popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

c0r0n4x.spc

ELF AntiVM AntiDebug
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 24, 2021, 6:12 p.m. May 24, 2021, 6:22 p.m.
Size 64.8KB
Type ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
MD5 4ad6111429ca4e0546a847815659843c
SHA256 ecc27136ecd8d4412a2d5baf50d9e2125bd73f05a91344d03b098fcf009c8ca8
CRC32 4A58F465
ssdeep 1536:RnOkiHp1OkFRFdSZTk9+2kl+ySFUx+D9qcC+:NNxEZqBAD9Nd
Yara
  • IsELF - Executable and Linking Format executable file (Linux/Unix)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x743e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x765b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x737f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e80000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73771000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72231000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72da4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e01000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73db1000
process_handle: 0xffffffff
1 0 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
host 172.217.25.14
DrWeb Linux.Mirai.632
MicroWorld-eScan Trojan.Linux.Mirai.1
ALYac Trojan.Linux.Mirai.1
Sangfor Malware.ELF-Script.Save.41b44dcf
BitDefenderTheta Gen:NN.Mirai.34690
Cyren E32/Gafgyt.C.gen!Camelot
ESET-NOD32 a variant of Linux/Mirai.ATK
TrendMicro-HouseCall Backdoor.Linux.MIRAI.SMNM4
Avast ELF:Mirai-HU [Trj]
ClamAV Unix.Dropper.Mirai-7135826-0
Kaspersky HEUR:Backdoor.Linux.Mirai.ba
BitDefender Trojan.Linux.Mirai.1
Tencent Backdoor.Linux.Mirai.waz
Ad-Aware Trojan.Linux.Mirai.1
Emsisoft Trojan.Linux.Mirai.1 (B)
TrendMicro Backdoor.Linux.MIRAI.SMNM4
McAfee-GW-Edition Linux/Mirai.k
FireEye Trojan.Linux.Mirai.1
Avast-Mobile ELF:Mirai-ANB [Trj]
Jiangmin Backdoor.Linux.fbrf
MAX malware (ai score=82)
Antiy-AVL Trojan/Generic.ASELF.3146E
GData Linux.Trojan.Mirai.J
AhnLab-V3 Linux/Mirai.Gen3
McAfee Linux/Mirai.k
Rising Backdoor.Mirai/Linux!1.BD17 (CLASSIC)
Ikarus Trojan.Linux.Gafgyt
Fortinet ELF/Mirai.ATK!tr
AVG ELF:Mirai-HU [Trj]