popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ai%E8%BF%9B%E7%A8%8B%E5%AE%88%E6%8A%A4.exe

UPX Downloader Malicious Library PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 12, 2023, 8:36 a.m. June 12, 2023, 8:40 a.m.
Size 553.0KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 a3b7a00315b7ff714ea9f2a2660bb5b9
SHA256 08960b36601485c4589ad186cc3dea99dfbfe15b40e3d2615747791fdf137674
CRC32 F4DC1E55
ssdeep 12288:xM04tD6kXMtOJpPh4JIOiXhRdIDIU1Dzoa0pAn:xMxD6kXM4Ph4I7d2H/
PDB Path D:\劫持文件\ai进程守护\x64\Release\ai进程守护.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
128.140.35.86 Active Moloch
118.107.7.166 Active Moloch
193.134.208.217 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49162 -> 118.107.7.166:80 2018052 ET MALWARE Zbot Generic URI/Header Struct .bin A Network Trojan was detected
TCP 192.168.56.101:49162 -> 118.107.7.166:80 2018752 ET MALWARE Generic .bin download from Dotted Quad A Network Trojan was detected
TCP 118.107.7.166:80 -> 192.168.56.101:49162 2045860 ET HUNTING Rejetto HTTP File Sever Response A Network Trojan was detected

Suricata TLS

No Suricata TLS

pdb_path D:\劫持文件\ai进程守护\x64\Release\ai进程守护.pdb
section _RDATA
suspicious_features Connection to IP address suspicious_request GET http://118.107.7.166/azu/64.bin
request GET http://118.107.7.166/azu/64.bin
host 128.140.35.86
host 118.107.7.166
host 193.134.208.217