e6569de917f84422439765b3a67ca971
Hash
- MD5: e6569de917f84422439765b3a67ca971
- SHA1: c9042ebf13db74e2e84a21a66eecd0c9470c28f9
- SHA256: cef3ba1bfec017bef5c3911a6a92a5feffe694c9d60db3ff2616f866ef7d45d8
- First Seen: 2026-06-03
- Last Seen: 2026-06-03
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "cef3ba1bfec017bef5c3911a6a92a5feffe694c9d60db3ff2616f866ef7d45d8",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/cef3ba1bfec017bef5c3911a6a92a5feffe694c9d60db3ff2616f866ef7d45d8"
},
"attributes": {
"type_description": "Win32 DLL",
"magic": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"last_analysis_date": 1780579248,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"detectiteasy": {
"filetype": "PE32",
"values": [
{
"info": "DLL32",
"version": "2013",
"type": "Compiler",
"name": "EP:Microsoft Visual C/C++"
},
{
"info": "LTCG/C++",
"version": "19.00.23026",
"type": "Compiler",
"name": "Microsoft Visual C/C++"
},
{
"version": "14.00.23026",
"type": "Linker",
"name": "Microsoft Linker"
},
{
"version": "2015",
"type": "Tool",
"name": "Visual Studio"
}
]
},
"sigma_analysis_results": [
{
"rule_level": "medium",
"rule_id": "4725cdcf2dfdd90c3aa0d331fae77d6ac8021c254701744a01444af04e9a0e69",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "Rundll32 Internet Connection",
"rule_description": "Detects a rundll32 that communicates with public IP addresses",
"rule_author": "Florian Roth (Nextron Systems)",
"match_context": [
{
"values": {
"SourceIsIpv6": "false",
"DestinationPort": "443",
"Initiated": "true",
"Protocol": "tcp",
"SourceIp": "172.16.1.4",
"DestinationIsIpv6": "false",
"EventID": "3",
"Image": "C:\\Windows\\SysWOW64\\rundll32.exe",
"SourcePort": "52956",
"DestinationIp": "112.175.14.211"
}
}
]
}
],
"sigma_analysis_summary": {
"Sigma Integrated Rule Set (GitHub)": {
"critical": 0,
"high": 0,
"medium": 1,
"low": 0
}
},
"reputation": 0,
"sigma_analysis_stats": {
"critical": 0,
"high": 0,
"medium": 1,
"low": 0
},
"type_tag": "pedll",
"last_analysis_stats": {
"malicious": 43,
"suspicious": 0,
"undetected": 27,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 1,
"type-unsupported": 4
},
"tlsh": "T123463350DCE4DCECFA2FCABE13627BAD427EB160C79444E3196C4C310CA5A816D67E66",
"magika": "PEBIN",
"last_modification_date": 1780626404,
"md5": "e6569de917f84422439765b3a67ca971",
"sha1": "c9042ebf13db74e2e84a21a66eecd0c9470c28f9",
"unique_sources": 1,
"names": [
"e6569de917f84422439765b3a67ca971.virus"
],
"meaningful_name": "e6569de917f84422439765b3a67ca971.virus",
"tags": [
"overlay",
"pedll",
"checks-cpu-name",
"detect-debug-environment"
],
"sha256": "cef3ba1bfec017bef5c3911a6a92a5feffe694c9d60db3ff2616f866ef7d45d8",
"pe_info": {
"timestamp": 1611567867,
"imphash": "099c2838bf3d16bc09a16158a4fddf45",
"machine_type": 332,
"entry_point": 40989,
"overlay": {
"chi2": 22673.53,
"filetype": "PDF",
"entropy": 7.996866226196289,
"offset": 143360,
"size": 5448479,
"md5": "2a9208959f6699a08de669e3d8496e94"
},
"sections": [
{
"name": ".text",
"chi2": 479342.84,
"virtual_address": 4096,
"flags": "rx",
"raw_size": 99328,
"entropy": 6.66,
"virtual_size": 98827,
"md5": "082bee20649e465c76a849f6534735fe"
},
{
"name": ".rdata",
"chi2": 1055670.12,
"virtual_address": 106496,
"flags": "r",
"raw_size": 30720,
"entropy": 5.4,
"virtual_size": 30488,
"md5": "d6fb85664bb36a2c50333703d78faa2a"
},
{
"name": ".data",
"chi2": 1046824.19,
"virtual_address": 139264,
"flags": "rw",
"raw_size": 5632,
"entropy": 1.51,
"virtual_size": 17864,
"md5": "592be43c1e9226185bee3686a393403c"
},
{
"name": ".rsrc",
"chi2": 130560.0,
"virtual_address": 159744,
"flags": "r",
"raw_size": 512,
"entropy": 0.0,
"virtual_size": 480,
"md5": "bf619eac0cdf3f68d496ea9344137e8b"
},
{
"name": ".reloc",
"chi2": 27957.0,
"virtual_address": 163840,
"flags": "r",
"raw_size": 6144,
"entropy": 6.6,
"virtual_size": 6116,
"md5": "07b6ab0dfd51733476c96102de54acda"
}
],
"exports": [
"_Initialize@4"
],
"compiler_product_versions": [
"[IMP] VS2008 SP1 build 30729 count=25",
"[---] Unmarked objects count=178",
"[LT+] VS2015 [14.0] build 23026 count=8",
"[EXP] VS2015 [14.0] build 23026 count=1",
"[RES] VS2015 [14.0] build 23026 count=1",
"[LNK] VS2015 [14.0] build 23026 count=1",
"id: 0xf1, version: 40116 count=9",
"id: 0xf3, version: 40116 count=127",
"id: 0xf2, version: 40116 count=24",
"id: 0x103, version: 23013 count=18",
"id: 0x105, version: 23013 count=29",
"id: 0x104, version: 23013 count=17"
],
"rich_pe_header_hash": "80a82eda570e3772c7b3ae37c4eb72c4",
"import_list": [
{
"library_name": "KERNEL32.dll",
"imported_functions": [
"CloseHandle",
"CopyFileW",
"CreateFileW",
"CreateMutexA",
"CreateProcessW",
"CreateThread",
"CreateToolhelp32Snapshot",
"DecodePointer",
"DeleteCriticalSection",
"DeleteFileW",
"EnterCriticalSection",
"ExitProcess",
"FileTimeToDosDateTime",
"FileTimeToLocalFileTime",
"FindClose",
"FindFirstFileW",
"FindNextFileW",
"FlushFileBuffers",
"FreeEnvironmentStringsW",
"FreeLibrary",
"GetACP",
"GetCommandLineA",
"GetCommandLineW",
"GetComputerNameW",
"GetConsoleCP",
"GetConsoleMode",
"GetCPInfo",
"GetCurrentDirectoryW",
"GetCurrentProcess",
"GetCurrentProcessId",
"GetCurrentThreadId",
"GetDiskFreeSpaceExA",
"GetDiskFreeSpaceExW",
"GetDriveTypeW",
"GetEnvironmentStringsW",
"GetExitCodeProcess",
"GetExitCodeThread",
"GetFileAttributesW",
"GetFileInformationByHandle",
"GetFileSize",
"GetFileTime",
"GetFileType",
"GetLastError",
"GetLocalTime",
"GetLogicalDrives",
"GetModuleFileNameW",
"GetModuleHandleExW",
"GetModuleHandleW",
"GetOEMCP",
"GetProcAddress",
"GetProcessHeap",
"GetProcessTimes",
"GetStartupInfoW",
"GetStdHandle",
"GetStringTypeW",
"GetSystemTimeAsFileTime",
"GetTempFileNameW",
"GetTempPathW",
"GetTickCount",
"HeapAlloc",
"HeapFree",
"HeapReAlloc",
"HeapSize",
"InitializeCriticalSection",
"InitializeCriticalSectionAndSpinCount",
"InitializeSListHead",
"InterlockedFlushSList",
"IsBadReadPtr",
"IsDebuggerPresent",
"IsProcessorFeaturePresent",
"IsValidCodePage",
"LCMapStringW",
"LeaveCriticalSection",
"LoadLibraryA",
"LoadLibraryExW",
"LocalAlloc",
"LocalFree",
"lstrcmpA",
"lstrcmpiW",
"lstrcmpW",
"lstrcpynW",
"lstrcpyW",
"lstrlenA",
"lstrlenW",
"Module32FirstW",
"MoveFileW",
"MultiByteToWideChar",
"OpenMutexW",
"OpenProcess",
"OutputDebugStringA",
"Process32FirstW",
"Process32NextW",
"QueryPerformanceCounter",
"RaiseException",
"ReadFile",
"RtlUnwind",
"SetCurrentDirectoryW",
"SetFilePointer",
"SetFilePointerEx",
"SetFileTime",
"SetLastError",
"SetStdHandle",
"SetUnhandledExceptionFilter",
"Sleep",
"TerminateProcess",
"TerminateThread",
"TlsAlloc",
"TlsFree",
"TlsGetValue",
"TlsSetValue",
"UnhandledExceptionFilter",
"VirtualAlloc",
"VirtualFree",
"VirtualProtect",
"WaitForSingleObject",
"WideCharToMultiByte",
"WriteConsoleW",
"WriteFile"
]
},
{
"library_name": "USER32.dll",
"imported_functions": [
"wsprintfW"
]
},
{
"library_name": "ADVAPI32.dll",
"imported_functions": [
"CreateProcessAsUserW",
"GetTokenInformation",
"GetUserNameW",
"LookupAccountSidW",
"OpenProcessToken",
"RegCloseKey",
"RegOpenKeyExW",
"RegQueryValueExW",
"RegSetValueExW",
"SystemFunction036"
]
},
{
"library_name": "SHELL32.dll",
"imported_functions": [
"SHGetFolderPathW"
]
},
{
"library_name": "OLEAUT32.dll",
"imported_functions": [
"SystemTimeToVariantTime"
]
},
{
"library_name": "Cabinet.dll",
"imported_functions": [
"Ord(10)",
"Ord(11)",
"Ord(13)",
"Ord(14)"
]
},
{
"library_name": "WININET.dll",
"imported_functions": [
"HttpAddRequestHeadersW",
"HttpOpenRequestW",
"HttpQueryInfoW",
"HttpSendRequestW",
"InternetCloseHandle",
"InternetConnectW",
"InternetOpenW",
"InternetQueryDataAvailable",
"InternetReadFile",
"InternetSetOptionW"
]
},
{
"library_name": "urlmon.dll",
"imported_functions": [
"ObtainUserAgentString"
]
},
{
"library_name": "SensApi.dll",
"imported_functions": [
"IsNetworkAlive"
]
},
{
"library_name": "WS2_32.dll",
"imported_functions": [
"closesocket",
"connect",
"htons",
"inet_addr",
"inet_ntoa",
"ioctlsocket",
"select",
"socket",
"WSAStartup"
]
},
{
"library_name": "WTSAPI32.dll",
"imported_functions": [
"WTSEnumerateSessionsW",
"WTSQueryUserToken"
]
},
{
"library_name": "IPHLPAPI.DLL",
"imported_functions": [
"GetAdaptersInfo"
]
}
]
},
"size": 5591839,
"last_submission_date": 1631926710,
"creation_date": 1611567867,
"first_seen_itw_date": 1639766673,
"trid": [
{
"file_type": "Win32 Dynamic Link Library (generic)",
"probability": 22.9
},
{
"file_type": "Win64 Executable (generic)",
"probability": 22.7
},
{
"file_type": "Win16 NE executable (generic)",
"probability": 17.5
},
{
"file_type": "Win32 Executable (generic)",
"probability": 15.7
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 7.0
}
],
"filecondis": {
"raw_md5": "f1a95bac91b386297ffaf0e318494179",
"dhash": "000000000e0d0c00"
},
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"pedll"
],
"sandbox_verdicts": {
"C2AE": {
"category": "undetected",
"sandbox_name": "C2AE",
"malware_classification": [
"UNKNOWN_VERDICT"
]
}
},
"times_submitted": 1,
"type_extension": "dll",
"ssdeep": "98304:2V7FJA8WnHnVF9fwTG2OvPAi/mK5PjZiL5R92w5hQ79dKebCyffhfYNhFDuwzy6G:NrH/l2OvCkPUb97hQ79dhCgfi/CkyOkH",
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260604",
"category": "malicious",
"result": "W32.Malware.220CD740"
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Win32.NukeSped.4!c"
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260603",
"category": "undetected",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260603",
"category": "malicious",
"result": "BehavesLike.Win32.Worm.tc"
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260604",
"category": "malicious",
"result": "Backdoor.Agent.status"
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Unsafe"
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5614",
"engine_update": "20260603",
"category": "malicious",
"result": "Trojan.NukeSped.Win32.395"
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Win32.Save.a"
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.55.59713",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan ( 0060bd8c1 )"
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "malicious",
"result": "Trojan:Win32/NukeSped.c4b3357e"
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.55.59714",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan ( 0060bd8c1 )"
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "malicious",
"result": "win/malicious_confidence_100% (W)"
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1220",
"engine_update": "20260603",
"category": "undetected",
"result": null
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260604",
"category": "malicious",
"result": "ML.Attribute.HighConfidence"
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.264",
"engine_update": "20260603",
"category": "malicious",
"result": "malicious (high confidence)"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260604",
"category": "malicious",
"result": "Win32/NukeSped.GT trojan"
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260604",
"category": "malicious",
"result": "TROJ_FRS.0NA103D626"
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260604",
"category": "malicious",
"result": "generic.ml"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260604",
"category": "malicious",
"result": "Malicious (score: 100)"
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Win32.Zenpak.bjwe"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Win32.Zenpak.jniric"
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260602",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260604",
"category": "malicious",
"result": "Malware.Win32.Gencirc.1440a305"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260604",
"category": "malicious",
"result": "Mal/Generic-S"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.TR/W32.Nukesped.GU"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260604",
