popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

c4da0137cbb99626fd44da707ae1bca8.bin

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 12, 2021, 5:54 p.m. May 12, 2021, 5:56 p.m.
Size 60.3KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c4da0137cbb99626fd44da707ae1bca8
SHA256 1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a
CRC32 BABC3D85
ssdeep 1536:mWIrgG/4CMjuhy03Z63tFjr5EOkpIsT6oKw8ebioQ+9o:ZG/4CJhxIdJr5sDBKw7jo
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
section .text1
Time & API Arguments Status Return Repeated

CreateServiceW

 service_start_name:
start_type: 3
password:
display_name: .45e8cad1
filepath: C:\Users\test22\AppData\Local\Temp\"C:\Users\test22\AppData\Local\Temp\c4da0137cbb99626fd44da707ae1bca8.bin"
service_name: .45e8cad1
filepath_r: "C:\Users\test22\AppData\Local\Temp\c4da0137cbb99626fd44da707ae1bca8.bin"
desired_access: 983551
service_handle: 0x005af8d0
error_control: 0
service_type: 272
service_manager_handle: 0x005af790
1 5961936 0
section {u'size_of_data': u'0x00008400', u'virtual_address': u'0x00001000', u'entropy': 7.957397195566444, u'name': u'.text', u'virtual_size': u'0x00008393'} entropy 7.95739719557 description A section with a high entropy has been found
section {u'size_of_data': u'0x00003400', u'virtual_address': u'0x0000c000', u'entropy': 7.909325754559942, u'name': u'.data', u'virtual_size': u'0x000039f4'} entropy 7.90932575456 description A section with a high entropy has been found
section {u'size_of_data': u'0x00001000', u'virtual_address': u'0x00010000', u'entropy': 7.683518648362722, u'name': u'.rsrc', u'virtual_size': u'0x00000ec9'} entropy 7.68351864836 description A section with a high entropy has been found
entropy 0.970873786408 description Overall entropy of this PE file is high
host 172.217.25.14
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.36880395
McAfee GenericRXOH-VB!C4DA0137CBB9
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005795061 )
Alibaba Trojan:Win32/DarkSide.a9f80a27
K7GW Trojan ( 005795061 )
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Filecoder.DarkSide.B
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan-Ransom.Win32.Encoder.mhq
BitDefender Trojan.GenericKD.36880395
ViRobot Trojan.Win32.Z.Darkside.61784
Avast Win32:DangerousSig [Trj]
Ad-Aware Trojan.GenericKD.36880395
Sophos ML/PE-A + Mal/BadCert-Gen
DrWeb Trojan.Siggen13.4445
VIPRE Trojan.Win32.Generic!BT
TrendMicro Ransom_DarkSide.R002C0DEB21
McAfee-GW-Edition GenericRXOH-VB!C4DA0137CBB9
FireEye Generic.mg.c4da0137cbb99626
Emsisoft MalCert.A (A)
Ikarus Win32.Outbreak
GData Win32.Trojan.Agent.GULDFO
Webroot W32.Trojan.Gen
Avira TR/Crypt.XPACK.Gen
Kingsoft Win32.Troj.Undef.(kcloud)
AegisLab Trojan.Win32.Encoder.j!c
ZoneAlarm Trojan-Ransom.Win32.Encoder.mhq
Microsoft Ransom:Win32/DarkSide.DA
Cynet Malicious (score: 100)
AhnLab-V3 Backdoor/Win.CobaltStrike.R416024
MAX malware (ai score=84)
Cylance Unsafe
TrendMicro-HouseCall Ransom_DarkSide.R002C0DEB21
Rising Ransom.Encoder!8.FFD4 (TFE:dGZlOgQJS8KF1QJfqw)
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_93%
Fortinet W32/DarkSide.B!tr.ransom
AVG Win32:DangerousSig [Trj]
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_80% (D)