popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ab.exe

Dimnie PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 8, 2021, 5:29 p.m. Sept. 8, 2021, 5:35 p.m.
Size 9.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d35a920b33e638e40ee6d00e3a76753e
SHA256 c2332823894be83d6603a49152e3fafc0677cdd274117c3a2c5a292734816c37
CRC32 C3691462
ssdeep 96:56ucy0IBducy0IB7lGucy0IBwucy0IB7l2hfE9+ucy0IB7l21ygnCsvb2c9aILlm:DH0JH08lBH0yH08lg0pH08lWnLfOc
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Dimnie_IN - Dimnie

Name Response Post-Analysis Lookup
img.neko.airforce
A 167.172.239.151
167.172.239.151
IP Address Status Action
164.124.101.2 Active Moloch
167.172.239.151 Active Moloch

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00143000
process_handle: 0xffffffff
1 0 0
Elastic malicious (high confidence)
FireEye Generic.mg.d35a920b33e638e4
Cylance Unsafe
Cybereason malicious.212de5
BitDefenderTheta Gen:NN.ZexaF.34126.auW@aO!axQfi
Cyren W32/Agent.DJF.gen!Eldorado
ESET-NOD32 Win32/TrojanDownloader.Agent.FVU
APEX Malicious
Kaspersky VHO:Trojan.Win32.Convagent.gen
NANO-Antivirus Virus.Win32.Gen.ccmw
Avast Win32:MalwareX-gen [Trj]
Rising Trojan.Generic@ML.88 (RDML:jPZdi1CGbiAOp4e+nWK+bg)
VIPRE Lookslike.Win32.Sirefef.c!ag (v)
Microsoft Trojan:Script/Phonzy.C!ml
VBA32 BScope.Trojan.Injects
SentinelOne Static AI - Malicious PE
AVG Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_60% (D)
MaxSecure Trojan.Malware.300983.susgen