"category": "malicious",
"result": "TROJ_FRS.0NA103D626"
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14833",
"engine_update": "20260604",
"category": "malicious",
"result": "Real Protect-LS!E6569DE917F8"
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "undetected",
"result": null
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260604",
"category": "malicious",
"result": "dll.trojan.nukesped"
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "ca9ca35:ca9ca35:cfcc2b7:cfcc2b7",
"engine_update": "20260603",
"category": "undetected",
"result": null
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Multi.fly"
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "undetected",
"result": null
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1780570866",
"engine_update": "20260604",
"category": "malicious",
"result": "Detected"
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260604",
"category": "malicious",
"result": "TR/W32.Nukesped.GU"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260604",
"category": "malicious",
"result": "Win32.Troj.Agent.cks"
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.247.174",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38701",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan:Win64/LoudEarplugs.B!dha"
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107283",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44787AVA:64.31362",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260604",
"category": "malicious",
"result": "W32/ABTrojan.QGOA-6563"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260604",
"category": "malicious",
"result": "Backdoor/Win.Agent.R697692"
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Zenpak"
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-06-04.02",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260604",
"category": "malicious",
"result": "MALICIOUS"
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.238",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260603",
"category": "undetected",
"result": null
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.783",
"engine_update": "20260604",
"category": "malicious",
"result": "Malicious"
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260604",
"category": "malicious",
"result": "Backdoor.[Lazarus]Copperhedge!1.13FD0 (CLASSIC)"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260603",
"category": "malicious",
"result": "Artemis!E6569DE917F8"
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "malicious",
"result": "Static AI - Suspicious PE"
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Malware.215116983.susgen"
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260604",
"category": "malicious",
"result": "W32/NukeSped.GT!tr"
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260604",
"category": "malicious",
"result": "Win32:Nukesped-GU [Trj]"
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260604",
"category": "malicious",
"result": "Win32:Nukesped-GU [Trj]"
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Trojan:Win/NukeSped.GT"
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.5.4.0",
"engine_update": "20260604",
"category": "failure",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260604",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260604-02",
"engine_update": "20260604",
"category": "type-unsupported",
"result": null
}
},
"authentihash": "adf0ad0fe1af57143604f1b855ebe155d841106d1cc57fbe418896e34eabd29b",
"vhash": "156056655d150560a8z769z15z11z1011za1z96z1",
"popular_threat_classification": {
"popular_threat_name": [
{
"value": "nukesped",
"count": 11
},
{
"value": "zenpak",
"count": 3
},
{
"value": "abtrojan",
"count": 1
}
],
"popular_threat_category": [
{
"value": "trojan",
"count": 22
},
{
"value": "worm",
"count": 1
}
],
"suggested_threat_label": "trojan.nukesped/zenpak"
},
"first_submission_date": 1631926710
}
}
}