popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

resiger.exe

Malicious Library UPX Malicious Packer Anti_VM PE File PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 1, 2022, 6:05 p.m. July 1, 2022, 6:12 p.m.
Size 836.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3578aaa113d7683b85fc0768f816dafb
SHA256 666b7cd211ead3bc4fc8ff1e480a73ab9cb8ecf678e31991f5d6269b00282087
CRC32 0DD368CB
ssdeep 24576:m7dDx31WqXL1E7GNMUm62JBWpSyk3Fg/x/KE0lml1aZ66z24VZbHZzv:mBVAEL1bF2JBmStFO/KE5CZ66z24VZbR
Yara
  • IsPE32 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Is_DotNET_EXE - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
frp1.freefrp.net
A 132.226.17.62
132.226.17.62
IP Address Status Action
132.226.17.62 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .sedata
section {u'size_of_data': u'0x00006400', u'virtual_address': u'0x00002000', u'entropy': 7.987479532754183, u'name': u'.text', u'virtual_size': u'0x0001c000'} entropy 7.98747953275 description A section with a high entropy has been found
section {u'size_of_data': u'0x000bb000', u'virtual_address': u'0x0001e000', u'entropy': 7.825837821091861, u'name': u'.sedata', u'virtual_size': u'0x000bc000'} entropy 7.82583782109 description A section with a high entropy has been found
section {u'size_of_data': u'0x00002000', u'virtual_address': u'0x000ea000', u'entropy': 7.993362288023982, u'name': u'.sedata', u'virtual_size': u'0x00002000'} entropy 7.99336228802 description A section with a high entropy has been found
entropy 0.935329341317 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Lionic Hacktool.Win32.Generic.mzvW
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.3578aaa113d7683b
McAfee RDN/Generic.grp
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Droma.6e463cd2
K7GW Trojan ( 00481e081 )
K7AntiVirus Trojan ( 00481e081 )
Arcabit Trojan.Generic.D2E10893
Cyren W32/Patched.J.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Packed.NoobyProtect.C
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.Droma.aedp
BitDefender Trojan.GenericKD.48302227
MicroWorld-eScan Trojan.GenericKD.48302227
Avast Win32:Malware-gen
Tencent Win32.Trojan.Droma.Ljki
Ad-Aware Trojan.GenericKD.48302227
Sophos Mal/Generic-S
Comodo TrojWare.Win32.Amtar.KNB@4wlm66
DrWeb BackDoor.AsyncRATNET.1
Zillya Trojan.Droma.Win32.1651
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc
Trapmine malicious.high.ml.score
Emsisoft Trojan.GenericKD.48302227 (B)
SentinelOne Static AI - Malicious PE
Avira HEUR/AGEN.1248973
MAX malware (ai score=82)
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Heur!.030100A1
Microsoft Trojan:Win32/Sabsik.TE.B!ml
ZoneAlarm Trojan.Win32.Droma.aedp
GData Win32.Packed.NoobyProtect.B
AhnLab-V3 Trojan/Win.Generic.R480150
ALYac Trojan.GenericKD.48302227
VBA32 TScope.Malware-Cryptor.SB
Malwarebytes Malware.Heuristic.1003
Rising Trojan.Generic@AI.99 (RDMK:HnWZroXS9+dGMXI9TuDqoA)
Yandex Trojan.GenAsa!ZU9DiP7n6KA
Ikarus PUA.NoobyProtect
MaxSecure Trojan.Malware.140129947.susgen
Fortinet Riskware/Application
BitDefenderTheta Gen:NN.ZexaF.34742.0u0@amhLiRp
AVG Win32:Malware-gen
dead_host 132.226.17.62:37898
dead_host 192.168.56.103:49163
dead_host 192.168.56.103:49162
dead_host 192.168.56.103:49165
dead_host 192.168.56.103:49164
dead_host 192.168.56.103:49169
dead_host 192.168.56.103:49167
dead_host 192.168.56.103:49168
dead_host 192.168.56.103:49166