popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

pr.exe

Worm Phorpiex Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 11, 2021, 2:59 p.m. Sept. 11, 2021, 3:20 p.m.
Size 8.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 400c88f0603d79c08a3afda851994a52
SHA256 ac836d33a1ee0cf140e455a4d0d4eca6f65a3ddb4e7673d113fe5f55ff73ba88
CRC32 F9106529
ssdeep 192:GmWTaP1T8qKGGoTTP1oynmz6TWS/u4Nn:xWTaP1TaOTb1coWS/nNn
PDB Path c b
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Win_Worm_Phorpiex - a worm which spreads via removable drives and network drives.
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path c b
packer Armadillo v1.71
description pr.exe tried to sleep 122 seconds, actually delayed analysis time by 118 seconds
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Phorpiex Remover reg_value C:\Users\test22\PhorpiexRemover.exe
file C:\Users\test22\AppData\Local\Temp\pr.exe:Zone.Identifier
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37555957
McAfee RDN/Generic.cf
Arcabit Trojan.Generic.D23D0EF5
BitDefenderTheta AI:Packer.5E44C1E31F
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Zonidel.gen
BitDefender Trojan.GenericKD.37555957
Avast Win32:Malware-gen
Ad-Aware Trojan.GenericKD.37555957
McAfee-GW-Edition BehavesLike.Win32.Generic.xm
FireEye Generic.mg.400c88f0603d79c0
Emsisoft Trojan.GenericKD.37555957 (B)
Ikarus Trojan.Crypt
Avira TR/Crypt.XPACK.Gen
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Microsoft Trojan:Script/Phonzy.B!ml
GData Trojan.GenericKD.37555957
Cynet Malicious (score: 100)
VBA32 BScope.Trojan.Tiggre
ALYac Gen:Heur.Mint.Zard.39
MAX malware (ai score=87)
Cylance Unsafe
Rising Trojan.Generic@ML.94 (RDMK:2qDcxafKdfiFyvByQxZXjw)
SentinelOne Static AI - Suspicious PE
Fortinet W32/PossibleThreat
AVG Win32:Malware-gen
Panda Trj/Genetic.gen