Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

nc.exe

Malicious Library UPX OS Processor Check PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 15, 2021, 12:30 p.m.	Aug. 15, 2021, 12:49 p.m.

Size	823.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`20e27f9073210db80a1fc8dea3138a09`
SHA256	`2252e8f882360e28d7480d4f83b89eaca1f7961e78f425b5b110746266bdd892`
CRC32	`AC1F8592`
ssdeep	`24576:I0zRNnuWzjeUnDpc9eR+FGKF1T5xRZMeCQ+BhZ7xe+8e3eE+mOeI:bzRZuWzjeUnDpc9eR+FJT5xRZMeCQ+Bi`
PDB Path	C:\Users\weegl\Desktop\token_stealer\x64\Debug\token_stealer.pdb
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Users\weegl\Desktop\token_stealer\x64\Debug\token_stealer.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.textbss
section	.msvcjmc
section	.00cfg

The executable uses a known packer (1 event)

packer

Microsoft Visual C++ V8.0 (Debug)

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 events)

Lionic	Trojan.Win32.Disco.i!c
MicroWorld-eScan	Trojan.GenericKD.37380810
FireEye	Trojan.GenericKD.37380810
ALYac	Trojan.GenericKD.37380810
K7AntiVirus	Password-Stealer ( 00580d2c1 )
Alibaba	TrojanPSW:Win32/Disco.d5397af4
K7GW	Password-Stealer ( 00580d2c1 )
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/PSW.Discord.J
APEX	Malicious
Kaspersky	Trojan-PSW.Win32.Disco.cfn
BitDefender	Trojan.GenericKD.37380810
Avast	Win64:Trojan-gen
Ad-Aware	Trojan.GenericKD.37380810
Sophos	Mal/Generic-S (PUA)
TrendMicro	TROJ_GEN.R002C0WHD21
McAfee-GW-Edition	BehavesLike.Win64.BadFile.cm
Emsisoft	Trojan.GenericKD.37380810 (B)
Avira	TR/Redcap.nafea
MAX	malware (ai score=81)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Trojan.GenericKD.37380810
Cynet	Malicious (score: 100)
McAfee	Artemis!20E27F907321
VBA32	TrojanPSW.Disco
Malwarebytes	Malware.AI.4227310987
TrendMicro-HouseCall	TROJ_GEN.R002C0WHD21
Yandex	Trojan.PWS.Disco!n8NL0i+O9to
Ikarus	Trojan-PSW.Discord
Fortinet	W32/Discord.J!tr.pws
AVG	Win64:Trojan-gen
Panda	Trj/CI.A