Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * ID: 885
- * MalFamily: "Glupteba"
- * MalScore: 10.0
- * File Name: "Exes_b2d284763fc98ace0eb9664d9de37951.exe"
- * File Size: 683008
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "866c0bb047386ac0c404050df4840ce99c99e59a9fa2aa69d0083dfc97804971"
- * MD5: "b2d284763fc98ace0eb9664d9de37951"
- * SHA1: "65a5a67ac0961e558fc0ebb3adfaf2c304b7c5bd"
- * SHA512: "98dfdb8865498cd7597b4747ad3fa5e926c52a6213684f6cf2bb62ec962eb29a58a1da99c41c88d9df274342dbccf12ad9083e44ffb3a3a16dd1d35559ce3837"
- * CRC32: "53FD3008"
- * SSDEEP: "12288:3FK1vCDOmToBAOvBzHSvYGXnHhJUWuI0NkN76VN9rGrfts0oEXiFnE22zoT1QnUb:136UF3LUrIx5/rls0oEyFL5Db"
- * Process Execution:
- "VdZit9q5QU.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "Behavioural detection: Executable code extraction",
- "Details":
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details":
- "section": "name: .text, entropy: 7.82, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0007f600, virtual_size: 0x0007f465"
- "Description": "File has been identified by 51 Antiviruses on VirusTotal as malicious",
- "Details":
- "Bkav": "W32.KillProcSMB.Worm"
- "MicroWorld-eScan": "Gen:Variant.Razy.348484"
- "FireEye": "Generic.mg.b2d284763fc98ace"
- "CAT-QuickHeal": "Trojan.Mauvaise.S3449555"
- "McAfee": "Trojan-FQGO!B2D284763FC9"
- "Cylance": "Unsafe"
- "SUPERAntiSpyware": "Hack.Tool/Gen-BitCoinMiner"
- "K7AntiVirus": "Trojan ( 005115a11 )"
- "K7GW": "Trojan ( 005115a11 )"
- "Cybereason": "malicious.63fc98"
- "Arcabit": "Trojan.Razy.D55144"
- "Invincea": "heuristic"
- "F-Prot": "W32/Glupteba.A.gen!Eldorado"
- "Symantec": "ML.Attribute.HighConfidence"
- "APEX": "Malicious"
- "Avast": "Win32:CrypterX-gen Trj"
- "ClamAV": "Win.Dropper.Glupteba-6973164-0"
- "Kaspersky": "HEUR:Trojan-Proxy.Win32.Glupteba.gen"
- "BitDefender": "Gen:Variant.Razy.348484"
- "Rising": "Trojan.Proxy-Glupteba!8.307D (TFE:5:LeiWt9taAbL)"
- "Ad-Aware": "Gen:Variant.Razy.348484"
- "Emsisoft": "Gen:Variant.Razy.348484 (B)"
- "Comodo": "TrojWare.Win32.Glupteba.BC@82zlxv"
- "F-Secure": "Trojan.TR/Crypt.XPACK.Gen2"
- "DrWeb": "Trojan.Proxy2.1436"
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.jc"
- "Sophos": "Troj/Glupteba-M"
- "Ikarus": "Trojan.Win32.Glupteba"
- "Cyren": "W32/Glupteba.A.gen!Eldorado"
- "Jiangmin": "TrojanProxy.Glupteba.adt"
- "Webroot": "W32.Trojan.Gen"
- "Avira": "TR/Crypt.XPACK.Gen2"
- "MAX": "malware (ai score=84)"
- "Antiy-AVL": "Trojan/Win32.Glupteba.a"
- "Microsoft": "Trojan:Win32/Glupteba"
- "Endgame": "malicious (high confidence)"
- "ZoneAlarm": "HEUR:Trojan-Proxy.Win32.Glupteba.gen"
- "GData": "Gen:Variant.Razy.348484"
- "AhnLab-V3": "Trojan/Win32.SmearPasse.R247805"
- "Acronis": "suspicious"
- "VBA32": "BScope.TrojanProxy.Glupteba"
- "ALYac": "Gen:Variant.Razy.348484"
- "Malwarebytes": "Trojan.BitCoinMiner"
- "ESET-NOD32": "a variant of Win32/Glupteba.BC"
- "SentinelOne": "DFI - Malicious PE"
- "Fortinet": "W32/Generic.AP.128842!tr"
- "MaxSecure": "Trojan.Win32.Glupteba"
- "AVG": "Win32:CrypterX-gen Trj"
- "Panda": "Trj/Genetic.gen"
- "CrowdStrike": "win/malicious_confidence_100% (D)"
- "Qihoo-360": "HEUR/QVM20.1.A57D.Malware.Gen"
- "Description": "Clamav Hits in Target/Dropped/SuriExtracted",
- "Details":
- "target": "clamav:Win.Dropper.Glupteba-6973164-0, sha256:866c0bb047386ac0c404050df4840ce99c99e59a9fa2aa69d0083dfc97804971, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- * Started Service:
- * Mutexes:
- * Modified Files:
- * Deleted Files:
- * Modified Registry Keys:
- * Deleted Registry Keys:
- * DNS Communications:
- * Domains:
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement