Skip to main content

ReversingLabs TitaniumCloud v2

This Integration is part of the ReversingLabs TitaniumCloud Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

ReversingLabs TitaniumCloud provides threat analysis data from various ReversingLabs cloud services.

Configure ReversingLabs TitaniumCloud v2 on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for ReversingLabs TitaniumCloud v2.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    ReversingLabs TitaniumCloud URLTrue
    CredentialsTrue
    PasswordTrue
    ReliabilityFalse
    Verify certificatesFalse
    HTTP proxy address with the protocol and port number.False
    HTTP proxy usernameFalse
    HTTP proxy passwordFalse
    HTTPS proxy address with the protocol and port number.False
    HTTPS proxy usernameFalse
    HTTPS proxy passwordFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

reversinglabs-titaniumcloud-file-reputation#


Retrieve File Reputation data from TitaniumCloud

Base Command#

reversinglabs-titaniumcloud-file-reputation

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.MD5UnknownBad hash found
File.SHA1UnknownBad hash SHA1
File.SHA256UnknownBad hash SHA256
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.file_reputationUnknown

Command example#

!reversinglabs-titaniumcloud-file-reputation hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Reliability": "C - Fairly reliable",
"Score": 3,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"Malicious": {
"Description": "antivirus - Win32.Ransomware.Tox",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"ReversingLabs": {
"file_reputation": {
"rl": {
"malware_presence": {
"classification": {
"family_name": "Tox",
"is_generic": false,
"platform": "Win32",
"type": "Ransomware"
},
"first_seen": "2015-05-30T22:04:00",
"last_seen": "2023-06-06T16:16:58",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"query_hash": {
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
"reason": "antivirus",
"scanner_count": 34,
"scanner_match": 32,
"scanner_percent": 94.11764526367188,
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"status": "MALICIOUS",
"threat_level": 5,
"threat_name": "Win32.Ransomware.Tox",
"trust_factor": 5
}
}
}
}
}

Human Readable Output#

ReversingLabs File Reputation for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

Classification: MALICIOUS Classification reason: antivirus First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:16:58 AV scanner hits / total number of scanners: 32 / 34 AV scanner hit percentage: 94.11764526367188% MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 Threat name: Win32.Ransomware.Tox Threat level: 5

reversinglabs-titaniumcloud-av-scanners#


Retrieve AV Scanner data from TitaniumCloud.

Base Command#

reversinglabs-titaniumcloud-av-scanners

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.MD5UnknownBad hash found
File.SHA1UnknownBad hash SHA1
File.SHA256UnknownBad hash SHA256
ReversingLabs.av_scannersUnknown

