popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

reverse.exe

Meterpreter PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 26, 2023, 6:25 p.m. April 26, 2023, 6:26 p.m.
Size 7.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 d32a31a376731f31251a2d17ea3828bf
SHA256 f34f06c39032931593e2d1d271582dd81c9c9f1ae4c36872c5580c37c27053c5
CRC32 90AE2D19
ssdeep 24:eFGStrJ9u0/6AHn7BnZdEBQAV8aKq9K9qKeNDJSqUmZEWdXCIGDpmB:is0P7REBQpE9cSDoqUjWZCSB
Yara
  • IsPE64 - (no description)
  • MALWARE_Win_MeterpreterStager - Detects Meterpreter stager payload
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
198.58.102.19 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .mydf
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x76cba404
reverse+0x41cc @ 0x1400041cc
0x7fffffdf000
0x12fda8
reverse+0x400a @ 0x14000400a
reverse+0x41cc @ 0x1400041cc

exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65
exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404
exception.instruction: push rsp
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 697348
exception.address: 0x76cba404
registers.r14: 1245000
registers.r15: 0
registers.rcx: 0
registers.rsi: 1244864
registers.r10: 5368725964
registers.rbx: 1453503984
registers.rsp: 1244768
registers.r11: 582
registers.r8: 1244584
registers.r9: 5368725514
registers.rdx: 8796092887040
registers.r12: 1244576
registers.rbp: 5368725514
registers.rdi: 88
registers.rax: 1993057284
registers.r13: 1244584
1 0 0
host 198.58.102.19
dead_host 198.58.102.19:9333
Lionic Trojan.Win32.Shelma.W!c
MicroWorld-eScan Trojan.Metasploit.A
CAT-QuickHeal HackTool.Metasploit.S9212471
McAfee Trojan-FJIN!D32A31A37673
Malwarebytes Trojan.MalPack
VIPRE Trojan.Metasploit.A
Sangfor HackTool.Win32.Reverse64_Bin_v2_5_through_v4_x.uwccg
K7AntiVirus Trojan ( 004fae881 )
Alibaba Trojan:Win64/Shelma.34150421
K7GW Trojan ( 004fae881 )
CrowdStrike win/malicious_confidence_100% (W)
VirIT Trojan.Win32.Generic.BZPS
Cyren W64/S-c4a4ef26!Eldorado
Elastic Windows.Trojan.Metasploit
ESET-NOD32 a variant of Win64/Rozena.M
Cynet Malicious (score: 100)
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.MSShellcode-6
BitDefender Trojan.Metasploit.A
Emsisoft Trojan.Metasploit.A (B)
F-Secure Backdoor.BDS/ShellCodeF.641
DrWeb BackDoor.Shell.244
Zillya Trojan.Shelma.Win64.9753
TrendMicro TROJ64_SWRORT.SM1
Trapmine malicious.high.ml.score
Sophos ATK/Meter-A
SentinelOne Static AI - Suspicious PE
Webroot W32.Trojan.Gen
Avira BDS/ShellCodeF.641
MAX malware (ai score=85)
Antiy-AVL GrayWare/Win32.Rozena.j
Gridinsoft Trojan.Win64.ShellCode.sd!s1
Arcabit Trojan.Metasploit.A
SUPERAntiSpyware Trojan.Agent/Gen-MalPack
ZoneAlarm Trojan.Win64.Shelma.b
GData Win64.Trojan.Rozena.A
Google Detected
Cylance unsafe
Panda Trj/CI.A
Zoner Probably Heur.ExeHeaderL
TrendMicro-HouseCall TROJ64_SWRORT.SM1
Tencent Hacktool.Win64.Rozena.a
Ikarus Trojan.Win64.Meterpreter
MaxSecure Trojan.Malware.300983.susgen
Fortinet W64/Rozena.J!tr
DeepInstinct MALICIOUS