popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rets.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 April 16, 2021, 9 a.m. April 16, 2021, 9:04 a.m.
Size 196.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 e31198c0a7e97c0584ad38f2c66d01b1
SHA256 5b05cae0880543c3adc28a2d5a45af4931de6d2b4197d2d3c26e4471dd4cf2a8
CRC32 1C46B326
ssdeep 6144:VdgxX4K3UMRIzHok07anvXHGr+sU8bar:VCXTFREvXHGr+kw
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • win_files_operation - Affect private profile
  • IsPE64 - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
resource name AFX_DIALOG_LAYOUT
resource name RT_RIBBON_XML
Elastic malicious (high confidence)
FireEye Generic.mg.e31198c0a7e97c05
Cylance Unsafe
Cybereason malicious.c0188e
APEX Malicious
Kaspersky VHO:Trojan-Dropper.Win32.Dapato.gen
Sophos ML/PE-A
CrowdStrike win/malicious_confidence_70% (W)
section {u'size_of_data': u'0x0000a200', u'virtual_address': u'0x00026000', u'entropy': 7.846830410596916, u'name': u'.data', u'virtual_size': u'0x0000b4f0'} entropy 7.8468304106 description A section with a high entropy has been found
entropy 0.20716112532 description Overall entropy of this PE file is high
host 172.217.25.14