popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

farm_money.exe

Malicious Packer Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 14, 2021, 5:18 p.m. Oct. 14, 2021, 5:35 p.m.
Size 1.9MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 fa409741e16094bb8bc373d7b46742cd
SHA256 c5c1c355c0e253df7b6a49d296c00663cc9692328dd236ab4f43fafc2ec70ec8
CRC32 808EE278
ssdeep 49152:47HPtc7WxLiwBM+/hO7ufPUWvcf5p/ZjlicJ6fuJ+Kjt1ph:eHPa7elm+/hTMlv/2cJ624Wt17
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x001f0600', u'virtual_address': u'0x00002000', u'entropy': 7.99986137180587, u'name': u'.rdata', u'virtual_size': u'0x001f0487'} entropy 7.99986137181 description A section with a high entropy has been found
entropy 0.997989444584 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1628
region_size: 2035712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000200000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x000000000000002c
1 0 0
Process injection Process 2088 manipulating memory of non-child process 1628
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1628
region_size: 2035712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000200000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x000000000000002c
1 0 0
Elastic malicious (high confidence)
DrWeb Trojan.InjectNET.14
MicroWorld-eScan Trojan.GenericKDZ.78431
FireEye Generic.mg.fa409741e16094bb
CAT-QuickHeal Trojan.Multi
ALYac Trojan.GenericKDZ.78431
Cylance Unsafe
Sangfor Trojan.Win64.Donut.bnq
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win64/Donut.b37e1a5e
K7GW Trojan ( 005886841 )
K7AntiVirus Trojan ( 005886841 )
Cyren W64/Donut.A.gen!Eldorado
ESET-NOD32 a variant of Win32/Agent_AGen.AP
Paloalto generic.ml
Kaspersky Trojan.Win64.Donut.bnq
BitDefender Trojan.GenericKDZ.78431
Avast FileRepMalware
Tencent Win32.Trojan.Generic.Ednc
Ad-Aware Trojan.GenericKDZ.78431
Sophos Mal/Generic-S
McAfee-GW-Edition Artemis!Trojan
Emsisoft Trojan.Agent (A)
Ikarus Trojan.Win32.Agent_agen
Jiangmin Trojan.Donut.gz
Avira TR/Redcap.dmttu
MAX malware (ai score=84)
Gridinsoft Trojan.Win64.Agent.vb
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Trojan.GenericKDZ.78431
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.R444169
McAfee GenericRXAA-AA!FA409741E160
VBA32 Trojan.InjectNET
Malwarebytes Trojan.Agent.Generic
TrendMicro-HouseCall TROJ_GEN.R002H0CJC21
Fortinet W64/AgentAGen.AP!tr
Webroot W32.Trojan.Gen
AVG FileRepMalware
Panda Trj/CI.A