popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

sm7.exe

UPX AntiDebug PE File PE32 .NET EXE AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Feb. 10, 2023, 6:26 p.m. Feb. 10, 2023, 6:32 p.m.
Size 105.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 9f472e5c47f63d675b9789790ace2ad1
SHA256 d9ab515e88d92c37d31ae33b0c3fa49eaf81f75d6d259080de8a04c6cadddb89
CRC32 EBD03898
ssdeep 1536:+OdTSj2BFrxkE3HHUYwmLpUTZtCNh0OCQ+clc8PVgz:3Wkx13H0YcrgWQ+3muz
Yara
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x00015600', u'virtual_address': u'0x00002000', u'entropy': 6.971837117219719, u'name': u'.text', u'virtual_size': u'0x0001540c'} entropy 6.97183711722 description A section with a high entropy has been found
entropy 0.818181818182 description Overall entropy of this PE file is high
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Mokes.4!c
MicroWorld-eScan Trojan.GenericKD.65154717
FireEye Generic.mg.9f472e5c47f63d67
ALYac Trojan.GenericKD.65154717
Cylance Unsafe
Zillya Trojan.GenKryptik.Win32.162512
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0059a0341 )
Alibaba Trojan:Win32/Kryptik.ali2000016
K7GW Trojan ( 0059a0341 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D3E22E9D
Cyren W32/Trojan.GVC.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Kryptik.AHUA
Cynet Malicious (score: 100)
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Backdoor.MSIL.Mokes.gen
BitDefender Trojan.GenericKD.65154717
NANO-Antivirus Trojan.Win32.Mokes.judcol
Avast Win32:PWSX-gen [Trj]
Tencent Msil.Backdoor.Mokes.Zimw
Emsisoft Trojan.Crypt (A)
F-Secure Heuristic.HEUR/AGEN.1253082
DrWeb Trojan.Inject4.50023
VIPRE Trojan.GenericKD.65154717
TrendMicro TROJ_FRS.VSNTLN22
McAfee-GW-Edition RDN/Generic PWS.y
Trapmine malicious.moderate.ml.score
Sophos Mal/MSIL-VD
SentinelOne Static AI - Malicious PE
Jiangmin Backdoor.MSIL.gbib
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1253082
Antiy-AVL Trojan/MSIL.Kryptik
Kingsoft Win32.Hack.Undef.(kcloud)
Xcitium Malware@#7o7mr3xprltr
Microsoft Backdoor:MSIL/Mokes.MBP!MTB
ZoneAlarm HEUR:Backdoor.MSIL.Mokes.gen
GData Trojan.GenericKD.65154717
Google Detected
AhnLab-V3 Trojan/Win.Injection.C5345084
Acronis suspicious
McAfee Artemis!9F472E5C47F6
MAX malware (ai score=84)
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.Crypt.MSIL