VirusTotal CLI, a tool designed for those who love both VirusTotal and command-line interfaces. With this tool you can do everything you'd normally do using the VirusTotal's web page.
you will need a VirusTotal API key.
Version 1.0.0: Stable version Latest, windows 32/64b
https://github.com/VirusTotal/vt-cli/releases
vt.exe --help > vt-help.txt
vt.exe version
example url ... "https://shrinke.me"
vt --apikey "4f955033788--you-apikey---f95503378825a97415" url "https://shrinke.me"
result ...
Code: Select all
- _id: "e2a2a59cfa4ba09845ac3fcb35d210c29babe0983ea4e62e8e02d3bd7abb3d52"
_type: "url"
categories:
BitDefender: "business"
Dr.Web: "known infection source"
Forcepoint ThreatSeeker: "information technology"
Xcitium Verdict Cloud: "online storage"
alphaMountain.ai: "Information Technology, Suspicious (alphaMountain.ai)"
first_submission_date: 1556121053 # 2019-04-24 08:50:53 -0700 CST
html_meta:
viewport:
- "width=device-width, initial-scale=1"
last_analysis_date: 1701879085 # 2023-12-06 09:11:25 -0700 CST
last_analysis_results:
"0xSI_f33d":
category: "undetected"
engine_name: "0xSI_f33d"
method: "blacklist"
result: "unrated"
ADMINUSLabs:
category: "harmless"
engine_name: "ADMINUSLabs"
method: "blacklist"
result: "clean"
AILabs (MONITORAPP):
category: "harmless"
engine_name: "AILabs (MONITORAPP)"
method: "blacklist"
result: "clean"
Abusix:
category: "harmless"
engine_name: "Abusix"
method: "blacklist"
result: "clean"
Acronis:
category: "harmless"
engine_name: "Acronis"
method: "blacklist"
result: "clean"
AlienVault:
category: "harmless"
engine_name: "AlienVault"
method: "blacklist"
result: "clean"
AlphaSOC:
category: "undetected"
engine_name: "AlphaSOC"
method: "blacklist"
result: "unrated"
Antiy-AVL:
category: "harmless"
engine_name: "Antiy-AVL"
method: "blacklist"
result: "clean"
ArcSight Threat Intelligence:
category: "undetected"
engine_name: "ArcSight Threat Intelligence"
method: "blacklist"
result: "unrated"
Artists Against 419:
category: "harmless"
engine_name: "Artists Against 419"
method: "blacklist"
result: "clean"
AutoShun:
category: "undetected"
engine_name: "AutoShun"
method: "blacklist"
result: "unrated"
Avira:
category: "harmless"
engine_name: "Avira"
method: "blacklist"
result: "clean"
Bfore.Ai PreCrime:
category: "harmless"
engine_name: "Bfore.Ai PreCrime"
method: "blacklist"
result: "clean"
BitDefender:
category: "harmless"
engine_name: "BitDefender"
method: "blacklist"
result: "clean"
Bkav:
category: "undetected"
engine_name: "Bkav"
method: "blacklist"
result: "unrated"
BlockList:
category: "harmless"
engine_name: "BlockList"
method: "blacklist"
result: "clean"
Blueliv:
category: "harmless"
engine_name: "Blueliv"
method: "blacklist"
result: "clean"
CINS Army:
category: "harmless"
engine_name: "CINS Army"
method: "blacklist"
result: "clean"
CMC Threat Intelligence:
category: "harmless"
engine_name: "CMC Threat Intelligence"
method: "blacklist"
result: "clean"
CRDF:
category: "harmless"
engine_name: "CRDF"
method: "blacklist"
result: "clean"
Certego:
category: "harmless"
engine_name: "Certego"
method: "blacklist"
result: "clean"
Chong Lua Dao:
category: "harmless"
engine_name: "Chong Lua Dao"
method: "blacklist"
result: "clean"
Cluster25:
category: "undetected"
engine_name: "Cluster25"
method: "blacklist"
result: "unrated"
Criminal IP:
category: "harmless"
engine_name: "Criminal IP"
method: "blacklist"
result: "clean"
CrowdSec:
category: "undetected"
engine_name: "CrowdSec"
method: "blacklist"
result: "unrated"
CyRadar:
category: "malicious"
engine_name: "CyRadar"
method: "blacklist"
result: "malicious"
Cyan:
category: "undetected"
engine_name: "Cyan"
method: "blacklist"
result: "unrated"
Cyble:
category: "harmless"
engine_name: "Cyble"
method: "blacklist"
result: "clean"
DNS8:
category: "harmless"
