popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1NEW.exe

Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 25, 2021, 10:55 a.m. Sept. 25, 2021, 11:19 a.m.
Size 3.8MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 753e9e39697b50fba8a7d8d9d1fed16d
SHA256 287f7c874f31dee5fca98794529da009bec348309a6e47d02d3b6f776a055a42
CRC32 3ABD6CFE
ssdeep 98304:877Pmq33rE/JDLPWZADUGer7B6iY74M/kmlwXVZaFB:K+R/eZADUXR
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
103.151.125.18 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e22000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0
host 103.151.125.18
Time & API Arguments Status Return Repeated

NtQuerySystemInformation

 information_class: 8 (SystemProcessorPerformanceInformation)
1 0 0
description 1NEW.exe tried to sleep 8184943 seconds, actually delayed analysis time by 8184940 seconds
Time & API Arguments Status Return Repeated

SetWindowsHookExW

 thread_identifier: 0
callback_function: 0x0050f84a
hook_identifier: 14 (WH_MOUSE_LL)
module_address: 0x00000000
1 1769759 0
Time & API Arguments Status Return Repeated

SetWindowsHookExW

 thread_identifier: 0
callback_function: 0x004ca8cc
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x00000000
1 524647 0
dead_host 103.151.125.18:1234
Lionic Trojan.Win32.Solmyr.l!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Midie.78485
CAT-QuickHeal Trojan.GenericRI.S20702303
ALYac Gen:Variant.Midie.78485
Cylance Unsafe
Zillya Trojan.Agent.Win32.2292820
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Backdoor:Win32/ParalaxRat.82c88437
K7GW Trojan ( 005690671 )
K7AntiVirus Trojan ( 005690671 )
Arcabit Trojan.Midie.D13295
Cyren W32/Trojan.GFY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Agent.ACBZ
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Mikey-9819889-0
Kaspersky HEUR:Trojan-Spy.Win32.Solmyr.gen
BitDefender Gen:Variant.Midie.78485
NANO-Antivirus Trojan.Win32.Solmyr.ixdyob
Avast Win32:RATX-gen [Trj]
Rising Trojan.Generic@ML.80 (RDML:49oWZvJELwx//zzWFOaZig)
Ad-Aware Gen:Variant.Midie.78485
TACHYON Trojan-Spy/W32.Solmyr.3943424
Emsisoft Trojan.Agent (A)
DrWeb Trojan.Siggen14.19963
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Generic.wh
FireEye Generic.mg.753e9e39697b50fb
Sophos Mal/Generic-S
Ikarus Trojan.MalPack
Jiangmin TrojanSpy.Solmyr.be
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1140205
Antiy-AVL Trojan/Generic.ASMalwS.33CD62C
Kingsoft Win32.Heur.KVMH017.a.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa!s1
Microsoft Backdoor:Win32/ParalaxRat.STD
ZoneAlarm HEUR:Trojan-Spy.Win32.Solmyr.gen
GData Win32.Trojan.PSE.13TZGC
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.Reputation.R374951
McAfee GenericRXNE-PP!753E9E39697B
MAX malware (ai score=80)
VBA32 TrojanSpy.Solmyr
Malwarebytes Generic.Trojan.Malicious.DDS
TrendMicro-HouseCall TROJ_GEN.R002C0DIG21
Tencent Malware.Win32.Gencirc.10cec704
Yandex Trojan.Agent!mpJSPmzsnqA