popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

3306.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 15, 2021, 10:09 p.m. June 15, 2021, 10:20 p.m.
Size 184.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 369af7277751019de4e0a12b294d24de
SHA256 3c536c1558eba42c1967d9732bf9afd25c9c3c28bfbdc0028b945e88f1141d90
CRC32 69D5E2A9
ssdeep 3072:mtABk6W//OzY3qKz05HOScaZLCbnUvH6+gxF13+ea2rXYShBdj7ExxwXDGLOqPfC:GABk6W/M1KKRCXvlYShPYxxwHqPf1mI
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
1.14.61.188 Active Moloch
172.217.25.14 Active Moloch

packer Armadillo v1.71
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002e060 size 0x00000408
Time & API Arguments Status Return Repeated

CreateServiceA

 service_start_name:
start_type: 2
password:
display_name: windows updeta
filepath: C:\Users\test22\AppData\Local\Temp\%SystemRoot%\System32\svchost.exe -k netsvcs
service_name: fastuserswitchingcompatibility
filepath_r: %SystemRoot%\System32\svchost.exe -k netsvcs
desired_access: 983551
service_handle: 0x00854948
error_control: 0
service_type: 288
service_manager_handle: 0x00854b28
1 8735048 0
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000120
process_name: audiodg.exe
process_identifier: 7936
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: splwow64.exe
process_identifier: 3928
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchProtocolHost.exe
process_identifier: 3816
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchFilterHost.exe
process_identifier: 7776
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: mobsync.exe
process_identifier: 5788
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 1752
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: taskhost.exe
process_identifier: 3628
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: cmd.exe
process_identifier: 1040
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: conhost.exe
process_identifier: 8652
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 4244
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: 3306.exe
process_identifier: 2208
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: slui.exe
process_identifier: 8768
1 1 0
process 3306.exe
host 1.14.61.188
host 172.217.25.14
service_name fastuserswitchingcompatibility service_path C:\Users\test22\AppData\Local\Temp\%SystemRoot%\System32\svchost.exe -k netsvcs
reg_key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastuserswitchingcompatibility\Parameters\ServiceDll reg_value C:\Windows\system32\ntfastuserswitchingcompatibility.dll
Elastic malicious (high confidence)
DrWeb Trojan.MulDrop1.56994
MicroWorld-eScan Generic.Magania.1.1575F6E1
FireEye Generic.mg.369af7277751019d
CAT-QuickHeal Trojanpws.Bjlog.20461
McAfee BackDoor-DVB.j
Cylance Unsafe
VIPRE Backdoor.Win32.Zegost.B (v)
SUPERAntiSpyware Trojan.Agent/Gen-PcClient
Sangfor Trojan.Win32.Save.a
K7AntiVirus Dialer ( 004be7ad1 )
Alibaba TrojanPSW:Win32/Bjlog.16282552
K7GW Dialer ( 004be7ad1 )
Cybereason malicious.777510
BitDefenderTheta AI:Packer.27CA40391F
Cyren W32/Trojan.FRJV-2550
Symantec Backdoor.Trojan
ESET-NOD32 Win32/Dialer.NHP
APEX Malicious
Avast Win32:Redosdru-D [Trj]
ClamAV Win.Trojan.Redosdru-9753707-0
Kaspersky Trojan-PSW.Win32.Bjlog.dxwn
BitDefender Generic.Magania.1.1575F6E1
NANO-Antivirus Trojan.Win32.DVB.fjzikd
Paloalto generic.ml
ViRobot Trojan.Win32.Agent.188416.R
Ad-Aware Generic.Magania.1.1575F6E1
Sophos ML/PE-A + Troj/Redosdru-A
Comodo TrojWare.Win32.PSW.Bjlog.~Z@k24gw
Baidu Win32.Trojan.Baijin.a
TrendMicro BKDR_ZEGOST.SMF
McAfee-GW-Edition BehavesLike.Win32.Generic.ch
Emsisoft Generic.Magania.1.1575F6E1 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan/Agent.chek
Webroot Trojan.Dropper
Avira BDS/Agent.188418
MAX malware (ai score=82)
Antiy-AVL Trojan/Generic.ASBOL.577
Kingsoft Win32.Heur.KVM005.a.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa
Microsoft Backdoor:Win32/PcClient.ZR
ZoneAlarm Trojan-PSW.Win32.Bjlog.dxtx
GData Generic.Magania.1.1575F6E1
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Pbbot.231078
Acronis suspicious
VBA32 BScope.Trojan.Agent.0135
ALYac Generic.Magania.1.1575F6E1
TACHYON Trojan/W32.Agent.188416.BA