engine_name: "DNS8"
method: "blacklist"
result: "clean"
Dr.Web:
category: "malicious"
engine_name: "Dr.Web"
method: "blacklist"
result: "malicious"
ESET:
category: "harmless"
engine_name: "ESET"
method: "blacklist"
result: "clean"
ESTsecurity:
category: "harmless"
engine_name: "ESTsecurity"
method: "blacklist"
result: "clean"
EmergingThreats:
category: "harmless"
engine_name: "EmergingThreats"
method: "blacklist"
result: "clean"
Emsisoft:
category: "harmless"
engine_name: "Emsisoft"
method: "blacklist"
result: "clean"
Ermes:
category: "undetected"
engine_name: "Ermes"
method: "blacklist"
result: "unrated"
Feodo Tracker:
category: "harmless"
engine_name: "Feodo Tracker"
method: "blacklist"
result: "clean"
Forcepoint ThreatSeeker:
category: "harmless"
engine_name: "Forcepoint ThreatSeeker"
method: "blacklist"
result: "clean"
Fortinet:
category: "harmless"
engine_name: "Fortinet"
method: "blacklist"
result: "clean"
G-Data:
category: "harmless"
engine_name: "G-Data"
method: "blacklist"
result: "clean"
Google Safebrowsing:
category: "harmless"
engine_name: "Google Safebrowsing"
method: "blacklist"
result: "clean"
GreenSnow:
category: "harmless"
engine_name: "GreenSnow"
method: "blacklist"
result: "clean"
Heimdal Security:
category: "harmless"
engine_name: "Heimdal Security"
method: "blacklist"
result: "clean"
IPsum:
category: "harmless"
engine_name: "IPsum"
method: "blacklist"
result: "clean"
Juniper Networks:
category: "harmless"
engine_name: "Juniper Networks"
method: "blacklist"
result: "clean"
K7AntiVirus:
category: "harmless"
engine_name: "K7AntiVirus"
method: "blacklist"
result: "clean"
Kaspersky:
category: "harmless"
engine_name: "Kaspersky"
method: "blacklist"
result: "clean"
Lionic:
category: "harmless"
engine_name: "Lionic"
method: "blacklist"
result: "clean"
Lumu:
category: "undetected"
engine_name: "Lumu"
method: "blacklist"
result: "unrated"
MalwarePatrol:
category: "harmless"
engine_name: "MalwarePatrol"
method: "blacklist"
result: "clean"
Malwared:
category: "harmless"
engine_name: "Malwared"
method: "blacklist"
result: "clean"
Netcraft:
category: "undetected"
engine_name: "Netcraft"
method: "blacklist"
result: "unrated"
OpenPhish:
category: "harmless"
engine_name: "OpenPhish"
method: "blacklist"
result: "clean"
PREBYTES:
category: "harmless"
engine_name: "PREBYTES"
method: "blacklist"
result: "clean"
PhishFort:
category: "undetected"
engine_name: "PhishFort"
method: "blacklist"
result: "unrated"
PhishLabs:
category: "undetected"
engine_name: "PhishLabs"
method: "blacklist"
result: "unrated"
Phishing Database:
category: "harmless"
engine_name: "Phishing Database"
method: "blacklist"
result: "clean"
Phishtank:
category: "harmless"
engine_name: "Phishtank"
method: "blacklist"
result: "clean"
PrecisionSec:
category: "undetected"
engine_name: "PrecisionSec"
method: "blacklist"
result: "unrated"
Quick Heal:
category: "harmless"
engine_name: "Quick Heal"
method: "blacklist"
result: "clean"
Quttera:
category: "harmless"
engine_name: "Quttera"
method: "blacklist"
result: "clean"
Rising:
category: "harmless"
engine_name: "Rising"
method: "blacklist"
result: "clean"
SCUMWARE.org:
category: "harmless"
engine_name: "SCUMWARE.org"
method: "blacklist"
result: "clean"
SOCRadar:
category: "undetected"
engine_name: "SOCRadar"
method: "blacklist"
result: "unrated"
SafeToOpen:
category: "undetected"
engine_name: "SafeToOpen"
method: "blacklist"
result: "unrated"
Sangfor:
category: "harmless"
engine_name: "Sangfor"
method: "blacklist"
result: "clean"
Scantitan:
category: "harmless"
engine_name: "Scantitan"
method: "blacklist"
result: "clean"
Seclookup:
category: "harmless"
engine_name: "Seclookup"
method: "blacklist"
result: "clean"
Snort IP sample list:
category: "harmless"
engine_name: "Snort IP sample list"
method: "blacklist"
