popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rtr3.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 8, 2021, 9:15 a.m. April 8, 2021, 9:41 a.m.
Size 285.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 a062400119a4a2b81e8465cd91c145d7
SHA256 9b9205550f31c76834606c67544248988a494fb06a4218cbbf76020fcd94801c
CRC32 87FAB283
ssdeep 6144:QZBr8euM6zhH39suCQWv+cbEPhJQC0lGHmV:Yl8euM6z99s5Q0y3B
Yara
  • win_files_operation - Affect private profile
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • IsPE64 - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
section {u'size_of_data': u'0x00007c00', u'virtual_address': u'0x0002f000', u'entropy': 7.711559631072084, u'name': u'.data', u'virtual_size': u'0x00008e00'} entropy 7.71155963107 description A section with a high entropy has been found
Elastic malicious (high confidence)
FireEye Generic.mg.a062400119a4a2b8
Cybereason malicious.dde99b
APEX Malicious
Avast FileRepMalware
McAfee-GW-Edition BehavesLike.Win64.Dropper.dh
Webroot W32.Malware.Gen
Microsoft Trojan:Win32/Casdet!rfn
Cynet Malicious (score: 100)
McAfee Artemis!A062400119A4
AVG FileRepMalware
CrowdStrike win/malicious_confidence_70% (W)