popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Client.exe

Generic Malware Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 14, 2021, 6:07 p.m. Nov. 14, 2021, 6:14 p.m.
Size 880.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 be5c1be0364b3ec5644e1ae66fb1438b
SHA256 037a1190ff15e3ebf4a05b0bea403cf39a93209089894aa6d8cfb46e0e508cff
CRC32 7D8B3F4F
ssdeep 12288:LiKrwWDNiieuuBDT/p0GrW5hnHh57Tkp1wRlZ+:n4zW5hnHh5nkp+RW
PDB Path C:\Users\Coder\Downloads\HVNC-main\HVNC-main\_bin\Debug\Win32\Client.pdb
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
45.61.138.237 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49162 -> 45.61.138.237:8573 2034281 ET MALWARE TinyNuke VNC Checkin A Network Trojan was detected
TCP 192.168.56.101:49164 -> 45.61.138.237:8573 2034281 ET MALWARE TinyNuke VNC Checkin A Network Trojan was detected

Suricata TLS

No Suricata TLS

pdb_path C:\Users\Coder\Downloads\HVNC-main\HVNC-main\_bin\Debug\Win32\Client.pdb
section .textbss
section .msvcjmc
section .00cfg
packer Microsoft Visual C++ V8.0 (Debug)
host 45.61.138.237
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
McAfee Artemis!BE5C1BE0364B
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005764bc1 )
Alibaba TrojanSpy:Win32/Tinukebot.af28f6ca
K7GW Trojan ( 005764bc1 )
Cybereason malicious.0364b3
Arcabit Generic.Tinukebot.1.D5D60F4D
Cyren W32/Agent.DQW.gen!Eldorado
ESET-NOD32 a variant of Win32/Agent.UHI
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Banker.Win32.TinyNuke.gen
BitDefender Generic.Tinukebot.1.D5D60F4D
MicroWorld-eScan Generic.Tinukebot.1.D5D60F4D
Tencent Win32.Trojan-banker.Tinynuke.Phqi
Ad-Aware Generic.Tinukebot.1.D5D60F4D
TrendMicro TROJ_GEN.R002C0DKD21
FireEye Generic.mg.be5c1be0364b3ec5
Emsisoft Generic.Tinukebot.1.D5D60F4D (B)
Ikarus Win32.Outbreak
Avira TR/Agent.djfco
MAX malware (ai score=84)
Microsoft TrojanSpy:Win32/Tinukebot.gen!bit
GData Generic.Tinukebot.1.D5D60F4D
AhnLab-V3 Trojan/Win.Generic.R447462
VBA32 BScope.Backdoor.Agent
ALYac Generic.Tinukebot.1.D5D60F4D
Cylance Unsafe
TrendMicro-HouseCall TROJ_GEN.R002C0DKD21
Rising Trojan.TinyNuke!1.B70D (CLASSIC)
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Agent.UHI!tr
BitDefenderTheta Gen:NN.ZexaF.34266.3KW@aCf72Uni
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (W)