Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 3, 2023, 1:40 p.m.	April 3, 2023, 1:42 p.m.

Size	2.1MB
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`afac69dd87bbf4bd13adb1180cfd486f`
SHA256	`186171f3b0b6e53f52e63195368b5f90531c22410b912c828e9b506b0f3429b7`
CRC32	`C4EB6762`
ssdeep	`24576:q5KIWGEec6BcadqZODhnQI+zK4DnB2mNLqJ4UPk4a9SKOgst8anFYXF0+xJv3E4a:oS8+HZU+Xnl0ePsuYII1XRL0D`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) PE_Header_Zero - PE File Signature

rubber.exe "C:\Users\test22\AppData\Local\Temp\rubber.exe"
1648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
161.97.160.16	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (41 events)

Time & API	Arguments	Status	Return
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: panic: console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: runtime error: invalid memory address or nil pointer dereference console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: [signal console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0xc0000005 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: code= console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x0 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: addr= console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x10 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: pc= console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x45c002 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: goroutine console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: running console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: bufio.(*Reader).fill console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x1246df80 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: /usr/lib/go-1.13/src/bufio/bufio.go console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0xc2 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: bufio.(*Reader).ReadSlice console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x1246df80 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0xa console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x1015700 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x0 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x1000 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x1247c000 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x56f100 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: /usr/lib/go-1.13/src/bufio/bufio.go console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x32 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: bufio.(*Reader).ReadBytes console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x1246df80 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x100a console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x1000 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x1247c000 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x0 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x0 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x4eb940 console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: /usr/lib/go-1.13/src/bufio/bufio.go console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0x4c console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: bufio.(*Reader).ReadString console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: /usr/lib/go-1.13/src/bufio/bufio.go console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: main.main console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: /root/files/rubber.go console_handle: 0x0000000b	1	1
WriteConsoleA April 3, 2023, 1:40 p.m.	buffer: 0xd0 console_handle: 0x0000000b	1	1

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 3, 2023, 1:40 p.m.	stacktrace: exception.instruction_r: 8b 40 10 89 3c 24 29 f5 89 ef 87 dd f7 db 87 dd exception.symbol: rubber+0x5c002 exception.instruction: mov eax, dword ptr [eax + 0x10] exception.module: rubber.exe exception.exception_code: 0xc0000005 exception.offset: 376834 exception.address: 0x45c002 registers.esp: 306634336 registers.edi: 0 registers.eax: 0 registers.ebp: 4096 registers.edx: 306634624 registers.ebx: 306692096 registers.esi: 0 registers.ecx: 4096	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (8 events)

section

{u'size_of_data': u'0x0001a200', u'virtual_address': u'0x00185000', u'entropy': 7.992168818932078, u'name': u'/19', u'virtual_size': u'0x0001a093'}

entropy

7.99216881893

description