Command example#

!reversinglabs-titaniumcloud-av-scanners hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Score": 0,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"ReversingLabs": {
"av_scanners": {
"rl": {
"sample": {
"first_scanned_on": "2015-05-30T22:04:00",
"first_seen_on": "2015-05-30T22:04:00",
"last_scanned_on": "2023-06-06T16:15:00",
"last_seen_on": "2023-06-06T16:15:00",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"ripemd160": "d26f686b6af13b9073f77a1ba5a7b610934dc625",
"sample_size": 636416,
"sample_type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed",
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"sha384": "e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be",
"sha512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",
"single_scan": false,
"xref": [
{
"results": [
{
"result": "[TROJAN] Trojan/Win32.Toxic.R150440",
"scanner": "scanner1"
},
{
"result": "detected",
"scanner": "scanner2"
},
{
"result": "Win32:Malware-gen",
"scanner": "scanner3"
},
{
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C",
"scanner": "scanner4"
},
{
"result": "trojan",
"scanner": "scanner5"
},
{
"result": "PUA.Win.Packer.UpxProtector-1",
"scanner": "scanner6"
},
{
"result": "win/malicious_confidence_100",
"scanner": "scanner7"
},
{
"result": "malware.confidence_100",
"scanner": "scanner8"
},
{
"result": "Trojan.Encoder.1155",
"scanner": "scanner9"
},
{
"result": "malicious (moderate confidence)",
"scanner": "scanner10"
},
{
"result": "Detected",
"scanner": "scanner11"
},
{
"result": "W32/ToxKrypt.A!tr",
"scanner": "scanner12"
},
{
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C",
"scanner": "scanner13"
},
{
"result": "Trojan.Win32.Filecoder",
"scanner": "scanner15"
},
{
"result": "Trojan (0055e3ef1)",
"scanner": "scanner16"
},
{
"result": "Generic.Malware/Suspicious",
"scanner": "scanner17"
},
{
"result": "Ransom-Tox!11B48E409D96 (trojan)",
"scanner": "scanner18"
},
{
"result": "Ransom-Tox!11B48E409D96 (trojan)",
"scanner": "scanner19"
},
{
"result": "Artemis!3133C2231FCE (trojan)",
"scanner": "scanner20"
},
{
"result": "Ransom:Win32/Tocrypt.B",
"scanner": "scanner21"
},
{
"result": "Ransom:Win32/Tocrypt.B",
"scanner": "scanner22"
},
{
"result": "Trj/Genetic.gen",
"scanner": "scanner23"
},
{
"result": "Trj/Genetic.gen",
"scanner": "scanner24"
},
{
"result": "",
"scanner": "scanner25"
},
{
"result": "Ransom.Tocrypt!8.53B6",
"scanner": "scanner26"
},
{
"result": "Malware.Undefined!8.C",
"scanner": "scanner27"
},
{
"result": "DFI - Suspicious PE",
"scanner": "scanner28"
},
{
"result": "",
"scanner": "scanner29"
},
{
"result": "Mal/Generic-R",
"scanner": "scanner30"
},
{
"result": "Trojan.Gen.2",
"scanner": "scanner31"
},
{
"result": "Trojan.Gen.2",
"scanner": "scanner32"
},
{
"result": "TROJ_CRYPTOX.T",
"scanner": "scanner33"
},
{
"result": "TROJ_CRYPTOX.T",
"scanner": "scanner34"
},
{
"result": "SScope.Malware-Cryptor.Toxic",
"scanner": "scanner35"
}
],
"scanned_on": "2023-06-06T16:15:00",
"scanner_count": 37,
"scanner_match": 32,
"scanners": [
{
"name": "scanner1",
"timestamp": "2023-06-06T12:15:00",
"version": "scanner_version1"
},
{
"name": "scanner2",
"timestamp": "2023-06-06T14:55:00",
"version": "scanner_version2"
},
{
"name": "scanner3",
"timestamp": "2023-06-06T15:26:00",
"version": "scanner_version3"
},
{
"name": "scanner4",
"timestamp": "2023-06-06T15:44:00",
"version": "scanner_version4"
},
{
"name": "scanner5",
"timestamp": "2023-06-06T16:03:00",
"version": "scanner_version5"
},
{
"name": "scanner6",
"timestamp": "2023-06-06T09:09:00",
"version": "scanner_version6"
},
{
"name": "scanner7",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version7"
},
{
"name": "scanner8",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version8"
},
{
"name": "scanner9",
"timestamp": "2023-06-06T15:06:00",
"version": "scanner_version9"
},
{
"name": "scanner10",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version10"
},
{
"name": "scanner11",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version11"
},
{
"name": "scanner12",
"timestamp": "2023-06-06T15:06:00",
"version": "scanner_version12"
},
{
"name": "scanner13",
"timestamp": "2023-06-06T15:28:00",
"version": "scanner_version13"
},
{
"name": "scanner14",
"timestamp": "2023-06-06T15:25:00",
"version": "scanner_version14"
},
{
"name": "scanner15",
"timestamp": "2023-06-06T14:31:00",
"version": "scanner_version15"
},
{
"name": "scanner16",
"timestamp": "2023-06-06T15:44:00",
"version": "scanner_version16"
},
{
"name": "scanner17",
"timestamp": "2023-06-06T16:05:00",
"version": "scanner_version17"
},
{
"name": "scanner18",
"timestamp": "2023-06-06T15:46:00",
"version": "scanner_version18"
},
{
"name": "scanner19",
"timestamp": "2023-06-06T01:34:00",
"version": "scanner_version19"
},
{
"name": "scanner20",
"timestamp": "2023-06-06T15:46:00",
"version": "scanner_version20"
},
{
"name": "scanner21",
"timestamp": "2023-06-06T10:11:00",
"version": "scanner_version21"
},
{
"name": "scanner22",
"timestamp": "2023-06-06T12:28:00",
"version": "scanner_version22"
},
{
"name": "scanner23",
"timestamp": "2023-06-06T12:28:00",
"version": "scanner_version23"
},
{
"name": "scanner24",
"timestamp": "2023-06-06T15:00:00",
"version": "scanner_version24"
},
{
"name": "scanner25",
"timestamp": "2023-06-06T15:00:00",
"version": "scanner_version25"
},
{
"name": "scanner26",
"timestamp": "2023-06-05T23:53:00",
"version": "scanner_version26"
},
{
"name": "scanner27",
"timestamp": "2023-06-06T11:13:00",
"version": "scanner_version27"
},
{
"name": "scanner28",
"timestamp": "2023-06-06T11:13:00",
"version": "scanner_version28"
},
{
"name": "scanner29",
"timestamp": "2023-06-06T16:08:00",
"version": "scanner_version29"
},
{
"name": "scanner30",
"timestamp": "2023-06-06T16:08:00",
"version": "scanner_version30"
},
{
"name": "scanner31",
"timestamp": "2023-06-06T12:00:00",
"version": "scanner_version31"
},
{
"name": "scanner32",
"timestamp": "2023-06-06T11:53:00",
"version": "scanner_version32"
},
{
"name": "scanner33",
"timestamp": "2023-06-06T14:29:00",
"version": "scanner_version33"
},
{
"name": "scanner34",
"timestamp": "2023-06-06T11:53:00",
"version": "scanner_version34"
},
{
"name": "scanner35",
"timestamp": "2023-06-06T15:43:00",
"version": "scanner_version35"
},
{
"name": "scanner36",
"timestamp": "2023-06-06T15:43:00",
"version": "scanner_version36"
},
{
"name": "scanner37",
"timestamp": "2023-06-06T11:01:00",
"version": "scanner_version37"
}
]
}
]
}
}
}
}
}

