Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * ID: 2081
- * MalFamily: ""
- * MalScore: 10.0
- * File Name: "NetWire_95209b69a3ce408ee83cfed4813959ee.exe"
- * File Size: 349241
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "70a6a53287d4cabd88fc48e5c03bd912e0449083ea9aad248cbeedf9766b9f28"
- * MD5: "95209b69a3ce408ee83cfed4813959ee"
- * SHA1: "ea3efeb5723e2bda2815b72c3aa39ee8736c3c4e"
- * SHA512: "84fd478ef5bfb2d5249403a5a1db75c1362dd48ab8ee02b1092d84e3da9b3d4a3a38970f4426dbc213d29ec54ca2221ef8258323b1563dd5a381530c28f6dbd2"
- * CRC32: "761CD616"
- * SSDEEP: "6144:O2LHLD7eHqQArem6Jrzssa/yCF0PG0RVrVtpbgWtReOYcUmGhK0hKC:pHCKQANWpfCF0O0RRFtRGcDGhthn"
- * Process Execution:
- "Kqb5Kf4RGy6.exe",
- "Kqb5Kf4RGy6.exe"
- * Executed Commands:
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Kqb5Kf4RGy6.exe\""
- * Signatures Detected:
- "Description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
- "Details":
- "Description": "Creates RWX memory",
- "Details":
- "Description": "A process attempted to delay the analysis task.",
- "Details":
- "Process": "Kqb5Kf4RGy6.exe tried to sleep 1200 seconds, actually delayed analysis time by 0 seconds"
- "Description": "Reads data out of its own binary image",
- "Details":
- "self_read": "process: Kqb5Kf4RGy6.exe, pid: 2244, offset: 0x00000000, length: 0x00055439"
- "Description": "A process created a hidden window",
- "Details":
- "Process": "Kqb5Kf4RGy6.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Kqb5Kf4RGy6.exe"
- "Description": "File has been identified by 39 Antiviruses on VirusTotal as malicious",
- "Details":
- "MicroWorld-eScan": "Gen:Variant.Ulise.66442"
- "McAfee": "RDN/Generic PWS.y"
- "Cybereason": "malicious.5723e2"
- "TrendMicro": "TROJ_GEN.R015C0WIE19"
- "Symantec": "ML.Attribute.HighConfidence"
- "APEX": "Malicious"
- "GData": "Gen:Variant.Ulise.66442"
- "Kaspersky": "Trojan.Win32.Agentb.jtgj"
- "BitDefender": "Gen:Variant.Ulise.66442"
- "NANO-Antivirus": "Trojan.Win32.Androm.fzbpwu"
- "Rising": "Trojan.Generic@ML.89 (RDMK:FodjC3ezCrx+hJzSsBYFsg)"
- "Endgame": "malicious (high confidence)"
- "Sophos": "Mal/Generic-S"
- "F-Secure": "Trojan.TR/Crypt.XPACK.Gen8"
- "DrWeb": "Trojan.PWS.Stealer.24943"
- "Invincea": "heuristic"
- "McAfee-GW-Edition": "BehavesLike.Win32.Dropper.fh"
- "FireEye": "Generic.mg.95209b69a3ce408e"
- "Emsisoft": "Gen:Variant.Ulise.66442 (B)"
- "Jiangmin": "AdWare.Generic.tarn"
- "Avira": "TR/Crypt.XPACK.Gen8"
- "MAX": "malware (ai score=89)"
- "Antiy-AVL": "Trojan/Win32.TrickBot"
- "Microsoft": "Trojan:Win32/Wacatac.B!ml"
- "Arcabit": "Trojan.Ulise.D1038A"
- "ZoneAlarm": "Trojan.Win32.Agentb.jtgj"
- "AhnLab-V3": "Malware/Win32.RL_Generic.R291441"
- "Acronis": "suspicious"
- "VBA32": "BScope.Trojan.Meterpreter"
- "ALYac": "Gen:Variant.Ulise.66442"
- "Ad-Aware": "Gen:Variant.Ulise.66442"
- "ESET-NOD32": "a variant of Win32/Kryptik.GWKW"
- "TrendMicro-HouseCall": "TROJ_GEN.R015C0WIE19"
- "Tencent": "Win32.Trojan.Agentb.Hrem"
- "Fortinet": "W32/GenKryptik.DQRR!tr"
- "AVG": "Win32:CrypterX-gen Trj"
- "Avast": "Win32:CrypterX-gen Trj"
- "CrowdStrike": "win/malicious_confidence_100% (D)"
- "Qihoo-360": "HEUR/QVM10.1.E7FB.Malware.Gen"
- * Started Service:
- * Mutexes:
- "RasPbFile",
- "UVUbOOMB"
- * Modified Files:
- * Deleted Files:
- * Modified Registry Keys:
- "HKEY_CURRENT_USER\\SOFTWARE\\NetWire",
- "HKEY_CURRENT_USER\\Software\\NetWire\\HostId",
- "HKEY_CURRENT_USER\\Software\\NetWire\\Install Date"
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "sweetmonez.warzonedns.com",
- "answers":
- * Domains:
- "ip": "212.7.192.243",
- "domain": "sweetmonez.warzonedns.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement