popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

222333.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 24, 2021, 9:14 a.m. May 24, 2021, 9:19 a.m.
Size 632.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d213c25eb7528fbc07f48fb9c151f0ed
SHA256 ababc29fccbf34ef3fbd7646a9f20635b97f749f849be02bd16d86e087be86a5
CRC32 55E75D22
ssdeep 6144:YN2FKp7Q/Ks3FyQhQRrHoFN6WtljaJul+pw8T:s2kp7YFalHoFN6WtljaElI9T
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
103.193.188.217 Active Moloch
150.242.98.207 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer Armadillo v1.71
description 222333.exe tried to sleep 170 seconds, actually delayed analysis time by 170 seconds
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13725650944
free_bytes_available: 13725650944
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
file C:\pserver.exe
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x000002e8
process_name: mobsync.exe
process_identifier: 1068
1 1 0

Process32NextW

 snapshot_handle: 0x000002e8
process_name: pw.exe
process_identifier: 2812
1 1 0

Process32NextW

 snapshot_handle: 0x000002e8
process_name: 222333.exe
process_identifier: 1116
1 1 0

Process32NextW

 snapshot_handle: 0x000002e8
process_name: 222333.exe
process_identifier: 6553710
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 45056
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x10001000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x000002e8
process_name: 222333.exe
process_identifier: 6553710
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0

Process32NextW

 snapshot_handle: 0x00000408
process_name: 222333.exe
process_identifier: 3342386
0 0
host 103.193.188.217
host 150.242.98.207
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan DeepScan:Generic.Rincux2.7BEE49EF
FireEye Generic.mg.d213c25eb7528fbc
CAT-QuickHeal Trojan.Rincux2
McAfee GenericRXAA-AA!D213C25EB752
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0057b02c1 )
Alibaba Backdoor:Win32/Farfli.be3dd9b8
K7GW Trojan ( 0057b02c1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit DeepScan:Generic.Rincux2.7BEE49EF
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.ESRI
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Trojan.Farfli-9790741-0
Kaspersky HEUR:Backdoor.Win32.Farfli.gen
BitDefender DeepScan:Generic.Rincux2.7BEE49EF
NANO-Antivirus Trojan.Win32.Farfli.iuhdwg
Paloalto generic.ml
Ad-Aware DeepScan:Generic.Rincux2.7BEE49EF
Sophos Mal/Generic-S
Comodo TrojWare.Win32.Magania.A@5wdy5u
DrWeb Trojan.DownLoader38.37318
Zillya Trojan.GenKryptik.Win32.84484
TrendMicro Backdoor.Win32.ZEGOST.SMAL02
McAfee-GW-Edition Artemis!Trojan
Emsisoft DeepScan:Generic.Rincux2.7BEE49EF (B)
Ikarus Trojan.Win32.Farfli
Jiangmin Backdoor.Farfli.eua
Avira HEUR/AGEN.1142366
Gridinsoft Trojan.Win32.Kryptik.oa!s1
Microsoft Trojan:Win32/Farfli.DSK!MTB
ViRobot Trojan.Win32.Z.Farfli.647168.B
GData DeepScan:Generic.Rincux2.7BEE49EF
Cynet Malicious (score: 99)
AhnLab-V3 Backdoor/Win.ZEGOST.C4430098
BitDefenderTheta Gen:NN.ZexaF.34690.Nq0@ae5qMJii
MAX malware (ai score=84)
VBA32 Backdoor.Lotok
Malwarebytes Generic.Trojan.Malicious.DDS
TrendMicro-HouseCall Backdoor.Win32.ZEGOST.SMAL02
Rising Trojan.Kryptik!1.D241 (CLOUD)
Yandex Trojan.GenKryptik!atMgb7KRYiw
Fortinet W32/GenKryptik.EOZH!tr
MaxSecure Trojan.Malware.73947863.susgen
AVG Win32:Trojan-gen
dead_host 192.168.56.101:49199
dead_host 150.242.98.207:80