popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

4.jpg

Antivirus
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 25, 2021, 10:08 a.m. Aug. 25, 2021, 10:11 a.m.
Size 3.3KB
Type ASCII text, with CRLF line terminators
MD5 a47b5b874c854d84c5b7da81a06ae211
SHA256 93b4153cab292649bf35e680419a948a71fc2ed90e8f8433ae580bb86bf9c31f
CRC32 788AA7FA
ssdeep 48:1CtETbpY6bj8CRH6bzS6bACGWtpGD65R657PAEpV/Vkzpq8nWpq8IhNyhYNyebNU:cKIP3F2G5w5Lhmo8nN8Ib5jWjB
Yara
  • Antivirus - Contains references to security software

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
165.3.80.21 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 165.3.80.21:80 -> 192.168.56.102:49177 2400018 ET DROP Spamhaus DROP Listed Traffic Inbound group 19 Misc Attack

Suricata TLS

No Suricata TLS

host 165.3.80.21
MicroWorld-eScan Trojan.PWS.Agent.SVN
FireEye Trojan.PWS.Agent.SVN
ESET-NOD32 PowerShell/TrojanDownloader.Agent.EHC
Kaspersky HEUR:Trojan.PowerShell.Generic
BitDefender Trojan.PWS.Agent.SVN
Ad-Aware Trojan.PWS.Agent.SVN
Emsisoft Trojan.PWS.Agent.SVN (B)
DrWeb PowerShell.DownLoader.1403
MAX malware (ai score=84)
GData Trojan.PWS.Agent.SVN
ALYac Trojan.PWS.Agent.SVN