result: "clean"
Sophos:
category: "harmless"
engine_name: "Sophos"
method: "blacklist"
result: "clean"
Spam404:
category: "harmless"
engine_name: "Spam404"
method: "blacklist"
result: "clean"
StopForumSpam:
category: "harmless"
engine_name: "StopForumSpam"
method: "blacklist"
result: "clean"
Sucuri SiteCheck:
category: "harmless"
engine_name: "Sucuri SiteCheck"
method: "blacklist"
result: "clean"
ThreatHive:
category: "harmless"
engine_name: "ThreatHive"
method: "blacklist"
result: "clean"
Threatsourcing:
category: "harmless"
engine_name: "Threatsourcing"
method: "blacklist"
result: "clean"
Trustwave:
category: "harmless"
engine_name: "Trustwave"
method: "blacklist"
result: "clean"
URLQuery:
category: "undetected"
engine_name: "URLQuery"
method: "blacklist"
result: "unrated"
URLhaus:
category: "harmless"
engine_name: "URLhaus"
method: "blacklist"
result: "clean"
VIPRE:
category: "undetected"
engine_name: "VIPRE"
method: "blacklist"
result: "unrated"
VX Vault:
category: "harmless"
engine_name: "VX Vault"
method: "blacklist"
result: "clean"
Viettel Threat Intelligence:
category: "harmless"
engine_name: "Viettel Threat Intelligence"
method: "blacklist"
result: "clean"
ViriBack:
category: "harmless"
engine_name: "ViriBack"
method: "blacklist"
result: "clean"
Webroot:
category: "harmless"
engine_name: "Webroot"
method: "blacklist"
result: "clean"
Xcitium Verdict Cloud:
category: "undetected"
engine_name: "Xcitium Verdict Cloud"
method: "blacklist"
result: "unrated"
Yandex Safebrowsing:
category: "harmless"
engine_name: "Yandex Safebrowsing"
method: "blacklist"
result: "clean"
ZeroCERT:
category: "harmless"
engine_name: "ZeroCERT"
method: "blacklist"
result: "clean"
alphaMountain.ai:
category: "harmless"
engine_name: "alphaMountain.ai"
method: "blacklist"
result: "clean"
benkow.cc:
category: "harmless"
engine_name: "benkow.cc"
method: "blacklist"
result: "clean"
desenmascara.me:
category: "harmless"
engine_name: "desenmascara.me"
method: "blacklist"
result: "clean"
malwares.com URL checker:
category: "malicious"
engine_name: "malwares.com URL checker"
method: "blacklist"
result: "malicious"
securolytics:
category: "harmless"
engine_name: "securolytics"
method: "blacklist"
result: "clean"
last_analysis_stats:
harmless: 68
malicious: 3
suspicious: 0
timeout: 0
undetected: 19
last_final_url: "https://shrinke.me/"
last_http_response_code: 200
last_http_response_content_length: 13845
last_http_response_content_sha256: "d56251b9291858c2ce0df7d6bd2a52ed660deae1a33c86e9a363814aeb3309a0"
last_http_response_headers:
CF-Cache-Status: "DYNAMIC"
CF-RAY: "8315d5a0796761d9-ORD"
Connection: "keep-alive"
Content-Encoding: "br"
Content-Type: "text/html; charset=UTF-8"
Date: "Wed, 06 Dec 2023 16:16:38 GMT"
NEL: "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}"
Report-To: "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=bFcI4gTyIBHrs3FScCvxZSMmWkHm5SZhlbtLqPiUs1OZo3i0eM9B8i%2BhqNaiUNjcHt0VdpbNf%2FqE3aW6u%2FwQRn6IH%2BxN9QCnsICdtdo0H%2F7qMtTEvUG1S858TAox\"}],\"group\":\"cf-nel\",\"max_age\":604800}"
Server: "cloudflare"
Transfer-Encoding: "chunked"
Vary: "Accept-Encoding,User-Agent"
X-Content-Type-Options: "nosniff"
X-Frame-Options: "SAMEORIGIN"
X-XSS-Protection: "1; mode=block"
alt-svc: "h3=\":443\"; ma=86400"
last_modification_date: 1701879712 # 2023-12-06 09:21:52 -0700 CST
last_submission_date: 1701879085 # 2023-12-06 09:11:25 -0700 CST
reputation: 0
tags: []
threat_names: []
times_submitted: 42
title: "Shrink.Me"
tld: "me"
total_votes:
harmless: 0
malicious: 0
trackers:
Google Analytics:
- timestamp: 1682998087
url: "https://www.google-analytics.com/analytics.js"
url: "https://shrinke.me/"
vt --apikey "4f955033788--you-apikey---f95503378825a97415" file "72bd9c348021abcdf3914f2218debe7258fc2917a4233d6ff429cac6bfe885b3"
result ...
