Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 22, 2023, 1:42 p.m.	Jan. 22, 2023, 2:14 p.m.

Size	4.0MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1b95646f069d9414608be6d31fca0c1e`
SHA256	`76fa10af6bec8b083f5f9339e16509ad0796e97776266317baa84c4129d6f4a4`
CRC32	`D5E6D9C0`
ssdeep	`49152:flHeb8mHxMQg3Q3cX5C/wnvdAlPjcmYWJpu8+mHMoL/:de4mRP`
Yara	IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
20.100.196.69	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Communicates with host for which no DNS query was performed (1 event)

host

20.100.196.69

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

20.100.196.69:9281

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Bladabindi.4!c
Cynet	Malicious (score: 99)
FireEye	Generic.mg.1b95646f069d9414
CAT-QuickHeal	Backdoor.MsilFC.S20328100
ALYac	Trojan.GenericKD.64923995
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.3999195
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0057dd3b1 )
Alibaba	Backdoor:MSIL/AsyncRAT.8896361c
K7GW	Trojan ( 0057dd3b1 )
Cybereason	malicious.cbb3f3
Arcabit	Trojan.Generic.D3DEA95B
Cyren	W32/MSIL_Bladabindi.GJ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.ZIR
APEX	Malicious
Kaspersky	HEUR:Backdoor.MSIL.Bladabindi.gen
BitDefender	Trojan.GenericKD.64923995
NANO-Antivirus	Trojan.Win32.Bladabindi.juaafy
MicroWorld-eScan	Trojan.GenericKD.64923995
Avast	Win32:Trojan-gen
Tencent	Msil.Backdoor.Bladabindi.Oqil
Emsisoft	Trojan.GenericKD.64923995 (B)
DrWeb	Trojan.Siggen9.56514
VIPRE	Trojan.GenericKD.64923995
TrendMicro	Backdoor.Win32.ASYNCRAT.YXCL1Z
McAfee-GW-Edition	GenericRXOC-UC!1B95646F069D
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Jiangmin	Backdoor.MSIL.gbak
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1235912
Antiy-AVL	Trojan/MSIL.Kryptik
Gridinsoft	Ransom.Win32.Bladabindi.sa
Xcitium	Malware@#2pmiswhvydqsc
Microsoft	Trojan:MSIL/AsyncRAT.RDSC!MTB
GData	Trojan.GenericKD.64923995
Google	Detected
AhnLab-V3	Malware/Gen.RL_Reputation.C4314872
Acronis	suspicious
McAfee	GenericRXOC-UC!1B95646F069D
MAX	malware (ai score=83)
Malwarebytes	Trojan.Crypt.MSIL
TrendMicro-HouseCall	Backdoor.Win32.ASYNCRAT.YXCL1Z
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:tz4bfq5HhU/3gtc5Y293Kg)
Yandex	Trojan.Kryptik!L5Mw3e9SLxQ
Ikarus	Trojan.MSIL.Crypt

NCNXJ2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All