Summary | ZeroBOX

rtst1053.exe

UPX ASPack Malicious Library PE64 PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 20, 2022, 10:17 a.m. Jan. 20, 2022, 10:38 a.m.
Size 1.6MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 7ce07d94af910e6ffd34fa72ae3060a4
SHA256 37c70b0afb4a0287138c59d169478d09cf216e53b0f4c5e34e83ae2537d731d3
CRC32 B27CF7BB
ssdeep 24576:nui93Vkg97e2KjCcGIG4W6VifDWIkJ7iJtxNhtNNefd0OIG3RQlyrLxoA8ZPo+Zn:dlJe9G3D6JYxpNNEd0OIcRfn0Po+Z1I
PDB Path D:\workspace\workspace_c\shellcode_ms\ResourceVerCur\x64\Release\ResourceVerCur.pdb
Yara
  • ASPack_Zero - ASPack packed file
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

IP Address Status Action
164.124.101.2 Active Moloch
208.95.112.1 Active Moloch
45.136.151.102 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\workspace\workspace_c\shellcode_ms\ResourceVerCur\x64\Release\ResourceVerCur.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
section _RDATA
resource name CONFIG
resource name TXT
suspicious_features POST method with no referer header suspicious_request POST http://www.hhiuew33.com/check/?sid=472473&key=5923dda9cba2eadb669f764a3395a9b2
request GET http://ip-api.com/json/
request GET http://www.hhiuew33.com/check/safe
request POST http://www.hhiuew33.com/check/?sid=472473&key=5923dda9cba2eadb669f764a3395a9b2
request POST http://www.hhiuew33.com/check/?sid=472473&key=5923dda9cba2eadb669f764a3395a9b2
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 58\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 38\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 81\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 47\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 41\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 56\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 32\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 19\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 30\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 22\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 95\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 70\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 28\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 94\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 68\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 29\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 91\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 10\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 96\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data-wal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 46\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 89\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 72\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 66\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 98\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 75\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 86\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 87\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 14\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 82\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 43\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 77\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 61\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 2\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 67\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 7\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 53\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 33\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 34\Network\Cookies
name CONFIG language LANG_CHINESE filetype PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016fd30 size 0x00033e00
name CONFIG language LANG_CHINESE filetype PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016fd30 size 0x00033e00
domain ip-api.com
file C:\Users\test22\AppData\Local\Temp\11111.exe
file C:\Users\test22\AppData\Local\Temp\11111.exe
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

flags: 15
family: 0
111 0
section {u'size_of_data': u'0x00069e00', u'virtual_address': u'0x0013a000', u'entropy': 7.953798739990653, u'name': u'.rsrc', u'virtual_size': u'0x00069cc0'} entropy 7.95379873999 description A section with a high entropy has been found
entropy 0.254890159494 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\fj4ghga23_fsa.txt
file C:\Users\test22\AppData\Local\Temp\11111.exe
Lionic Trojan.Win32.Stealer.trX7
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Mikey.133080
FireEye Generic.mg.7ce07d94af910e6f
CAT-QuickHeal Trojan.Win64RI.S25839259
ALYac Gen:Variant.Mikey.133080
Cylance Unsafe
Sangfor Infostealer.Win32.Stealer.aema
K7AntiVirus Trojan ( 00581cad1 )
Alibaba RiskWare:Win32/NetPass.3335abac
K7GW Trojan ( 00581cad1 )
Cybereason malicious.4af910
Cyren W32/Agent.DZE.gen!Eldorado
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win64/Agent.ATS
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Spyagent-9830839-0
Kaspersky Trojan-PSW.Win32.Stealer.aema
BitDefender Gen:Variant.Mikey.133080
NANO-Antivirus Riskware.Win32.PSWTool.hqsnsl
Avast Win32:MiscX-gen [PUP]
Tencent Malware.Win32.Gencirc.10cff8d5
Ad-Aware Gen:Variant.Mikey.133080
Sophos Mal/Generic-S
DrWeb Tool.PassView.1946
TrendMicro HackTool.Win64.NirSoftPT.SM
McAfee-GW-Edition BehavesLike.Win64.HToolPassView.tc
Emsisoft Trojan.Agent (A)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.PSW.Stealer.aju
Webroot W32.HackTool.Gen
Avira HEUR/AGEN.1208921
Antiy-AVL Trojan/Generic.ASMalwS.30FD5A1
Kingsoft Win32.PSWTroj.Stealer.ae.(kcloud)
Gridinsoft Ransom.Win64.Sabsik.vb
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Gen:Variant.Mikey.133080
Cynet Malicious (score: 100)
AhnLab-V3 Dropper/Win.PWS.R461443
McAfee Agent-FPS!7CE07D94AF91
MAX malware (ai score=80)
VBA32 TrojanPSW.Stealer
Malwarebytes Spyware.PasswordStealer
TrendMicro-HouseCall HackTool.Win64.NirSoftPT.SM
Rising Trojan.Agent!8.B1E (CLOUD)
Yandex Trojan.GenAsa!YHzzSz8xRRg
Ikarus PUA.PSWTool.Webbrowserpassview
Fortinet W64/Agent.ATS!tr
AVG Win32:MiscX-gen [PUP]