Code: Select all
- _id: "72bd9c348021abcdf3914f2218debe7258fc2917a4233d6ff429cac6bfe885b3"
_type: "file"
bundle_info:
extensions:
bin: 1
dat: 1
dll: 11
exe: 4
pak: 58
pb: 1
png: 2
file_types:
JSON: 1
PNG: 2
Portable Executable: 15
directory: 6
unknown: 68
highest_datetime: "2023-12-04 21:03:32"
lowest_datetime: "2023-12-04 13:22:38"
num_children: 92
type: "CRX"
uncompressed_size: 269915871
crowdsourced_ids_results:
- alert_context:
- dest_ip: "8.8.4.4"
dest_port: 443
ja3:
- "e9387e53abb4636cb5b5e9492aa3874f"
ja3s:
- "eb1d94daa7e0344597e756a1fb6e7054"
alert_severity: "low"
rule_category: "Misc activity"
rule_id: "1:2047866"
rule_msg: "ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)"
rule_raw: "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:\"ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)\"; flow:established,to_server; threshold: type both, track by_src, count 1, seconds 600; tls.sni; dotprefix; content:\".dns.google\"; endswith; reference:url,developers.google.com/speed/public-dns/docs/doh/; classtype:misc-activity; sid:2047866; rev:4; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2022_02_07, deployment Perimeter, former_category INFO, performance_impact Low, confidence High, signature_severity Informational, tag DoH, updated_at 2023_10_05, reviewed_at 2023_10_05, former_sid 2851058; target:src_ip;)"
rule_references:
- "https://developers.google.com/speed/public-dns/docs/doh/"
rule_source: "Proofpoint Emerging Threats Open"
rule_url: "https://rules.emergingthreats.net/"
crowdsourced_ids_stats:
high: 0
info: 0
low: 1
medium: 0
first_submission_date: 1701777648 # 2023-12-05 05:00:48 -0700 CST
last_analysis_date: 1702209563 # 2023-12-10 04:59:23 -0700 CST
last_analysis_results:
ALYac:
category: "undetected"
engine_name: "ALYac"
engine_update: "20231210"
engine_version: "1.1.3.1"
method: "blacklist"
result: null
APEX:
category: "type-unsupported"
engine_name: "APEX"
engine_update: "20231128"
engine_version: "6.478"
method: "blacklist"
result: null
AVG:
category: "undetected"
engine_name: "AVG"
engine_update: "20231210"
engine_version: "23.9.8494.0"
method: "blacklist"
result: null
Acronis:
category: "undetected"
engine_name: "Acronis"
engine_update: "20230828"
engine_version: "1.2.0.121"
method: "blacklist"
result: null
AhnLab-V3:
category: "undetected"
engine_name: "AhnLab-V3"
engine_update: "20231210"
engine_version: "3.25.0.10459"
method: "blacklist"
result: null
Alibaba:
category: "undetected"
engine_name: "Alibaba"
engine_update: "20190527"
engine_version: "0.3.0.5"
method: "blacklist"
result: null
Antiy-AVL:
category: "undetected"
engine_name: "Antiy-AVL"
engine_update: "20231210"
engine_version: "3.0"
method: "blacklist"
result: null
Arcabit:
category: "undetected"
engine_name: "Arcabit"
engine_update: "20231210"
engine_version: "2022.0.0.18"
method: "blacklist"
result: null
Avast:
category: "undetected"
engine_name: "Avast"
engine_update: "20231210"
engine_version: "23.9.8494.0"
method: "blacklist"
result: null
Avast-Mobile:
category: "undetected"
engine_name: "Avast-Mobile"
engine_update: "20231210"
engine_version: "231210-02"
method: "blacklist"
result: null
Avira:
category: "undetected"
engine_name: "Avira"
engine_update: "20231210"
engine_version: "8.3.3.16"
method: "blacklist"
result: null
Baidu:
category: "undetected"
engine_name: "Baidu"
engine_update: "20190318"
engine_version: "1.0.0.2"
method: "blacklist"
result: null
BitDefender:
category: "undetected"
engine_name: "BitDefender"
engine_update: "20231210"
engine_version: "7.2"
method: "blacklist"