Human Readable Output#

ReversingLabs AV Scan results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

First scanned on: 2015-05-30T22:04:00 First seen on: 2015-05-30T22:04:00 Last scanned on: 2023-06-06T16:15:00 Last seen on: 2023-06-06T16:15:00 Sample size: 636416 bytes Sample type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 SHA-512 hash: 205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f SHA-384 hash: e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be RIPEMD-160 hash: d26f686b6af13b9073f77a1ba5a7b610934dc625 Scanner count: 37 Scanner match: 32

Latest scan results#

resultscanner
[TROJAN] Trojan/Win32.Toxic.R150440scanner1
detectedscanner2
Win32:Malware-genscanner3
DeepScan:Generic.Ransom.WCryG.5BC9065Cscanner4
trojanscanner5
PUA.Win.Packer.UpxProtector-1scanner6
win/malicious_confidence_100scanner7
malware.confidence_100scanner8
Trojan.Encoder.1155scanner9
malicious (moderate confidence)scanner10
Detectedscanner11
W32/ToxKrypt.A!trscanner12
DeepScan:Generic.Ransom.WCryG.5BC9065Cscanner13
Trojan.Win32.Filecoderscanner14
Trojan (0055e3ef1)scanner15
Generic.Malware/Suspiciousscanner16
Ransom-Tox!11B48E409D96 (trojan)scanner17
Ransom-Tox!11B48E409D96 (trojan)scanner18
Artemis!3133C2231FCE (trojan)scanner19
Ransom:Win32/Tocrypt.Bscanner20
Ransom:Win32/Tocrypt.Bscanner21
Trj/Genetic.genscanner22
Trj/Genetic.genscanner23
scanner24
Ransom.Tocrypt!8.53B6scanner25
Malware.Undefined!8.Cscanner26
DFI - Suspicious PEscanner27
scanner28
Mal/Generic-Rscanner29
Trojan.Gen.2scanner30
Trojan.Gen.2scanner31
TROJ_CRYPTOX.Tscanner32
TROJ_CRYPTOX.Tscanner33
SScope.Malware-Cryptor.Toxicscanner34

reversinglabs-titaniumcloud-file-analysis#


Retrieve File Analysis by hash data from TitaniumCloud.

Base Command#

reversinglabs-titaniumcloud-file-analysis

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.MD5UnknownBad hash found
File.SHA1UnknownBad hash SHA1
File.SHA256UnknownBad hash SHA256
ReversingLabs.file_analysisUnknown

