popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ss27.exe

Gen1 Generic Malware UPX Malicious Library Malicious Packer PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 11, 2023, 10:27 a.m. March 11, 2023, 10:30 a.m.
Size 818.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ebe51104a56d305aac2419e97e58f975
SHA256 3d4182d4be7f38a25e526943f33c8a2cb6c88c23bd7d08e8ee5e6c907a72945d
CRC32 E8FAD064
ssdeep 6144:x5UguSWlTtbveMH2QRObpNSEmV5cvWeKwDWusJkUpCvpniMWJlHQhynq3W4qOmc/:x5JGFveBQETwyjdJiGEEgSo5Xw
PDB Path ShapeCollector.pdb
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
131.153.76.130 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path ShapeCollector.pdb
resource name MUI
resource name REGISTRY
resource name TYPELIB
resource name UIFILE
ESET-NOD32 a variant of Win64/TrojanDownloader.Agent.ZX
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
F-Secure Trojan.TR/YAV.Minerva.njkmd
McAfee-GW-Edition BehavesLike.Win64.Dropper.ch
Avira TR/YAV.Minerva.njkmd
ZoneAlarm UDS:DangerousObject.Multi.Generic
AhnLab-V3 Trojan/Win.Generic.C5393137
McAfee Artemis!EBE51104A56D
host 131.153.76.130