popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

obn.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 8, 2021, 5:28 p.m. Sept. 8, 2021, 5:35 p.m.
Size 8.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4f4126b538d7862b2bc1c7c1513d2a18
SHA256 64504291d0c7a200389df304fa4b88452110ead9cab7de1713393399be8b70d9
CRC32 9F2C52CC
ssdeep 192:KH0JH08lYH0yH08lg07H08lVQWF9I5oWUD:KCvYNvXv1K2
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
img.neko.airforce
A 167.172.239.151
167.172.239.151
IP Address Status Action
164.124.101.2 Active Moloch
167.172.239.151 Active Moloch

Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.920134
FireEye Generic.mg.4f4126b538d7862b
Cylance Unsafe
Cybereason malicious.fa1804
BitDefenderTheta Gen:NN.ZexaF.34126.auW@a8oJvyci
Cyren W32/Threat-HLLSI-based!Maximus
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Razy.920134
Rising Trojan.Generic@ML.83 (RDML:Sjzmfu2ZAy27Gdfpkb+aQA)
Ad-Aware Gen:Variant.Razy.920134
Emsisoft Gen:Variant.Razy.920134 (B)
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
MAX malware (ai score=86)
Microsoft Trojan:Script/Phonzy.C!ml
GData Gen:Variant.Razy.920134
Cynet Malicious (score: 100)
VBA32 BScope.Trojan.Injects
CrowdStrike win/malicious_confidence_90% (D)