popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

shell.exe

Malicious Packer PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 31, 2021, 1:28 p.m. July 31, 2021, 1:33 p.m.
Size 72.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 258f0036061a9731caa635d83928c721
SHA256 0bc29a0979b90f12e488c78a373e8eadd51d30ea85a3954925a3f6aa09a04851
CRC32 1EAB2132
ssdeep 1536:IPqBU0cU76Xd8QGZh6ob3I1mwhQUQjyouvMb+KR0Nc8QsJq39:00cUWXdiW2GpQUzFve0Nc8QsC9
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
89.140.164.85 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2016
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00380000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0000b000', u'virtual_address': u'0x00001000', u'entropy': 7.022138821583042, u'name': u'.text', u'virtual_size': u'0x0000a966'} entropy 7.02213882158 description A section with a high entropy has been found
entropy 0.647058823529 description Overall entropy of this PE file is high
host 89.140.164.85
dead_host 89.140.164.85:4444
Bkav W32.FamVT.RorenNHc.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.CryptZ.Gen
FireEye Generic.mg.258f0036061a9731
CAT-QuickHeal Trojan.Swrort.A
McAfee Swrort.i
Cylance Unsafe
VIPRE Trojan.Win32.Swrort.B (v)
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 004c49f81 )
K7GW Trojan ( 004c49f81 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.CryptZ.Gen
Cyren W32/Swrort.A.gen!Eldorado
Symantec Packed.Generic.347
ESET-NOD32 a variant of Win32/Rozena.ED
APEX Malicious
ClamAV Win.Trojan.Swrort-5710536-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.CryptZ.Gen
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc
SUPERAntiSpyware Trojan.Backdoor-Shell
Avast Win32:SwPatch [Wrm]
Rising HackTool.Swrort!1.6477 (CLASSIC)
Ad-Aware Trojan.CryptZ.Gen
Sophos ML/PE-A + Mal/EncPk-ACE
Comodo TrojWare.Win32.Rozena.A@4jwdqr
DrWeb Trojan.Swrort.1
TrendMicro Backdoor.Win32.SWRORT.SMAL01
McAfee-GW-Edition BehavesLike.Win32.Swrort.lh
Emsisoft Trojan.CryptZ.Gen (B)
Ikarus Trojan.Win32.Swrort
Avira TR/Patched.Gen2
Gridinsoft Trojan.Win32.Swrort.zv!s2
Microsoft Trojan:Win32/Meterpreter.O
ViRobot Trojan.Win32.Elzob.Gen
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Win32.Trojan.PSE.16Y83VL
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Shell.R1283
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34050.eq1@am2gO6bi
ALYac Trojan.CryptZ.Gen
MAX malware (ai score=83)
Malwarebytes Trojan.Rozena
TrendMicro-HouseCall Backdoor.Win32.SWRORT.SMAL01
Tencent Trojan.Win32.Cryptz.za
Yandex Trojan.Rosena.Gen.1
SentinelOne Static AI - Malicious PE
Fortinet MalwThreat!df3bIV