result: null
BitDefenderFalx:
category: "type-unsupported"
engine_name: "BitDefenderFalx"
engine_update: "20231121"
engine_version: "2.0.936"
method: "blacklist"
result: null
BitDefenderTheta:
category: "undetected"
engine_name: "BitDefenderTheta"
engine_update: "20231127"
engine_version: "7.2.37796.0"
method: "blacklist"
result: null
Bkav:
category: "failure"
engine_name: "Bkav"
engine_update: "20231209"
engine_version: "2.0.0.1"
method: "blacklist"
result: null
CAT-QuickHeal:
category: "undetected"
engine_name: "CAT-QuickHeal"
engine_update: "20231209"
engine_version: "22.00"
method: "blacklist"
result: null
CMC:
category: "undetected"
engine_name: "CMC"
engine_update: "20230822"
engine_version: "2.4.2022.1"
method: "blacklist"
result: null
ClamAV:
category: "undetected"
engine_name: "ClamAV"
engine_update: "20231210"
engine_version: "1.2.1.0"
method: "blacklist"
result: null
CrowdStrike:
category: "type-unsupported"
engine_name: "CrowdStrike"
engine_update: null
engine_version: "1.0"
method: "blacklist"
result: null
Cybereason:
category: "type-unsupported"
engine_name: "Cybereason"
engine_update: "20231102"
engine_version: "1.2.449"
method: "blacklist"
result: null
Cylance:
category: "type-unsupported"
engine_name: "Cylance"
engine_update: "20231108"
engine_version: "2.0.0.0"
method: "blacklist"
result: null
Cynet:
category: "type-unsupported"
engine_name: "Cynet"
engine_update: "20231210"
engine_version: "4.0.0.28"
method: "blacklist"
result: null
DeepInstinct:
category: "type-unsupported"
engine_name: "DeepInstinct"
engine_update: "20231207"
engine_version: "3.1.0.15"
method: "blacklist"
result: null
DrWeb:
category: "undetected"
engine_name: "DrWeb"
engine_update: "20231210"
engine_version: "7.0.61.8090"
method: "blacklist"
result: null
ESET-NOD32:
category: "undetected"
engine_name: "ESET-NOD32"
engine_update: "20231210"
engine_version: "28377"
method: "blacklist"
result: null
Elastic:
category: "undetected"
engine_name: "Elastic"
engine_update: "20231208"
engine_version: "4.0.121"
method: "blacklist"
result: null
Emsisoft:
category: "undetected"
engine_name: "Emsisoft"
engine_update: "20231210"
engine_version: "2022.6.0.32461"
method: "blacklist"
result: null
F-Secure:
category: "undetected"
engine_name: "F-Secure"
engine_update: "20231210"
engine_version: "18.10.1547.307"
method: "blacklist"
result: null
FireEye:
category: "undetected"
engine_name: "FireEye"
engine_update: "20231210"
engine_version: "35.24.1.0"
method: "blacklist"
result: null
Fortinet:
category: "undetected"
engine_name: "Fortinet"
engine_update: "20231210"
engine_version: "None"
method: "blacklist"
result: null
GData:
category: "undetected"
engine_name: "GData"
engine_update: "20231210"
engine_version: "A:25.36954B:27.34157"
method: "blacklist"
result: null
Google:
category: "undetected"
engine_name: "Google"
engine_update: "20231210"
engine_version: "1702206023"
method: "blacklist"
result: null
Gridinsoft:
category: "undetected"
engine_name: "Gridinsoft"
engine_update: "20231210"
engine_version: "1.0.151.174"
method: "blacklist"
result: null
Ikarus:
category: "undetected"
engine_name: "Ikarus"
engine_update: "20231210"
engine_version: "6.2.4.0"
method: "blacklist"
result: null
Jiangmin:
category: "undetected"
engine_name: "Jiangmin"
engine_update: "20231209"
engine_version: "16.0.100"
method: "blacklist"
result: null
K7AntiVirus:
category: "undetected"
engine_name: "K7AntiVirus"
engine_update: "20231204"
engine_version: "12.130.50390"
method: "blacklist"
result: null
K7GW:
category: "undetected"