Command example#

!reversinglabs-titaniumcloud-file-analysis hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Score": 0,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"InfoFile": {
"EntryID": "7642@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "File Analysis report file for hash 21841b32c6165b27dddbd4d6eb3a672defe54271",
"Size": 422187,
"Type": "ASCII text, with very long lines"
},
"ReversingLabs": {
"file_analysis": {
"rl": {
"sample": {
"analysis": {
"entries": [
{
"analysis_type": "TC_REPORT",
"analysis_version": "3.0.1",
"record_time": "2021-06-17T14:15:17",
"tc_report": {
"info": {
"file": {
"file_subtype": "Exe",
"file_type": "PE"
},
"identification": {
"name": "UPX"
},
"validation": {
"valid": true
}
},
"interesting_strings": [
{
"category": "mailto",
"values": [
"O@0.0.0.2",
"d9@0.0.0.46",
"t@0.0.0.99"
]
}
],
"metadata": {
"application": {
"pe": {
"dos_header": {
"e_cblp": 3,
"e_cp": 0,
"e_cparhdr": 0,
"e_crlc": 4,
"e_cs": 64,
"e_csum": 0,
"e_ip": 0,
"e_lfanew": 128,
"e_lfarlc": 0,
"e_maxalloc": 0,
"e_minalloc": 65535,
"e_oemid": 0,
"e_oeminfo": 0,
"e_ovno": 0,
"e_res": "0000000000000000",
"e_res2": "0000000000000000000000000000000000000000",
"e_sp": 0,
"e_ss": 184,
"has_rich_header": true
},
"file_header": {
"characteristics": 783,
"machine": 332,
"number_of_sections": 3,
"number_of_symbols": 0,
"pointer_to_symbol_table": 0,
"size_of_optional_headers": 224,
"time_date_stamp": 1432851937,
"time_date_stamp_decoded": "Thu May 28 22:25:37 2015"
},
"imports": [
{
"apis": [
"CryptHashData"
],
"name": "ADVAPI32.dll"
},
{
"apis": [
"LoadLibraryA",
"GetProcAddress",
"VirtualProtect",
"VirtualAlloc",
"VirtualFree",
"ExitProcess"
],
"name": "KERNEL32.DLL"
},
{
"apis": [
"ShellExecuteA"
],
"name": "SHELL32.DLL"
},
{
"apis": [
"wsprintfA"
],
"name": "USER32.dll"
},
{
"apis": [
"InternetOpenA"
],
"name": "WININET.DLL"
},
{
"apis": [
"bind"
],
"name": "WS2_32.dll"
},
{
"apis": [
"_iob"
],
"name": "msvcrt.dll"
}
],
"optional_header": {
"address_of_entry_point": 2497408,
"base_of_code": 1880064,
"base_of_data": 2498560,
"checksum": 0,
"data_directories": [
{
"address": 0,
"size": 0
},
{
"address": 2515688,
"size": 480
},
{
"address": 2498560,
"size": 17128
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 2497904,
"size": 24
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
}
],
"dll_characteristics": 0,
"file_alignment": 512,
"image_base": 4194304,
"is_checksum_valid": false,
"loader_flags": 0,
"major_image_version": 1,
"major_linker_version": 2,
"major_os_version": 4,
"major_subsystem_version": 4,
"minor_image_version": 0,
"minor_linker_version": 24,
"minor_os_version": 0,
"minor_subsystem_version": 0,
"number_of_rva_and_sizes": 16,
"section_alignment": 4096,
"size_of_code": 618496,
"size_of_headers": 4096,
"size_of_heap_commit": 4096,
"size_of_heap_reserve": 1048576,
"size_of_image": 2519040,
"size_of_initialized_data": 20480,
"size_of_stack_commit": 4096,
"size_of_stack_reserve": 2097152,
"size_of_uninitialized_data": 1875968,
"subsystem": 2,
"win32_version_value": 0
},
"resources": [
{
"code_page": 0,
"language_id": 1033,
"language_id_name": "English - United States",
"name": "1",
"offset": 618664,
"size": 16936,
"type": "RT_ICON"
},
{
"code_page": 0,
"language_id": 1033,
"language_id_name": "English - United States",
"name": "A",
"offset": 635604,
"size": 20,
"type": "RT_GROUP_ICON"
}
],
"sections": [
{
"address": 4096,
"flags": 3758096512,
"name": "UPX0",
"offset": 512,
"size": 0
},
{
"address": 1880064,
"flags": 3758096448,
"name": "UPX1",
"offset": 512,
"size": 617984
},
{
"address": 2498560,
"flags": 3221225536,
"name": ".rsrc",
"offset": 618496,
"size": 17920
}
]
}
}
},
"story": "This file (SHA1: 21841b32c6165b27dddbd4d6eb3a672defe54271) is a 32-bit portable executable application. Additionally, it was identified as UPX 0.60-3.x executable packer, and unpacking was successful. The application uses the Windows graphical user interface (GUI) subsystem, while the language used is English from United States. Cryptography related data was found in the file. This application has access to networking and running processes and has cryptography and security related capabilities. There is one extracted file."
}
}
]
},
"crc32": "8704451d",
"dynamic_analysis": {
"entries": [
{
"dynamic_analysis_report_joe_sandbox": {
"analysed_on": "2023-05-18T11:55:15",
"joe_sandbox_version": "34.0.0",
"summary": {
"mutexes": [
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:168:WilStaging_02",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh",
"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:64:WilError_01",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:64:WilError_01",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:168:WilStaging_02",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:168:WilStaging_02",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:64:WilError_01",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem"
]
}
}
},
{
"dynamic_analysis_report": {
"analysed_on": "2021-03-04T09:12:25",
"cuckoo_version": "2.0",
"summary": {
"mutexes": [
"gcc-shmem-tdm2-mxattr_recursive_shmem",
"gcc-shmem-tdm2-_pthread_key_sch_shmem",
"gcc-shmem-tdm2-sjlj_once",
"gcc-shmem-tdm2-_pthread_key_dest_shmem",
"gcc-shmem-tdm2-pthr_root_shmem",
"gcc-shmem-tdm2-idListMax_shmem",
"gcc-shmem-tdm2-global_lock_spinlock",
"gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"gcc-shmem-tdm2-idListCnt_shmem",
"gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"gcc-shmem-tdm2-idList_shmem",
"gcc-shmem-tdm2-mutex_global_shmem",
"gcc-shmem-tdm2-rwl_global_shmem",
"gcc-shmem-tdm2-mutex_global_static_shmem",
"gcc-shmem-tdm2-_pthread_key_max_shmem",
"gcc-shmem-tdm2-idListNextId_shmem",
"gcc-shmem-tdm2-_pthread_tls_shmem",
"gcc-shmem-tdm2-_pthread_tls_once_shmem",
"toxcrypt",
"gcc-shmem-tdm2-fc_key",
"gcc-shmem-tdm2-once_global_shmem",
"gcc-shmem-tdm2-_pthread_key_lock_shmem",
"gcc-shmem-tdm2-init",
"gcc-shmem-tdm2-use_fc_key",
"gcc-shmem-tdm2-once_obj_shmem"
]
}
}
}
]
},
"imphash": "ff43c5463f31cbd4000b19e8beed1ef0",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"relationships": {
"container_sample_sha1": [
"50267628309d0e320d6ed25b198bb9a9a6181535",
"0656564814da810938c100e7fef5bf14cc8fa691",
"21841b32c6165b27dddbd4d6eb3a672defe54271",
"f0d94e01b7c39bcd7fbf901811bfc7d8ea49bc11"
],
"parent_sample_sha1": [
"0656564814da810938c100e7fef5bf14cc8fa691",
"f0d94e01b7c39bcd7fbf901811bfc7d8ea49bc11",
"50267628309d0e320d6ed25b198bb9a9a6181535"
]
},
"ripemd160": "d26f686b6af13b9073f77a1ba5a7b610934dc625",
"sample_size": 636416,
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"sha384": "e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be",
"sha512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",
"sources": {
"entries": [
{
"properties": [
{
"name": "file_name",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"
}
],
"record_time": "2021-06-17T14:14:37",
