popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

86.exe

UPX Malicious Library Malicious Packer PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 5, 2023, 5:52 p.m. June 5, 2023, 5:55 p.m.
Size 32.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 ff8a7fe058166ccb1d7822fa873cdca5
SHA256 0c400688f817041082024cae97ebf96ed9048a9403a3330623d4ecdc57abcbbd
CRC32 D91A60EF
ssdeep 768:Mw/iOWTK3JWhOM/qZh7UJGcZ/q3X7ffYlo8nbcuyD7U7s9:zQK52fqZSIACjfYlo8nouy87s9
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
p.f2pool.info
A 124.172.232.35
124.172.232.35
IP Address Status Action
124.172.232.35 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: Pinging 127.0.0.1
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: with 32 bytes of data:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Reply from 127.0.0.1:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: bytes=32
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: time<1ms
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: TTL=128
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Ping statistics for 127.0.0.1: Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
resource name None
file C:\Windows\System32\24061376.dll
Time & API Arguments Status Return Repeated

CreateServiceA

 service_start_name:
start_type: 2
password:
display_name: Serivces Manager
filepath: C:\Users\test22\AppData\Local\Temp\%SystemRoot%\System32\svchost.exe -k "serivces"
service_name: serivces
filepath_r: %SystemRoot%\System32\svchost.exe -k "serivces"
desired_access: 983551
service_handle: 0x005c8d78
error_control: 0
service_type: 272
service_manager_handle: 0x005c8e18
1 6065528 0
cmdline cmd.exe /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\test22\AppData\Local\Temp\86.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\test22\AppData\Local\Temp\86.exe"
file C:\Users\test22\AppData\Local\Temp\86.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: cmd.exe
parameters: /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\test22\AppData\Local\Temp\86.exe"
filepath: cmd.exe
1 1 0
Time & API Arguments Status Return Repeated

Process32FirstW

 snapshot_handle: 0x000000dc
process_name: [System Process]
process_identifier: 0
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: System
process_identifier: 4
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: smss.exe
process_identifier: 224
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: csrss.exe
process_identifier: 304
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: wininit.exe
process_identifier: 352
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: csrss.exe
process_identifier: 360
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: winlogon.exe
process_identifier: 400
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: services.exe
process_identifier: 444
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: lsass.exe
process_identifier: 460
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: lsm.exe
process_identifier: 468
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 572
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 652
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 724
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 784
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 832
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: audiodg.exe
process_identifier: 900
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 992
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 292
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: spoolsv.exe
process_identifier: 324
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 1048
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: srvany.exe
process_identifier: 1284
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: KMService.exe
process_identifier: 1436
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: conhost.exe
process_identifier: 1448
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: taskhost.exe
process_identifier: 1600
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: sppsvc.exe
process_identifier: 1820
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: svchost.exe
process_identifier: 1896
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: dwm.exe
process_identifier: 1260
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: explorer.exe
process_identifier: 1452
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: pw.exe
process_identifier: 988
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: SearchIndexer.exe
process_identifier: 1160
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: SearchProtocolHost.exe
process_identifier: 936
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: SearchFilterHost.exe
process_identifier: 2000
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: mobsync.exe
process_identifier: 2280
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: pw.exe
process_identifier: 2324
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: wsqmcons.exe
process_identifier: 2360
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: taskhost.exe
process_identifier: 2376
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: sdclt.exe
process_identifier: 2384
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: 86.exe
process_identifier: 2552
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: schtasks.exe
process_identifier: 2604
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: conhost.exe
process_identifier: 2612
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: conhost.exe
process_identifier: 6815854
0 0
section {u'size_of_data': u'0x00007400', u'virtual_address': u'0x00017000', u'entropy': 7.9341152525632745, u'name': u'UPX1', u'virtual_size': u'0x00008000'} entropy 7.93411525256 description A section with a high entropy has been found
entropy 0.920634920635 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
cmdline cmd.exe /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\test22\AppData\Local\Temp\86.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\test22\AppData\Local\Temp\86.exe"
cmdline ping 127.0.0.1 -n 1
service_name serivces service_path C:\Users\test22\AppData\Local\Temp\%SystemRoot%\System32\svchost.exe -k "serivces"
reg_key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\serivces\Parameters\ServiceDll reg_value C:\Windows\system32\24061376.dll
file C:\Users\test22\AppData\Local\Temp\86.exe
dead_host 124.172.232.35:7709
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.SiscosRI.S8512495
ALYac Gen:Heur.RI.1
Cylance unsafe
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 00522d7f1 )
K7GW Trojan ( 00522d7f1 )
Cybereason malicious.058166
Arcabit Trojan.RI.1
Cyren W32/Siscos.E.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 Win32/Farfli.CEN
APEX Malicious
ClamAV Win.Malware.Siscos-6993581-0
Kaspersky Trojan.Win32.Siscos.wbm
BitDefender Gen:Heur.RI.1
NANO-Antivirus Trojan.Win32.Siscos.enrcbv
SUPERAntiSpyware Backdoor.Farfli/Variant
MicroWorld-eScan Gen:Heur.RI.1
Avast Win32:TrojanX-gen [Trj]
Tencent Trojan.Win32.Siscos.za
TACHYON Trojan/W32.Siscos.110592.C
Emsisoft Gen:Heur.RI.1 (B)
DrWeb Trojan.DownLoader23.39271
VIPRE Gen:Heur.RI.1
McAfee-GW-Edition GenericRXIX-IO!00EE04BB9E02
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.ff8a7fe058166ccb
Sophos Troj/AutoG-AD
Ikarus Trojan.Win32.Farfli
Jiangmin Trojan.Siscos.ks
Avira HEUR/AGEN.1234095
Antiy-AVL Trojan/Win32.SelfDel
Gridinsoft Trojan.Win32.Agent.vb!n
Xcitium TrojWare.Win32.GameThief.Magania.~NWABU@18g2sq
Microsoft Backdoor:Win32/Farfli.BH!MTB
GData Win32.Trojan.Siscos.A
Google Detected
AhnLab-V3 Trojan/Win32.RL_Siscos.R302641
McAfee GenericRXIX-IO!00EE04BB9E02
MAX malware (ai score=86)
VBA32 Trojan.Siscos
Rising Backdoor.Venik!8.11E (TFE:5:Uqd4uAhaXbC)
Yandex Trojan.GenAsa!G5Cq9PqIIJA
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Farfli.CEN!tr
BitDefenderTheta Gen:NN.ZexaF.36308.cmKfa4Gr0Eke
AVG Win32:TrojanX-gen [Trj]