popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

hut.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 18, 2021, 5:34 p.m. June 18, 2021, 5:38 p.m.
Size 1.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4ccbe3a8fa850367d5efde685a350d80
SHA256 cd35cae0b96e7e0e19d837c418128aa3336fb5e714bc04fb2c1d90c46a7a2124
CRC32 12D504F6
ssdeep 24576:mt+Le+UAcIAJScTn9t884Wz7vxLdkHq/XQBy:mt+rOTn7R6
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
cdn.discordapp.com
A 162.159.135.233
A 162.159.134.233
A 162.159.129.233
A 162.159.130.233
A 162.159.133.233
162.159.130.233
IP Address Status Action
162.159.129.233 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49201 -> 162.159.129.233:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49202 -> 162.159.129.233:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49201
162.159.129.233:443 		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da
TLSv1
192.168.56.101:49202
162.159.129.233:443 		None None None

section CODE
section DATA
section BSS
packer BobSoft Mini Delphi -> BoB / BobSoft
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x1dd3cd3
0x1dd3d40
DriverCallback+0x4e waveOutOpen-0xa2e winmm+0x3af0 @ 0x743c3af0
timeEndPeriod+0x54a timeKillEvent-0x57 winmm+0xa535 @ 0x743ca535
timeEndPeriod+0x449 timeKillEvent-0x158 winmm+0xa434 @ 0x743ca434
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 8b 40 50 50 6a 00 e8 8d 2d ff ff a3 94 58 dd 01
exception.instruction: mov eax, dword ptr [eax + 0x50]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x1dd3210
registers.esp: 59047468
registers.edi: 31283368
registers.eax: 4086397282
registers.ebp: 59047516
registers.edx: 4294967295
registers.ebx: 60809930
registers.esi: 31283364
registers.ecx: 4294967295
1 0 0
request GET https://cdn.discordapp.com/attachments/854342102649143318/855081140620754964/Vhzygcahiwjrehzrrlqrpmzvootolhb
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1016
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00550000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b62000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 77824
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x01dc1000
process_handle: 0xffffffff
1 0 0
process hut.exe useragent zipo
process hut.exe useragent daso
Elastic malicious (high confidence)
McAfee Fareit-FZO!4CCBE3A8FA85
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Gen:Variant.Jacard.224738
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_60% (W)
Cyren W32/Delf_Troj.AW.gen!Eldorado
ESET-NOD32 a variant of Win32/Injector.EPOA
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
MicroWorld-eScan Gen:Variant.Jacard.224738
Ad-Aware Gen:Variant.Jacard.224738
DrWeb Trojan.DownLoader39.48961
McAfee-GW-Edition Fareit-FZO!4CCBE3A8FA85
MaxSecure Trojan.Malware.300983.susgen
FireEye Gen:Variant.Jacard.224738
GData Gen:Variant.Jacard.224738
MAX malware (ai score=85)
Microsoft Trojan:Win32/Wacatac.B!ml
AhnLab-V3 Trojan/Win.FZO.C4529181
Malwarebytes Malware.AI.3200637016
Rising Trojan.Kryptik!1.D2D5 (CLASSIC)
SentinelOne Static AI - Suspicious PE
Fortinet W32/GenKryptik.FFLW!tr
BitDefenderTheta Gen:NN.ZelphiF.34744.bHW@auy5EDci
Panda Trj/GdSda.A