popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

RemoteCMD - 3.0.exe

Generic Malware UPX ASPack Antivirus Malicious Library PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 19, 2021, 4:32 p.m. Oct. 19, 2021, 4:34 p.m.
Size 466.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 70ca048c47aa97e95e1ea36ce2514ac3
SHA256 db68cb9d5b34c56286f68eb5e15966b5007d31de8f35b707e1ecfcee2bad4ca5
CRC32 61AEE004
ssdeep 6144:cQB8OWua/aK/sFf9aTlSNbaBm/skZfNr4vbQ5:TB854K/XlS9aY/smfNr4TQ5
Yara
  • ASPack_Zero - ASPack packed file
  • Antivirus - Contains references to security software
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Please enter the IP Address of the computer:
console_handle: 0x00000007
1 1 0
resource name None
file C:\Windows\Temp\psexec.exe
file C:\Windows\Temp\RemoteCMD - 3.0.cmd
Cylance Unsafe
APEX Malicious
ClamAV Win.Trojan.Startpage-1991
Sophos ML/PE-A
FireEye Generic.mg.70ca048c47aa97e9
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
AhnLab-V3 Trojan/Win32.Qhost.C121763
Rising Trojan.Generic@ML.92 (RDML:fH0Z+nop2/TfTUzyz6Lqzw)
Yandex Trojan.GenAsa!hKRyaSzRsss