engine_name: "K7GW"
engine_update: "20231204"
engine_version: "12.130.50390"
method: "blacklist"
result: null
Kaspersky:
category: "undetected"
engine_name: "Kaspersky"
engine_update: "20231210"
engine_version: "22.0.1.28"
method: "blacklist"
result: null
Kingsoft:
category: "undetected"
engine_name: "Kingsoft"
engine_update: "20230906"
engine_version: "None"
method: "blacklist"
result: null
Lionic:
category: "undetected"
engine_name: "Lionic"
engine_update: "20231210"
engine_version: "7.5"
method: "blacklist"
result: null
MAX:
category: "undetected"
engine_name: "MAX"
engine_update: "20231210"
engine_version: "2023.1.4.1"
method: "blacklist"
result: null
Malwarebytes:
category: "undetected"
engine_name: "Malwarebytes"
engine_update: "20231210"
engine_version: "4.5.5.54"
method: "blacklist"
result: null
MaxSecure:
category: "undetected"
engine_name: "MaxSecure"
engine_update: "20231209"
engine_version: "1.0.0.1"
method: "blacklist"
result: null
McAfee:
category: "timeout"
engine_name: "McAfee"
engine_update: "20231210"
engine_version: "6.0.6.653"
method: "blacklist"
result: null
MicroWorld-eScan:
category: "undetected"
engine_name: "MicroWorld-eScan"
engine_update: "20231210"
engine_version: "14.0.409.0"
method: "blacklist"
result: null
Microsoft:
category: "undetected"
engine_name: "Microsoft"
engine_update: "20231210"
engine_version: "1.1.23110.2"
method: "blacklist"
result: null
NANO-Antivirus:
category: "undetected"
engine_name: "NANO-Antivirus"
engine_update: "20231210"
engine_version: "1.0.146.25796"
method: "blacklist"
result: null
Paloalto:
category: "type-unsupported"
engine_name: "Paloalto"
engine_update: "20231210"
engine_version: "0.9.0.1003"
method: "blacklist"
result: null
Panda:
category: "undetected"
engine_name: "Panda"
engine_update: "20231210"
engine_version: "4.6.4.2"
method: "blacklist"
result: null
Rising:
category: "malicious"
engine_name: "Rising"
engine_update: "20231210"
engine_version: "25.0.0.27"
method: "blacklist"
result: "Trojan.Generic@AI.84 (RDML:F/DEWZEaFwjBdUNR/002fQ)"
SUPERAntiSpyware:
category: "undetected"
engine_name: "SUPERAntiSpyware"
engine_update: "20231208"
engine_version: "5.6.0.1032"
method: "blacklist"
result: null
Sangfor:
category: "undetected"
engine_name: "Sangfor"
engine_update: "20231122"
engine_version: "2.23.0.0"
method: "blacklist"
result: null
SentinelOne:
category: "type-unsupported"
engine_name: "SentinelOne"
engine_update: "20231119"
engine_version: "23.4.2.3"
method: "blacklist"
result: null
Skyhigh:
category: "timeout"
engine_name: "Skyhigh"
engine_update: "20231210"
engine_version: null
method: "blacklist"
result: null
Sophos:
category: "undetected"
engine_name: "Sophos"
engine_update: "20231210"
engine_version: "2.4.3.0"
method: "blacklist"
result: null
Symantec:
category: "undetected"
engine_name: "Symantec"
engine_update: "20231209"
engine_version: "1.21.0.0"
method: "blacklist"
result: null
SymantecMobileInsight:
category: "type-unsupported"
engine_name: "SymantecMobileInsight"
engine_update: "20230119"
engine_version: "2.0"
method: "blacklist"
result: null
TACHYON:
category: "undetected"
engine_name: "TACHYON"
engine_update: "20231210"
engine_version: "2023-12-10.02"
method: "blacklist"
result: null
Tencent:
category: "undetected"
engine_name: "Tencent"
engine_update: "20231210"
engine_version: "1.0.0.1"
method: "blacklist"
result: null
Trapmine:
category: "type-unsupported"
engine_name: "Trapmine"
engine_update: "20231106"
engine_version: "4.0.14.97"
method: "blacklist"
result: null
TrendMicro:
category: "undetected"
