popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

music.exe

UPX Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 21, 2022, 9:59 a.m. Dec. 21, 2022, 10:12 a.m.
Size 4.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3c10a82315dff77af1026ebc85817d56
SHA256 71f47605360c60769050baadca0a2591c034509e0264fab25fd772a6a67d9553
CRC32 92F37AC7
ssdeep 98304:Dg2UKMx7bVNlh4DzS3Sj9SbG80ojiDf7fNinIRx//3LtTs4z0izea4JJVy1s+BJ:Dg2UNbV7hV3KSSlJT/PLtN0iya4Jjy1T
Yara
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
mrmax4td.beget.tech
A 91.106.207.89
91.106.207.89
IP Address Status Action
164.124.101.2 Active Moloch
91.106.207.89 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49166 -> 91.106.207.89:80 2023505 ET MALWARE CerberTear Ransomware CnC Checkin Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
packer Armadillo v1.71
request GET http://mrmax4td.beget.tech/cmd.php?hwid=7C6024AD
request GET http://mrmax4td.beget.tech/cmd.php?timeout=1
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 828
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc2000
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetect.malware2
Cylance Unsafe
Sangfor Trojan.Win32.Agent.Vi1q
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Generik.DKNESME
APEX Malicious
Avast FileRepMalware [Misc]
ClamAV Win.Keylogger.Gencbl-9969771-0
McAfee-GW-Edition Artemis
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S
Jiangmin Trojan.Gamaredon.i
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Win32.Application.Coinminer.FXCUYE
Cynet Malicious (score: 100)
McAfee Artemis!3C10A82315DF
Malwarebytes Malware.AI.832178488
Yandex Trojan.GenAsa!/mh2sPgQKco
Fortinet Riskware/Application
AVG FileRepMalware [Misc]