popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Oijhsqdo.exe

AsyncRAT AgentTesla PWS AntiDebug PE File PE32 .NET EXE AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 1, 2021, 9:27 a.m. May 1, 2021, 9:40 a.m.
Size 765.3KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 5e947ca9bbb479131f613b845c742afb
SHA256 4277f535c9ba7220bd853269f0b2b75a702eb6c298240e4439179405072283dd
CRC32 1FD92EAD
ssdeep 12288:r3KGeeAItC66zb7QhdxAjrarTo7skY2XqzB3jn/:+t9I09b7+cJYk5qzB3j/
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win_Trojan_AgentTesla_IN_Zero - Win Trojan AgentTesla

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
203.159.80.206 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
url https://www.nuget.org/packages/Newtonsoft.Json.Bson
url https://github.com/Fody/Costura/graphs/contributors
url https://www.newtonsoft.com/jsonschema
url https://discord.com/
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
host 203.159.80.206
FireEye Generic.mg.5e947ca9bbb47913
Cylance Unsafe
Alibaba Trojan:MSIL/GenKryptik.0ef28664
Cybereason malicious.5bb6fb
BitDefenderTheta Gen:NN.ZemsilF.34686.Vm1@a4cXHBc
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/GenKryptik.FEPC
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
Paloalto generic.ml
Sophos Mal/Generic-S
McAfee-GW-Edition Artemis!Trojan
SentinelOne Static AI - Malicious PE
eGambit PE.Heur.InvalidSig
Microsoft VirTool:MSIL/Lore!MTB
McAfee Artemis!5E947CA9BBB4
Malwarebytes Trojan.MalPack.MSIL
TrendMicro-HouseCall TROJ_GEN.R06CH01DT21
Rising Trojan.GenKryptik!8.AA55 (CLOUD)
Ikarus Trojan.MSIL.Inject
Fortinet MSIL/GenKryptik.FEPC!tr
CrowdStrike win/malicious_confidence_80% (W)
dead_host 203.159.80.206:80