popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

WindowsSecurity.exe

OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 16, 2021, 10:15 a.m. June 16, 2021, 10:17 a.m.
Size 659.5KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 04f7ee1aa5e29d2f2d4ea6b539d20709
SHA256 e9d550d9a18dd0efee23eb189ba79917d39e5c33fc1dfac662248868c260f073
CRC32 64D70EC7
ssdeep 12288:Gz8Jjl7QuKXDpHyONt5geHO4Gfcju+ot5Sa/BJO6M6H2UG/cKMg5yyeqdXeRymh:Gzux7QVXgiTot5SCPO6WMg5yvQkB
PDB Path C:\Users\SDUSER\source\repos\WindowsSecurity\Release\WindowsSecurity.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\Users\SDUSER\source\repos\WindowsSecurity\Release\WindowsSecurity.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
description WindowsSecurity.exe tried to sleep 322 seconds, actually delayed analysis time by 6 seconds
host 172.217.25.14
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Johnnie.350136
FireEye Generic.mg.04f7ee1aa5e29d2f
McAfee Artemis!04F7EE1AA5E2
Sangfor Trojan.Win32.Save.a
Cybereason malicious.6ee7ae
BitDefenderTheta Gen:NN.ZexaF.34738.PuX@aO3vbBfi
Symantec ML.Attribute.HighConfidence
APEX Malicious
BitDefender Gen:Variant.Johnnie.350136
Paloalto generic.ml
ViRobot Trojan.Win32.S.Agent.675331
Ad-Aware Gen:Variant.Johnnie.350136
TrendMicro TROJ_FRS.VSNW0FF21
McAfee-GW-Edition BehavesLike.Win32.Generic.jh
Emsisoft Gen:Variant.Johnnie.350136 (B)
Ikarus Trojan-PSW.Discord
MAX malware (ai score=85)
Microsoft Program:Win32/Wacapew.C!ml
AegisLab Trojan.Win32.Malicious.4!c
GData Gen:Variant.Johnnie.350136
Cynet Malicious (score: 100)
ALYac Trojan.PSW.MSIL.Agent
TrendMicro-HouseCall TROJ_FRS.VSNW0FF21
SentinelOne Static AI - Suspicious PE
Fortinet PossibleThreat.PALLASNET.H
CrowdStrike win/malicious_confidence_90% (W)