popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ppp.exe

PE32 PE File .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 29, 2023, 5:33 p.m. March 29, 2023, 5:43 p.m.
Size 273.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a82baff8213bd78f398420e6ed3d58aa
SHA256 e5be75b9889d30d6d369e60f1f870e812443066d84fea72ea6f97b8b3652e495
CRC32 301F7BD4
ssdeep 6144:dgBHDQRYClBdKlwpiKPAn61xMazDPiNZDXcbMbwx1PS:dgBjQuClMPQ+61zzc13bwx1P
Yara
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:53004 -> 164.124.101.2:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
TCP 192.168.56.101:49169 -> 194.58.112.174:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 194.58.112.174:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 194.58.112.174:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 216.40.34.41:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 216.40.34.41:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 216.40.34.41:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 23.231.72.112:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 23.231.72.112:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 23.231.72.112:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 172.67.213.169:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 172.67.213.169:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 172.67.213.169:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 34.117.168.233:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 34.117.168.233:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 34.117.168.233:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 66.96.162.138:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 66.96.162.138:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 66.96.162.138:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 18.140.6.45:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 18.140.6.45:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 18.140.6.45:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49173 -> 198.54.117.218:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49173 -> 198.54.117.218:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49173 -> 198.54.117.218:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
suspicious_features GET method with no useragent header suspicious_request GET http://www.csrvcars.com/udh1/?cUMMa5v=XEemPPOTV26sKXQzDYMsrkGsJokzxPFPbFpU+n9uCd2chnbXsi75dkjdHRd+i/N9AgC/cMMMBBk+slWuActf4QAZvLu0iyaFuJXVPTg=&GV=hSkJd_W
suspicious_features GET method with no useragent header suspicious_request GET http://www.zhn.biz/udh1/?cUMMa5v=LfrgFpvSkJA2y41K7oV1vuuQyWHfo0uy5ufNO5HpKtxTTE0bBGpeg3SJ2RFsjNe1w4Pec63rxh4rwW+J1uIf4mhDhIMbmXY09bayaEE=&GV=hSkJd_W
suspicious_features GET method with no useragent header suspicious_request GET http://www.special-order.online/udh1/?cUMMa5v=CwuBCJt94bxtc2gNtpoM3E+US0dkKMARx3Pvc7vf2LAtLU32691wJ0dQetaubb0PioG6wR7W5uX4+q4XU8z6LBF3Qfs1ipW/MdlZd78=&GV=hSkJd_W
suspicious_features GET method with no useragent header suspicious_request GET http://www.azstoreatoderma.click/udh1/?cUMMa5v=R/kB4/0HM2tcwqvhXH4XIYj1eTxJXqndlHH19RjFed8ZhY1qAasVyZxg1ws7A7LtJYEr4634gz6I87tnmhAW+ys9K/jaGw++UPdFo8c=&GV=hSkJd_W
suspicious_features GET method with no useragent header suspicious_request GET http://www.olympusmix.com/udh1/?cUMMa5v=lWZk+s3blMuiGWpXy6frpU4enEwBG5gJanUH8/6Evmw4nHtx+SdA/kN+9f5N/0KA2bk6RtFa0tH8PADjgLi95JHf+wn8BjREHXSWn6U=&GV=hSkJd_W
suspicious_features GET method with no useragent header suspicious_request GET http://www.ghostdyes.net/udh1/?cUMMa5v=lj2vP+EAw0fELJNPJ5VtAcTjxQQz8hKi5d9v+h5W1hvMFJJN0lWMU8OkjsFxsGAkw0S50RNizKyMtcUDX4tgR0i1IahDyycai/CThP0=&GV=hSkJd_W
suspicious_features GET method with no useragent header suspicious_request GET http://www.wearecatalyst.app/udh1/?cUMMa5v=tt9dYLtFsKfLIIIXMfpRfs924GbOuHLcMLKVMdaTOcJrEAGIFAHeQ5Ly9YOpmT4Rz3p2Jl5Xgzq6cAPtFXnDdyfQg2kRv5Z1dRZDL3M=&GV=hSkJd_W
suspicious_features GET method with no useragent header suspicious_request GET http://www.centaura.community/udh1/?cUMMa5v=kMKsR5rTxSYNZgWncVUlGrpLkwsOTig3tGW39qhs19NQJLtwYtRkr4H+EIRE8MUOxMFfo6MP6730mq+L8n2Tmf9vKWCdpbnfDO0cF8Q=&GV=hSkJd_W
request GET http://www.csrvcars.com/udh1/?cUMMa5v=XEemPPOTV26sKXQzDYMsrkGsJokzxPFPbFpU+n9uCd2chnbXsi75dkjdHRd+i/N9AgC/cMMMBBk+slWuActf4QAZvLu0iyaFuJXVPTg=&GV=hSkJd_W
request GET http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
request POST http://www.zhn.biz/udh1/
request GET http://www.zhn.biz/udh1/?cUMMa5v=LfrgFpvSkJA2y41K7oV1vuuQyWHfo0uy5ufNO5HpKtxTTE0bBGpeg3SJ2RFsjNe1w4Pec63rxh4rwW+J1uIf4mhDhIMbmXY09bayaEE=&GV=hSkJd_W
request POST http://www.special-order.online/udh1/
request GET http://www.special-order.online/udh1/?cUMMa5v=CwuBCJt94bxtc2gNtpoM3E+US0dkKMARx3Pvc7vf2LAtLU32691wJ0dQetaubb0PioG6wR7W5uX4+q4XU8z6LBF3Qfs1ipW/MdlZd78=&GV=hSkJd_W
request POST http://www.azstoreatoderma.click/udh1/
request GET http://www.azstoreatoderma.click/udh1/?cUMMa5v=R/kB4/0HM2tcwqvhXH4XIYj1eTxJXqndlHH19RjFed8ZhY1qAasVyZxg1ws7A7LtJYEr4634gz6I87tnmhAW+ys9K/jaGw++UPdFo8c=&GV=hSkJd_W
request POST http://www.olympusmix.com/udh1/
request GET http://www.olympusmix.com/udh1/?cUMMa5v=lWZk+s3blMuiGWpXy6frpU4enEwBG5gJanUH8/6Evmw4nHtx+SdA/kN+9f5N/0KA2bk6RtFa0tH8PADjgLi95JHf+wn8BjREHXSWn6U=&GV=hSkJd_W
request POST http://www.ghostdyes.net/udh1/
request GET http://www.ghostdyes.net/udh1/?cUMMa5v=lj2vP+EAw0fELJNPJ5VtAcTjxQQz8hKi5d9v+h5W1hvMFJJN0lWMU8OkjsFxsGAkw0S50RNizKyMtcUDX4tgR0i1IahDyycai/CThP0=&GV=hSkJd_W
request POST http://www.wearecatalyst.app/udh1/
request GET http://www.wearecatalyst.app/udh1/?cUMMa5v=tt9dYLtFsKfLIIIXMfpRfs924GbOuHLcMLKVMdaTOcJrEAGIFAHeQ5Ly9YOpmT4Rz3p2Jl5Xgzq6cAPtFXnDdyfQg2kRv5Z1dRZDL3M=&GV=hSkJd_W
request POST http://www.centaura.community/udh1/
request GET http://www.centaura.community/udh1/?cUMMa5v=kMKsR5rTxSYNZgWncVUlGrpLkwsOTig3tGW39qhs19NQJLtwYtRkr4H+EIRE8MUOxMFfo6MP6730mq+L8n2Tmf9vKWCdpbnfDO0cF8Q=&GV=hSkJd_W
request POST http://www.zhn.biz/udh1/
request POST http://www.special-order.online/udh1/
request POST http://www.azstoreatoderma.click/udh1/
request POST http://www.olympusmix.com/udh1/
request POST http://www.ghostdyes.net/udh1/
request POST http://www.wearecatalyst.app/udh1/
request POST http://www.centaura.community/udh1/
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 1638400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00690000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 1769472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f40000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x020b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005b2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005f5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005fb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005f7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005dc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f7f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f70000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005e6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f51000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005ea000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005e7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f52000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f53000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005ba000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 188416
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00f51000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00f5130b
process_handle: 0xffffffff
3221225713 0