engine_name: "TrendMicro"
engine_update: "20231210"
engine_version: "11.0.0.1006"
method: "blacklist"
result: null
TrendMicro-HouseCall:
category: "undetected"
engine_name: "TrendMicro-HouseCall"
engine_update: "20231210"
engine_version: "10.0.0.1040"
method: "blacklist"
result: null
Trustlook:
category: "failure"
engine_name: "Trustlook"
engine_update: "20231210"
engine_version: "1.0"
method: "blacklist"
result: null
VBA32:
category: "undetected"
engine_name: "VBA32"
engine_update: "20231209"
engine_version: "5.0.0"
method: "blacklist"
result: null
VIPRE:
category: "undetected"
engine_name: "VIPRE"
engine_update: "20231210"
engine_version: "6.0.0.35"
method: "blacklist"
result: null
Varist:
category: "undetected"
engine_name: "Varist"
engine_update: "20231210"
engine_version: "6.5.1.2"
method: "blacklist"
result: null
ViRobot:
category: "undetected"
engine_name: "ViRobot"
engine_update: "20231209"
engine_version: "2014.3.20.0"
method: "blacklist"
result: null
VirIT:
category: "undetected"
engine_name: "VirIT"
engine_update: "20231207"
engine_version: "9.5.595"
method: "blacklist"
result: null
Webroot:
category: "type-unsupported"
engine_name: "Webroot"
engine_update: "20231210"
engine_version: "1.0.0.403"
method: "blacklist"
result: null
Xcitium:
category: "undetected"
engine_name: "Xcitium"
engine_update: "20231210"
engine_version: "36248"
method: "blacklist"
result: null
Yandex:
category: "undetected"
engine_name: "Yandex"
engine_update: "20231210"
engine_version: "5.5.2.24"
method: "blacklist"
result: null
Zillya:
category: "undetected"
engine_name: "Zillya"
engine_update: "20231208"
engine_version: "2.0.0.5010"
method: "blacklist"
result: null
ZoneAlarm:
category: "undetected"
engine_name: "ZoneAlarm"
engine_update: "20231210"
engine_version: "1.0"
method: "blacklist"
result: null
Zoner:
category: "undetected"
engine_name: "Zoner"
engine_update: "20231210"
engine_version: "2.2.2.0"
method: "blacklist"
result: null
tehtris:
category: "type-unsupported"
engine_name: "tehtris"
engine_update: "20231210"
engine_version: null
method: "blacklist"
result: null
last_analysis_stats:
confirmed-timeout: 0
failure: 2
harmless: 0
malicious: 1
suspicious: 0
timeout: 2
type-unsupported: 13
undetected: 58
last_modification_date: 1702683800 # 2023-12-15 16:43:20 -0700 CST
last_submission_date: 1702683800 # 2023-12-15 16:43:20 -0700 CST
magic: "Zip archive data, at least v2.0 to extract, compression method=store"
md5: "c588e7e51da7b5c1193d49ad0288cf3e"
meaningful_name: "supermium_119_32.zip"
names:
- "supermium_119_32.zip"
reputation: 0
sha1: "1d9476f330deaf6eb1264e797f33836d02a8b9c0"
sha256: "72bd9c348021abcdf3914f2218debe7258fc2917a4233d6ff429cac6bfe885b3"
sigma_analysis_results:
- match_context:
- values:
EventID: "11"
Image: "C:\\Windows\\SysWOW64\\7za.exe"
TargetFilename: "C:\\Users\\george\\AppData\\Local\\Temp\\dkrecslt.gjw\\Chrome-bin\\119.0.6045.192\\chrome_elf.dll"
rule_author: "Ariel Millahuel"
rule_description: "Malware Bytes describes LatentBot as a multi-modular Trojan written in Delphi and known to have been around since 2013."
rule_id: "f5653d51811614b162ab7311b24033c85bf166bbc322d83f4f72d0b9a366a01f"
rule_level: "critical"
rule_source: "SOC Prime Threat Detection Marketplace"
rule_title: "LatentBot malware"
- match_context:
- values:
Company: "Microsoft Corporation"
Description: "WMI"
EventID: "7"
FileVersion: "10.0.17134.982 (WinBuild.160101.0800)"
Hashes: "SHA1=4D61CEAEDCDFC3031AA1FB23AAEA97F8AA9E4D07,MD5=F9608C037AD0C1A2ABEF38B0DB962665,SHA256=BD10E5AE34F5CC4320B9E3882E814A965981FA145E52AB44D330B1827FEF3109,IMPHASH=9D055036D2E10337714BF0C5E850ECC9"
