popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

outlook.eml

OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 25, 2021, 2:33 p.m. June 25, 2021, 2:41 p.m.
Size 417.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8d15f4990f6b8cc9f996e0ab67fe0d7f
SHA256 99f35c93872e9a0267400bc3641d08fffe5b5d3f6bdc06c95fc9ee3ebc76fbe1
CRC32 F4EF0DE2
ssdeep 6144:ayzQYD9/1TpeSfuLuMeqcC3qVF+gHpZzHTW/rWTY4ML+cp6e3cYbx+Xg/:aydD1RplGqBqxA+EvzH6DWTJOppSXA
PDB Path H:\Downloads\pe-loader-v2\pe-loader-v2\pe-loader-v2\Release\pe-loader-v2.pdb
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
unitious.com
A 157.90.14.145
157.90.14.145
IP Address Status Action
157.90.14.145 Active Moloch
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch
3.136.65.236 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49807 -> 157.90.14.145:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49807
157.90.14.145:443 		C=US, O=Let's Encrypt, CN=R3 CN=unitious.com d6:02:e2:85:88:78:59:18:36:1a:53:37:77:d2:00:2f:1b:74:fb:f0

pdb_path H:\Downloads\pe-loader-v2\pe-loader-v2\pe-loader-v2\Release\pe-loader-v2.pdb
suspicious_features POST method with no referer header suspicious_request POST https://unitious.com/?id=test22-PC_94DE278C3274
request POST https://unitious.com/?id=test22-PC_94DE278C3274
request GET https://unitious.com/?id=test22-PC_94DE278C3274
request POST https://unitious.com/?id=test22-PC_94DE278C3274
host 172.217.25.14
host 3.136.65.236
Bkav W32.AIDetect.malware1
MicroWorld-eScan Trojan.GenericKD.37117946
FireEye Generic.mg.8d15f4990f6b8cc9
CAT-QuickHeal Trojan.Apost
ALYac Trojan.GenericKD.37117946
Cylance Unsafe
Zillya Trojan.APosT.Win32.1919
Sangfor Trojan.Win32.APosT.noc
K7AntiVirus Trojan ( 0057e4fd1 )
Alibaba Trojan:Win32/APosT.edbba8b4
K7GW Trojan ( 0057e4fd1 )
Cybereason malicious.d910c1
BitDefenderTheta Gen:NN.ZexaF.34758.Au3@auy4Sqjc
Cyren W32/Trojan.KSDT-9170
Symantec Trojan Horse
ESET-NOD32 a variant of Win32/Kryptik.HLKH
TrendMicro-HouseCall TROJ_GEN.R002C0PFJ21
Avast Win32:Trojan-gen
Kaspersky Trojan.Win32.APosT.noc
BitDefender Trojan.GenericKD.37117946
Paloalto generic.ml
AegisLab Trojan.Win32.APosT.4!c
APEX Malicious
Rising Trojan.Generic@ML.85 (RDMK:hB6E/JZDv4Fe5gwxIXgPcw)
Ad-Aware Trojan.GenericKD.37117946
Emsisoft Trojan.GenericKD.37117946 (B)
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0PFJ21
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.gc
Sophos Troj/Agent-BHFV
Ikarus Trojan.SuspectCRC
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:Win32/Malgent!MSR
GData Trojan.GenericKD.37117946
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.AGEN.C4528952
McAfee RDN/Generic.hra
MAX malware (ai score=85)
VBA32 BScope.Trojan.Agent
Yandex Trojan.Kryptik!OJYzR4Yb4bw
Fortinet PossibleThreat.MU
MaxSecure Trojan.Malware.119044973.susgen
AVG Win32:Trojan-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)