes_d3d0667adf9feb014831fc7849c61802.exe"
- * File Size: 53760
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "bc841509b4733bde03e9a05d268f89792fc94f8071a1659fbc7bafd063cc9802"
- * MD5: "d3d0667adf9feb014831fc7849c61802"
- * SHA1: "b965ef09554abbdb12e30145512bf302461e88ce"
- * SHA512: "f7e7c76b97f682c947b3ecd407f7f6f8b4f618d819e053492afde2cf1bcfcadd7593a093d4b72c8bc92167849806b4d6eabb1024486ebc509d33738456161f9c"
- * CRC32: "25D47046"
- * SSDEEP: "768:aHyEBK+o6yMPqgRDMa6RwuFQXQ/61/4Jk8gqCfFC:aHL1Rt2/BpJkkUF"
- * Process Execution:
- "Exes_d3d0667adf9feb014831fc7849c61802.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details":
- "IP": "23.89.210.108:10257"
- "Description": "A process attempted to delay the analysis task.",
- "Details":
- "Process": "Exes_d3d0667adf9feb014831fc7849c61802.exe tried to sleep 901 seconds, actually delayed analysis time by 0 seconds"
- "Description": "File has been identified by 65 Antiviruses on VirusTotal as malicious",
- "Details":
- "Bkav": "W32.Svchobst.Trojan"
- "MicroWorld-eScan": "Trojan.Dropper.YRX"
- "FireEye": "Generic.mg.d3d0667adf9feb01"
- "CAT-QuickHeal": "Trojan.Mauvaise.SL1"
- "ALYac": "Trojan.Dropper.YRX"
- "Malwarebytes": "Trojan.Agent.QSS"
- "SUPERAntiSpyware": "Trojan.Agent/Gen-Morix"
- "CrowdStrike": "win/malicious_confidence_100% (W)"
- "Alibaba": "TrojanDropper:Win32/Dorifel.91adc65e"
- "K7GW": "Trojan ( 0049587e1 )"
- "K7AntiVirus": "Trojan ( 0049587e1 )"
- "Arcabit": "Trojan.Dropper.YRX"
- "Invincea": "heuristic"
- "Baidu": "Win32.Trojan.Agent.gr"
- "F-Prot": "W32/S-d71876f0!Eldorado"
- "Symantec": "Trojan.Gen.MBT"
- "TotalDefense": "Win32/Tnega.TIYXbaD"
- "APEX": "Malicious"
- "Avast": "Win32:Nitol-B Trj"
- "ClamAV": "Win.Malware.Yoddos-6992402-0"
- "Kaspersky": "Trojan-Dropper.Win32.Dorifel.axfp"
- "BitDefender": "Trojan.Dropper.YRX"
- "NANO-Antivirus": "Trojan.Win32.Click3.ctkwdy"
- "Paloalto": "generic.ml"
- "AegisLab": "Trojan.Win32.Patched.lNhi"
- "Tencent": "Win32.Trojan-dropper.Dorifel.Wsjo"
- "Ad-Aware": "Trojan.Dropper.YRX"
- "Sophos": "Mal/Generic-S"
- "Comodo": "TrojWare.Win32.Dynamer.JLS@5s363p"
- "F-Secure": "Trojan.TR/Graftor.ytsgd"
- "DrWeb": "Trojan.Click3.28277"
- "Zillya": "Trojan.Agent.Win32.460378"
- "TrendMicro": "TROJ_YODDOS.SMR"
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.qt"
- "Emsisoft": "Trojan.Dropper.YRX (B)"
- "SentinelOne": "DFI - Malicious PE"
- "Cyren": "W32/QQhelper.C.gen!Eldorado"
- "Jiangmin": "Trojan/Generic.baish"
- "Webroot": "W32.Malware.Gen"
- "Avira": "TR/Graftor.ytsgd"
- "Antiy-AVL": "Trojan/Win32.AGeneric"
- "Microsoft": "Trojan:Win32/Togapy.A!bit"
- "Endgame": "malicious (high confidence)"
- "ViRobot": "Trojan.Win32.Ransom.53760.B"
- "ZoneAlarm": "Trojan-Dropper.Win32.Dorifel.axfp"
- "GData": "Trojan.Dropper.YRX"
- "TACHYON": "Trojan/W32.Agent.53760.AGX"
- "AhnLab-V3": "Trojan/Win32.Downloader.R97609"
- "Acronis": "suspicious"
- "McAfee": "DoS-FAR!D3D0667ADF9F"
- "MAX": "malware (ai score=96)"
- "VBA32": "BScope.Trojan.Bulta"
- "Cylance": "Unsafe"
- "Zoner": "Trojan.Win32.29069"
- "ESET-NOD32": "a variant of Win32/Agent.VOM"
- "TrendMicro-HouseCall": "TROJ_YODDOS.SMR"
- "Rising": "Trojan.Farfli!1.65C0 (CLASSIC)"
- "Yandex": "Trojan.Graftor!Yk/ayiYcGzo"
- "Ikarus": "Trojan.Win32.Togapy"
- "eGambit": "Unsafe.AI_Score_91%"
- "Fortinet": "W32/Agent.VOM!tr"
- "AVG": "Win32:Nitol-B Trj"
- "Cybereason": "malicious.adf9fe"
- "Panda": "Trj/Genetic.gen"
- "Qihoo-360": "HEUR/QVM41.2.5815.Malware.Gen"
- "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
- "Details":
- "Description": "Clamav Hits in Target/Dropped/SuriExtracted",
- "Details":
- "target": "clamav:Win.Malware.Yoddos-6992402-0, sha256:bc841509b4733bde03e9a05d268f89792fc94f8071a1659fbc7bafd063cc9802, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "Description": "Anomalous binary characteristics",
- "Details":
- "anomaly": "Actual checksum does not match that reported in PE header"
- * Started Service:
- * Mutexes:
- "lz1.f3322.net:10257",
- "DBWinMutex"
- * Modified Files:
- * Deleted Files:
- * Modified Registry Keys:
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "lz1.f3322.net",
- "answers":
- "data": "23.89.210.108",
- "type": "A"
- * Domains:
- "ip": "23.89.210.108",
- "domain": "lz1.f3322.net"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement