popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

smbscanlocal0902.exe

Worm Phorpiex Generic Malware PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 3, 2021, 6:11 p.m. Sept. 3, 2021, 6:11 p.m.
Size 2.0MB
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 830ffb393ba8cca073a1c0b66af78de5
SHA256 6c62b768d8b22888724288af038bc0b6e55280ddbbe42a436cdf68889346df18
CRC32 8A78CAF4
ssdeep 49152:c8dgSDqBqrci8PXdzCPabd+aCUzLUhLpW5If7Z:c8dXDqor18PNzCPabTnzLUhLpWa7Z
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Worm_Phorpiex - a worm which spreads via removable drives and network drives.
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: addrs 255
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: no vulnerable hosts found
console_handle: 0x0000000b
1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 16
family: 0
1 0 0
section {u'size_of_data': u'0x00202400', u'virtual_address': u'0x002f3000', u'entropy': 7.880799323302873, u'name': u'UPX1', u'virtual_size': u'0x00203000'} entropy 7.8807993233 description A section with a high entropy has been found
entropy 0.999756986634 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0018fe3d
function_name: wine_get_version
module: ntdll
module_address: 0x773a0000
3221225785 0
Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Eb.4!c
Elastic malicious (high confidence)
MicroWorld-eScan DeepScan:Generic.Malware.GFW!wre!Xh.3B31AFC7
FireEye Generic.mg.830ffb393ba8cca0
ALYac Trojan.Glupteba.gen
Cylance Unsafe
K7AntiVirus Trojan ( 00577d6f1 )
Alibaba Exploit:Win32/RanumBot.678b97ef
K7GW Trojan ( 00577d6f1 )
Cybereason malicious.93ba8c
Cyren W32/RanumBot.P.gen!Eldorado
ESET-NOD32 a variant of WinGo/RanumBot.U
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender DeepScan:Generic.Malware.GFW!wre!Xh.3B31AFC7
Avast FileRepMalware
Ad-Aware DeepScan:Generic.Malware.GFW!wre!Xh.3B31AFC7
Sophos Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.VirRansom.vc
Emsisoft DeepScan:Generic.Malware.GFW!wre!Xh.3B31AFC7 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Eb.vz
Webroot W32.Trojan.Gen
MAX malware (ai score=89)
Antiy-AVL Trojan/Generic.ASBOL.C687
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Microsoft Trojan:Win32/Trickbot!ml
GData DeepScan:Generic.Malware.GFW!wre!Xh.3B31AFC7
Cynet Malicious (score: 100)
McAfee Artemis!830FFB393BA8
Tencent Win32.Exploit.Ms17-010.Dwtb
Ikarus Trojan.Win32.Ranumbot
Fortinet W32/RanumBot.U!tr
AVG FileRepMalware
Panda Trj/RnkBend.A
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Trojan.Malware.300983.susgen
dead_host 192.168.56.101:49205
dead_host 192.168.56.1:445