"tag": "reversing_labs"
},
{
"properties": [
{
"name": "file_name",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"
}
],
"record_time": "2021-04-19T11:08:27",
"tag": "external_feed"
},
{
"properties": [
{
"name": "file_name",
"value": "Tox.exe.0.dr"
},
{
"name": "cuckoo_parent",
"value": "0437e2a71065624b78d41701ba07aebb200f684f"
}
],
"record_time": "2020-12-09T22:13:13",
"tag": "reversing_labs"
},
{
"properties": [
{
"name": "file_name",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"
}
],
"record_time": "2020-01-29T08:39:40",
"tag": "reversing_labs"
},
{
"record_time": "2019-10-10T09:13:15",
"tag": "reversing_labs"
},
{
"record_time": "2018-08-01T09:01:06",
"tag": "reversing_labs"
},
{
"record_time": "2018-07-31T20:07:27",
"tag": "reversing_labs"
},
{
"record_time": "2018-07-29T19:12:10",
"tag": "reversing_labs"
},
{
"record_time": "2015-06-11T23:54:00",
"tag": "reversing_labs"
},
{
"record_time": "2015-05-31T18:03:33",
"tag": "reversing_labs"
}
]
},
"ssdeep": "12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl",
"xref": {
"entries": [
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-06-06T12:15:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-06-06T14:55:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-06-06T15:26:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-06-06T15:44:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-06-06T16:03:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-06-06T09:09:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-06-06T16:04:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-06-06T16:04:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-06-06T15:06:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-06-06T16:04:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-06-06T16:04:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-06-06T15:06:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-06-06T15:28:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-06-06T15:25:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-06-06T14:31:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-06-06T15:44:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-06-06T16:05:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-06-06T15:46:00",
"version": "avvdat-10733.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-06-06T01:34:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-06-06T15:46:00",
"version": "avvdat-10733.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-06-06T10:11:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-06-06T12:28:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-06-06T12:28:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-06-06T15:00:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-06-06T15:00:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-06-05T23:53:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-06-06T11:13:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-06-06T11:13:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-06-06T16:08:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-06-06T16:08:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-06-06T12:00:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-06-06T11:53:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-06-06T14:29:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-06-06T11:53:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-06-06T15:43:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-06-06T15:43:00",
"version": "hcoth1849195.zip"
},
{
"name": "vba32",
"timestamp": "2023-06-06T11:01:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-06-06T16:15:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Malware.Undefined!8.C"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-24T11:26:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-24T15:18:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-24T14:20:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-24T15:04:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-24T15:20:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-24T08:55:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-24T15:20:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-24T15:21:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-24T15:09:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-24T15:21:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-24T15:21:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-24T14:55:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-24T11:28:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-24T14:41:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-23T19:22:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-24T13:48:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-24T15:22:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-23T14:36:00",
"version": "avvdat-10719.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-24T12:31:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-23T14:36:00",
"version": "avvdat-10719.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-24T12:41:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-24T03:59:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-24T03:59:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-24T14:56:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-24T14:56:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-24T03:17:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-24T10:51:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-24T10:51:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-24T15:26:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-24T15:26:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-24T10:56:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-23T11:47:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-24T14:03:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-23T11:47:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-24T15:24:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-24T15:24:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-24T12:46:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-24T15:33:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-18T10:07:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-18T10:32:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-18T10:40:00",
