popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dssdsdaw37k41y.exe

Cobalt Strike Darkside Ransomware Admin Tool (Sysinternals etc ...) Malicious Library PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 11, 2021, 2:59 p.m. Sept. 11, 2021, 3:29 p.m.
Size 566.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1091e6c1f4527d8a034e37aa1e087b31
SHA256 f97cd3f392be9e58340922f0aa46393ce966212c588174926f47d965c75db63a
CRC32 7D513AD9
ssdeep 6144:cjcPiCQZe3Mlkfq/XUEYF083VmUDTHhKgXbjOTvIVGglcuHzCsrMjNl:pVQZe3MyQkEYSwvrXWk0gr+s
PDB Path C:\yira_hazulej_jacisososize\jepamoxuxedey\miko\xegonuhoy we.pdb
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Trojan_DarkSide_Ransomware_1_Zero - Darkside Ransomware
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\yira_hazulej_jacisososize\jepamoxuxedey\miko\xegonuhoy we.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 323584
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c9e000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2212
region_size: 585728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x044a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00050000', u'virtual_address': u'0x00027000', u'entropy': 7.975619330070821, u'name': u'.data', u'virtual_size': u'0x02758bdc'} entropy 7.97561933007 description A section with a high entropy has been found
entropy 0.565870910698 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.1091e6c1f4527d8a
CAT-QuickHeal Ransom.Stop.Z5
McAfee Artemis!1091E6C1F452
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.62ec22
Symantec Packed.Generic.620
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Fragtor.18528
MicroWorld-eScan Gen:Variant.Fragtor.18528
Avast Win32:CrypterX-gen [Trj]
Rising Trojan.Kryptik!1.D975 (CLASSIC)
Ad-Aware Gen:Variant.Fragtor.18528
McAfee-GW-Edition BehavesLike.Win32.SuspiciousFake.hc
Sophos ML/PE-A
SentinelOne Static AI - Malicious PE
Microsoft Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm UDS:DangerousObject.Multi.Generic
Acronis suspicious
VBA32 BScope.Trojan.AET.281105
MAX malware (ai score=84)
Ikarus Trojan.Win32.Azorult
MaxSecure Trojan.Malware.300983.susgen
BitDefenderTheta Gen:NN.ZexaF.34142.JuW@aW!UC3eO
AVG Win32:CrypterX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (D)