NtAllocateVirtualMemory

 process_identifier: 2648
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00910000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x00046310 size 0x00000308
file C:\Users\test22\AppData\Local\Temp\pee bin.exe
section {u'size_of_data': u'0x00033600', u'virtual_address': u'0x00002000', u'entropy': 7.931602780518816, u'name': u'.text', u'virtual_size': u'0x000335d3'} entropy 7.93160278052 description A section with a high entropy has been found
entropy 0.754128440367 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
dead_host 104.253.54.44:80
Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Generic.mgtv
DrWeb Trojan.Siggen20.16305
MicroWorld-eScan Gen:Heur.MSIL.Jalapeno.J.36
FireEye Generic.mg.a82baff8213bd78f
CAT-QuickHeal Trojan.Agent
McAfee Artemis!A82BAFF8213B
Malwarebytes Malware.AI.4238811965
Zillya Dropper.Jalapeno.Win32.1
Sangfor Suspicious.Win32.Save.a
Alibaba TrojanSpy:MSIL/Jalapeno.c7f5f1e9
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.MSIL.Jalapeno.J.36
BitDefenderTheta Gen:NN.ZemsilF.36344.rm0@aOj@u7DH
Cyren W32/ABRisk.OOTH-8942
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.MSIL.Noon.gen
BitDefender Gen:Heur.MSIL.Jalapeno.J.36
Avast Win32:PWSX-gen [Trj]
Tencent Msil.Trojan-Spy.Noon.Rsmw
Sophos ML/PE-A
VIPRE Gen:Heur.MSIL.Jalapeno.J.36
McAfee-GW-Edition Artemis!Trojan
Trapmine malicious.moderate.ml.score
Emsisoft Gen:Heur.MSIL.Jalapeno.J.36 (B)
SentinelOne Static AI - Malicious PE
Avira TR/Dropper.MSIL.Gen
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Ransom.Win32.Wacatac.sa
Microsoft Trojan:Win32/Tiggre!rfn
GData MSIL.Malware.FakeGoogle.B
Google Detected
AhnLab-V3 Trojan/Win.Jalapeno.C5398063
Acronis suspicious
VBA32 TScope.Trojan.MSIL
ALYac Gen:Heur.MSIL.Jalapeno.J.36
MAX malware (ai score=89)
Cylance unsafe
TrendMicro-HouseCall TROJ_GEN.R002H09CK23
Rising Malware.Obfus/MSIL@AI.83 (RDM.MSIL2:2wG+/e0QB3GzjiJwtjhdpg)
Yandex Trojan.DR.MSIL!RwFr7XWFA9s
Ikarus Trojan.MSIL.Crypt
MaxSecure Trojan.Malware.300983.susgen
Fortinet PossibleThreat
AVG Win32:PWSX-gen [Trj]
Panda Trj/Chgt.AD