popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1562391525.exe

Admin Tool (Sysinternals etc ...) PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 15, 2021, 10:21 a.m. Oct. 15, 2021, 10:22 a.m.
Size 577.0KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 604b759172262363118ab37833ca63bb
SHA256 709aff2453909486058b4b46d2e53dc9bb970aaa2966bae1986e9de0c4b1836d
CRC32 8EEAB87C
ssdeep 12288:Kr6F05RMuue1IEDuOcvZHrTDdwPcN8IT37gTZX2xmUzHxn6AGoa:UQuvIlxZS0YemUzHxHG1
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: SUCCESS: The scheduled task "Azure-Update-Task" has successfully been created.
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2232
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00550000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2680
thread_handle: 0x000000c0
process_identifier: 2260
current_directory:
filepath: C:\Windows\System32\schtasks.exe
track: 1
command_line: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\TelemetryServices\fodhelper.exe"
filepath_r: C:\Windows\System32\schtasks.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
inherit_handles: 0
process_handle: 0x000000c4
1 1 0
section {u'size_of_data': u'0x00002e00', u'virtual_address': u'0x0006f000', u'entropy': 7.8837067638360026, u'name': u'.data', u'virtual_size': u'0x00002c3c'} entropy 7.88370676384 description A section with a high entropy has been found
section {u'size_of_data': u'0x0001ce00', u'virtual_address': u'0x00079000', u'entropy': 7.357989817324126, u'name': u'.rsrc', u'virtual_size': u'0x0001cda8'} entropy 7.35798981732 description A section with a high entropy has been found
entropy 0.220486111111 description Overall entropy of this PE file is high
cmdline /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\TelemetryServices\fodhelper.exe"
MicroWorld-eScan Gen:Variant.Fragtor.30448
FireEye Generic.mg.604b759172262363
Cylance Unsafe
K7GW Trojan ( 005500d91 )
BitDefenderTheta Gen:NN.ZexaF.34218.KK0@aOFGL!mi
ESET-NOD32 a variant of Win32/Rozena.AFG
APEX Malicious
Kaspersky HEUR:Backdoor.MSIL.NanoBot.gen
BitDefender Gen:Variant.Fragtor.30448
Avast Win32:Trojan-gen
Ad-Aware Gen:Variant.Fragtor.30448
Emsisoft Gen:Variant.Fragtor.30448 (B)
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Rozena
Jiangmin TrojanSpy.Stealer.fxn
Webroot W32.Bot.Gen
Avira TR/Rozena.rbxcs
Kingsoft Win32.Hack.Undef.(kcloud)
Arcabit Trojan.Fragtor.D76F0
GData Gen:Variant.Fragtor.30448
Cynet Malicious (score: 100)
MAX malware (ai score=89)
Malwarebytes Trojan.ShellCode
TrendMicro-HouseCall TROJ_GEN.R002C0WJE21
Tencent Msil.Backdoor.Nanobot.Wlfn
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Rozena.AFG!tr
AVG Win32:Trojan-gen
Panda Trj/CI.A