popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

server.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 23, 2023, 1:01 p.m. March 23, 2023, 1:05 p.m.
Size 145.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 faf3c47c4d784d20688a8cfd37198518
SHA256 ba99e2163f2a673708f5f6f4c8b6ba6e739ec852c25f239b10b1eefcc41d0022
CRC32 3D6CC1F4
ssdeep 1536:ia0dkJcE9FWrsyZK4aUkJ+sMpQCrIULTRN9EQQ5gci1fnGaBsWjcdpvJ+qHf7Uio:x0+HAaUO1C9dNaph+EUidlq3W5DSh
PDB Path F:\Projects\7妹子\20150606\Server\Release\Server.pdb
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
81.68.216.37 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path F:\Projects\7妹子\20150606\Server\Release\Server.pdb
file C:\Windows\WindowsUpdate\iyehgywzgxx.exe
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeBackupPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeBackupPrivilege
1 1 0
host 81.68.216.37
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iyehgywzgxx.exe reg_value C:\Windows\WindowsUpdate\iyehgywzgxx.exe
file C:\Windows\WindowsUpdate\iyehgywzgxx.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify
description attempts to disable user access control registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
description disables user access control notifications registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify
Bkav W32.VariantPalevoB.Trojan
Lionic Worm.Win32.Palevo.tnDr
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.47077691
FireEye Generic.mg.faf3c47c4d784d20
CAT-QuickHeal Trojan.Mauvaise.SL1
McAfee GenericRXFQ-JP!FAF3C47C4D78
Malwarebytes Agent.Trojan.DDOS.DDS
Sangfor Suspicious.Win32.Save.ins
K7AntiVirus DoS-Trojan ( 004c87db1 )
Alibaba Malware:Win32/km_2c960.None
K7GW DoS-Trojan ( 004c87db1 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZexaF.36344.juW@a01N9bei
VirIT Trojan.Win32.Generic.FPU
Cyren W32/Palevo.AA.gen!Eldorado
Symantec SMG.Heur!gen
ESET-NOD32 Win32/DDoS.Agent.NBL
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky P2P-Worm.Win32.Palevo.hsfb
BitDefender Trojan.GenericKD.47077691
NANO-Antivirus Trojan.Win32.Palevo.eedpnj
SUPERAntiSpyware Trojan.Agent/Gen-Malagent
Tencent Malware.Win32.Gencirc.10b0d343
Sophos Troj/Mdrop-IIF
DrWeb Trojan.DownLoader24.60205
VIPRE Trojan.GenericKD.47077691
TrendMicro TROJ_FUSHIELD.SM
McAfee-GW-Edition BehavesLike.Win32.NetLoader.ch
Trapmine malicious.moderate.ml.score
Emsisoft Trojan.GenericKD.47077691 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan/Generic.bgtwn
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1317457
MAX malware (ai score=84)
Gridinsoft Trojan.Win32.Agent.sd!s1
Xcitium TrojWare.Win32.Palevo.AA@5szlv3
Arcabit Trojan.Generic.D2CE593B
ViRobot Trojan.Win32.Agent.148992.V
ZoneAlarm P2P-Worm.Win32.Palevo.hsfb
GData Trojan.GenericKD.47077691
Google Detected
AhnLab-V3 Trojan/Win32.Dynamer.R159816
Acronis suspicious
VBA32 BScope.Trojan.Pynamer
ALYac Trojan.GenericKD.47077691
TACHYON Worm/W32.Palevo.148992.CT
dead_host 192.168.56.103:49171
dead_host 192.168.56.103:49170
dead_host 192.168.56.103:49162
dead_host 192.168.56.103:49173
dead_host 192.168.56.103:49168
dead_host 192.168.56.103:49172
dead_host 192.168.56.103:49174
dead_host 192.168.56.103:49164
dead_host 192.168.56.103:49169
dead_host 192.168.56.103:49167
dead_host 81.68.216.37:52
dead_host 192.168.56.103:49166