popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

beacon.exe

Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 4, 2021, 2:02 p.m. Sept. 4, 2021, 2:11 p.m.
Size 278.0KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 8d8d168e25d41e2d4304c08cb3105d9b
SHA256 669fcafcaf217a0ae7776d1c98b6cbb4fd75fb97b12965185136a09c7bfc0ef2
CRC32 43E42584
ssdeep 3072:KR15m+yOMvRli6eKU3jPmrOH4PXjel/51+YtwpxoqGZ21SQ1P9Kz:KR/z683jGoIjel/51+qmPD1SQJ9
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
185.156.73.37 Active Moloch

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 253952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a10000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
description beacon.exe tried to sleep 171 seconds, actually delayed analysis time by 171 seconds
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 212992
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00950000
process_handle: 0xffffffff
1 0 0
host 185.156.73.37
Bkav W32.AIDetect.malware1
Lionic Trojan.Win64.CozyDuke.trLC
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Trojan.Heur.rCW@ILpZfAc
FireEye Generic.mg.8d8d168e25d41e2d
ALYac Gen:Trojan.Heur.rCW@ILpZfAc
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Rozena.b93c424d
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Heur.E12B80
Cyren W32/Diple.F.gen!Eldorado
ESET-NOD32 a variant of Win32/Rozena.AMZ
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.CobaltStrike-7899872-1
Kaspersky HEUR:Trojan.Win32.CobaltStrike.gen
BitDefender Gen:Trojan.Heur.rCW@ILpZfAc
NANO-Antivirus Trojan.Win32.Rozena.hpcmlv
Avast Win32:HacktoolX-gen [Trj]
Rising Backdoor.CobaltStrike!1.D049 (CLASSIC)
Ad-Aware Gen:Trojan.Heur.rCW@ILpZfAc
TACHYON Trojan/W32.Agent.284672.IN
Sophos Mal/Generic-R + ATK/Cobalt-CC
DrWeb BackDoor.Siggen2.247
TrendMicro Trojan.Win32.COBALT.SM
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
Emsisoft Trojan.Rozena (A)
Ikarus Trojan.Win32.Rozena
Jiangmin Trojan.Cometer.aww
Avira TR/Crypt.XPACK.Gen7
Antiy-AVL Trojan/Generic.ASMalwS.30CAC8E
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Gen.oa!s1
Microsoft Trojan:Win32/Cobaltstrike.MK!MTB
ViRobot Trojan.Win32.Cobalt.284672.A
GData Gen:Trojan.Heur.rCW@ILpZfAc
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.CobaltStrike.R329694
Acronis suspicious
McAfee GenericRXMO-OO!8D8D168E25D4
MAX malware (ai score=81)
VBA32 Trojan.CobaltStrike
Malwarebytes Backdoor.Rozena
TrendMicro-HouseCall Trojan.Win32.COBALT.SM
Tencent Hacktool.Win32.CobaltStrike.za
Yandex Trojan.GenAsa!/C5jzoNrl5s
SentinelOne Static AI - Malicious PE