popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ConsoleAa16.exe

AntiVM PE32 AntiDebug PE File .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 14, 2021, 8:15 p.m. June 14, 2021, 8:32 p.m.
Size 278.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 9f6f8cb5647da0fc5df0142e82ac12ee
SHA256 fac2fa827e763dfcc0b5baf189dd050db2dae4d731ec54a208c2238d4f7b55e9
CRC32 D36DBB14
ssdeep 6144:45RjoQoNNBeGjaWYfIyp/5IO30Z/mPhy7NEU1:ehodKGuWYAypmA0hMHU1
Yara
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
136.144.41.233 Active Moloch
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
section {u'size_of_data': u'0x0003e400', u'virtual_address': u'0x00002000', u'entropy': 7.959037828168682, u'name': u'.text', u'virtual_size': u'0x0003e3f4'} entropy 7.95903782817 description A section with a high entropy has been found
entropy 0.930841121495 description Overall entropy of this PE file is high
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
host 136.144.41.233
host 172.217.25.14
FireEye Generic.mg.9f6f8cb5647da0fc
McAfee Artemis!9F6F8CB5647D
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0057df2d1 )
K7GW Trojan ( 0057df2d1 )
Cyren W32/MSIL_Agent.BCR.gen!Eldorado
ESET-NOD32 a variant of MSIL/Kryptik.ABLH
Avast FileRepMalware
Kaspersky UDS:DangerousObject.Multi.Generic
Paloalto generic.ml
DrWeb Trojan.PackedNET.835
McAfee-GW-Edition Artemis!Trojan
SentinelOne Static AI - Malicious PE
Sophos Mal/Generic-S
APEX Malicious
eGambit PE.Heur.InvalidSig
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm UDS:DangerousObject.Multi.Generic
Cynet Malicious (score: 100)
Malwarebytes MachineLearning/Anomalous.95%
AVG FileRepMalware
CrowdStrike win/malicious_confidence_90% (W)
dead_host 136.144.41.233:80