Image: "C:\\Users\\george\\AppData\\Local\\Temp\\dkrecslt.gjw\\Chrome-bin\\chrome.exe"
ImageLoaded: "C:\\Windows\\SysWOW64\\wbem\\wbemprox.dll"
OriginalFileName: "wbemprox.dll"
Product: "Microsoft\\xae Windows\\xae Operating System"
Signature: "Microsoft Windows"
SignatureStatus: "Valid"
Signed: "true"
- values:
Company: "Microsoft Corporation"
Description: "WMI"
EventID: "7"
FileVersion: "10.0.17134.1 (WinBuild.160101.0800)"
Hashes: "SHA1=94DB0C10D0B64ABAB31C2718E75F9501ECAAB8F0,MD5=10CF80E5533C252E44A763DA4F390595,SHA256=03C6329ACD0A895688BDAB224BB303538B53E604DA8E4138543E10EED2B68A75,IMPHASH=1FD04D45E8EC8A8BB347C192B840A1F6"
Image: "C:\\Users\\george\\AppData\\Local\\Temp\\dkrecslt.gjw\\Chrome-bin\\chrome.exe"
ImageLoaded: "C:\\Windows\\SysWOW64\\wbemcomn.dll"
OriginalFileName: "wbemcomn.dll"
Product: "Microsoft\\xae Windows\\xae Operating System"
Signature: "Microsoft Windows"
SignatureStatus: "Valid"
Signed: "true"
- values:
Company: "Microsoft Corporation"
Description: "WMI"
EventID: "7"
FileVersion: "10.0.17134.1 (WinBuild.160101.0800)"
Hashes: "SHA1=56066E4E7FE4FFDED81EF168F56092104818CA27,MD5=9E2C6A76DDE7D547FCD70EAAF5451BB9,SHA256=D46D7D8CC1D5E239AE194C2921801815023E9D7033DE312BC87B08FD3FE37367,IMPHASH=BACB56FFFD9CDFA7320267145FAD5E2D"
Image: "C:\\Users\\george\\AppData\\Local\\Temp\\dkrecslt.gjw\\Chrome-bin\\chrome.exe"
ImageLoaded: "C:\\Windows\\SysWOW64\\wbem\\wbemsvc.dll"
OriginalFileName: "wbemsvc.dll"
Product: "Microsoft\\xae Windows\\xae Operating System"
Signature: "Microsoft Windows"
SignatureStatus: "Valid"
Signed: "true"
- values:
Company: "Microsoft Corporation"
Description: "WMI Custom Marshaller"
EventID: "7"
FileVersion: "10.0.17134.1 (WinBuild.160101.0800)"
Hashes: "SHA1=77EF7A37206EFDA08D09FAD18EE1D9031C22A513,MD5=74BFBA2F59C8FA3A58556268D44DAACE,SHA256=D367DB94EE08048EB3A93CB36F046C1DCB984EE51743C8C9A32B97112C5E3345,IMPHASH=05B2758EA8D0BF8CD914BB1B44072EBB"
Image: "C:\\Users\\george\\AppData\\Local\\Temp\\dkrecslt.gjw\\Chrome-bin\\chrome.exe"
ImageLoaded: "C:\\Windows\\SysWOW64\\wbem\\fastprox.dll"
OriginalFileName: "fastprox.dll"
Product: "Microsoft\\xae Windows\\xae Operating System"
Signature: "Microsoft Windows"
SignatureStatus: "Valid"
Signed: "true"
rule_author: "Roberto Rodriguez @Cyb3rWard0g"
rule_description: "Detects a WMI modules being loaded by an uncommon process"
rule_id: "fb092b3aee3feb316c048a1249e1ac9639a63cac318318afd45bf38887b31b0c"
rule_level: "low"
rule_source: "Sigma Integrated Rule Set (GitHub)"
rule_title: "WMI Module Loaded By Non Uncommon Process"
sigma_analysis_stats:
critical: 1
high: 0
low: 1
medium: 0
sigma_analysis_summary:
SOC Prime Threat Detection Marketplace:
critical: 1
high: 0
low: 0
medium: 0
Sigma Integrated Rule Set (GitHub):
critical: 0
high: 0
low: 1
medium: 0
size: 125176088
ssdeep: "3145728:1fNyUq67Z95U8fHnxhz3BvknUmmNVHpFZxAMG1W2tJnuvD7wLr4s:hzq619uAHzzxvknUpNVHHTT884Es"
tags:
- "crx"
- "detect-debug-environment"
- "long-sleeps"
- "calls-wmi"
- "contains-pe"
- "zipped"
times_submitted: 8
tlsh: "T1FC583354F81771BDB5916C7FE8CC58F89FE944B43C9B221B2958240B509BCAF8BA7063"
total_votes:
harmless: 0
malicious: 0
trid:
- file_type: "ZIP compressed archive"
probability: 80.0
- file_type: "PrintFox/Pagefox bitmap (640x800)"
probability: 20.0
type_description: "Google Chrome Extension"
type_extension: "crx"
type_tag: "crx"
type_tags:
- "crx"
- "chrome"
- "extension"
- "browser"
unique_sources: 8
vhash: "ea4335d7f3bbfdd19171f7953b09560f"