"version": "avast_db.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-18T09:58:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-18T11:44:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-18T08:58:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-18T11:45:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-18T11:45:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-18T09:49:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-18T11:45:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-18T11:45:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-18T10:57:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-18T10:30:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-18T10:49:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-18T10:07:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-18T10:54:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-18T11:46:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-18T09:54:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-18T10:41:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-18T10:41:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-18T09:58:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-18T09:58:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-18T01:11:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-18T11:44:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-18T11:44:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-18T11:48:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-18T11:48:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-18T02:19:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-18T11:02:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-18T11:08:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-18T11:02:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-18T11:28:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-18T09:26:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-18T11:51:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Malware.AI.3162889180"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.HLLP.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-18T06:06:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-18T08:32:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-18T08:35:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-18T07:54:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-18T09:03:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-18T08:58:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-18T09:03:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-18T09:03:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-18T07:38:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-18T09:04:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-18T09:05:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-18T08:54:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-18T08:26:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-18T08:43:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-17T19:59:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-18T06:53:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-18T09:08:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-18T07:39:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-18T06:40:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-18T06:40:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-18T07:55:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-18T07:55:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-18T01:11:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-18T05:41:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-18T05:41:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-18T09:12:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-18T09:12:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-18T02:19:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-18T08:58:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-18T07:06:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-18T08:58:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-18T07:25:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-18T07:25:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-18T09:16:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-17T11:54:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-17T16:27:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-17T18:05:00",
"version": "avast_db.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-17T17:24:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-17T18:28:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-17T08:38:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-17T18:29:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-17T18:29:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-17T18:18:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-17T18:30:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-17T18:30:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-17T16:28:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-17T18:04:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-17T17:56:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-17T13:55:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-17T16:48:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-17T18:33:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-17T15:23:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-17T17:39:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-17T17:39:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-16T22:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-17T17:36:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-17T17:36:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-17T18:38:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-17T18:39:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-17T12:15:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-17T17:02:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-17T17:14:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-17T17:14:00",
"version": "hcoth1844995.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-17T18:49:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-17T11:54:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-17T16:27:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-17T16:00:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-17T15:20:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-17T17:03:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-17T08:38:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-17T17:03:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-17T17:03:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-17T16:07:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-17T17:03:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-17T17:03:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-17T16:28:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-17T16:01:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-17T15:50:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-17T13:55:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-17T16:48:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-17T17:04:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-17T15:23:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-17T15:37:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-17T15:37:00"