popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

QmXhZxGAX1HF6vaMC1sdLPwpJLWkkveZnyp86K1daFGLBq

Gen1 Generic Malware Admin Tool (Sysinternals etc ...) Anti_VM PE64 PE File OS Processor Check DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 25, 2021, 3:16 p.m. June 25, 2021, 3:20 p.m.
Size 7.4MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 5e1792eae07b1aa1771f496f338e11c1
SHA256 9666834327abc09d439de802ac288da4d31299517f886c030c1ac7792928876a
CRC32 6692DE2D
ssdeep 196608:uH0aFUCsXDjDyfmdJolpPgToa10/9nFOnJ+kJ7mc56m:uLFUCEDLJ83a10tsEVcg
Yara
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Traceback (most recent call last):
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: File "Lib\site-packages\PyInstaller\hooks\rthooks\pyi_rth_multiprocessing.py", line 17, in <module>
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: File "PyInstaller\loader\pyimod03_importers.py", line 540, in exec_module
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: File "multiprocessing\__init__.py", line 16, in <module>
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: File "PyInstaller\loader\pyimod03_importers.py", line 540, in exec_module
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: File "multiprocessing\context.py", line 6, in <module>
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: File "PyInstaller\loader\pyimod03_importers.py", line 540, in exec_module
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: File "multiprocessing\reduction.py", line 16, in <module>
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: File "PyInstaller\loader\pyimod03_importers.py", line 540, in exec_module
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: File "socket.py", line 49, in <module>
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: ImportError: DLL load failed while importing _socket: 매개 변수가 틀립니다.
console_handle: 0x000000000000000b
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
file C:\Users\test22\AppData\Local\Temp\_MEI22522\pywintypes38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI22522\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI22522\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI22522\python38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI22522\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI22522\libcrypto-1_1.dll
McAfee Python/PWS.e
BitDefender Gen:Variant.Mikey.124915
Cyren W64/KeyLogger.AQ.gen!Eldorado
ESET-NOD32 Python/Spy.KeyLogger.AG
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.Python.KeyLogger.gen
MicroWorld-eScan Gen:Variant.Mikey.124915
Ad-Aware Gen:Variant.Mikey.124915
Zillya Trojan.Agent.Script.1081328
McAfee-GW-Edition BehavesLike.Win64.Dropper.wc
FireEye Gen:Variant.Mikey.124915
Emsisoft Gen:Variant.Mikey.124915 (B)
Jiangmin Trojan.PSW.Python.cj
MAX malware (ai score=80)
Antiy-AVL Trojan/Generic.ASMalwS.329AD80
Gridinsoft Trojan.Win64.Agent.oa!s1
Microsoft Program:Win32/Wacapew.C!ml
GData Gen:Variant.Mikey.124915
AhnLab-V3 Trojan/Win.PWS.C4455518
Malwarebytes Trojan.KeyLogger.Python