popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

socks.exe

SystemBC Malicious Packer Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 5, 2021, 9:10 a.m. Nov. 5, 2021, 9:27 a.m.
Size 13.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 177f3023ad736fa45c52b45259175e70
SHA256 45b9e820b3ab997c498a28d59601b1b72fbbf3b9415f8c75843ff24c2b250193
CRC32 D19D4D5A
ssdeep 192:C2WjQTbZ1eBppvfj/j2+cPM3P+Q/tCvwSw3uM76V9bhHOkrUNOA:C2jTbZ0pj/vcqP+ctCYSw3GV9bhrUNO
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • SystemBC_IN - SystemBC
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
91.209.70.71 Active Moloch
23.76.153.107 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1236
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004d30000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 10241323008
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer
total_number_of_bytes: 0
1 1 0
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 2 (FILE_CREATE)
file_handle: 0x0000010c
filepath: C:\Windows\Tasks\wow64.job
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Windows\Tasks\wow64.job
create_options: 100 (FILE_NON_DIRECTORY_FILE|FILE_SEQUENTIAL_ONLY|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 5 (FILE_SHARE_READ|FILE_SHARE_DELETE)
1 0 0
host 91.209.70.71
host 23.76.153.107
file C:\Windows\Tasks\wow64.job
Elastic malicious (high confidence)
DrWeb Trojan.Siggen13.5932
MicroWorld-eScan Gen:Variant.Doina.8081
FireEye Generic.mg.177f3023ad736fa4
McAfee GenericRXAA-FA!177F3023AD73
Cylance Unsafe
Zillya Trojan.Coroxy.Win32.88
K7AntiVirus Trojan ( 00578fc91 )
K7GW Trojan ( 00578fc91 )
Cybereason malicious.3ad736
Cyren W32/Threat-HLLSI-based!Maximus
Symantec Backdoor.SystemBC
ESET-NOD32 a variant of Win32/Coroxy.D
APEX Malicious
ClamAV Win.Malware.Doina-9878360-0
Kaspersky VHO:Trojan.Win32.Convagent.gen
BitDefender Gen:Variant.Doina.8081
NANO-Antivirus Trojan.Win32.Coroxy.ivgrxs
Avast Win32:TrojanX-gen [Trj]
Rising Backdoor.SystemBC!1.D22F (CLASSIC)
Ad-Aware Gen:Variant.Doina.8081
Emsisoft Gen:Variant.Doina.8081 (B)
TrendMicro Trojan.Win32.COROXY.SMYXBC3A
Sophos ML/PE-A
Ikarus Trojan.Win32.Coroxy
Jiangmin Trojan.Multi.qr
MaxSecure Trojan.Malware.82199810.susgen
Avira HEUR/AGEN.1111611
MAX malware (ai score=87)
Antiy-AVL Trojan/Generic.ASMalwS.328A0D9
Gridinsoft Trojan.Win32.Agent.dd!s1
Microsoft Backdoor:Win32/Coroxy.G!MTB
GData Gen:Variant.Doina.8081
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.SystemBC.R366856
VBA32 BScope.Trojan.Wacatac
ALYac Gen:Variant.Doina.8081
TACHYON Trojan/W32.Convagent.13824
Malwarebytes Trojan.Coroxy
TrendMicro-HouseCall Trojan.Win32.COROXY.SMYXBC3A
Tencent Malware.Win32.Gencirc.10ceb989
Yandex Trojan.Coroxy!bg8rBBaYKs0
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_96%
Fortinet W32/Coroxy.D!tr
AVG Win32:TrojanX-gen [Trj]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_60% (D)