popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Rboat.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 15, 2023, 1:22 p.m. June 15, 2023, 1:24 p.m.
Size 2.2MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 55f0225d58585d60d486a3cc7eb93de5
SHA256 d22593ee4d2a6212b802c6a33d50363ebd5b1c15dbffff61ac190ab5647c8c2c
CRC32 F4434177
ssdeep 49152:nsKMlYyzCMACq5YtjkSQYlmF4t4ZhCWX/5/bDSNdu4bXq1nu:nsKMJzCSdQYu4tUh3SoF
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section \x00
section .idata
section
section rtqkpxjb
section rjelfsjv
section .pdata\x00I
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x1d6604
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 03
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x1d6604
registers.r14: 0
registers.r15: 0
registers.rcx: 48
registers.rsi: 3458050156
registers.r10: 0
registers.rbx: 8791664033792
registers.rsp: 3013768
registers.r11: 518
registers.r8: 3011336
registers.r9: 3011408
registers.rdx: 8796092887632
registers.r12: 0
registers.rbp: 3013888
registers.rdi: 4294956315
registers.rax: 1926656
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00023400', u'virtual_address': u'0x00001000', u'entropy': 7.908130542657505, u'name': u' \\x00 ', u'virtual_size': u'0x00067000'} entropy 7.90813054266 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000c00', u'virtual_address': u'0x00068000', u'entropy': 7.245345106391319, u'name': u'.rsrc', u'virtual_size': u'0x00002bb0'} entropy 7.24534510639 description A section with a high entropy has been found
section {u'size_of_data': u'0x00201600', u'virtual_address': u'0x003fe000', u'entropy': 7.959681859584752, u'name': u'rtqkpxjb', u'virtual_size': u'0x00202000'} entropy 7.95968185958 description A section with a high entropy has been found
entropy 0.995019243831 description Overall entropy of this PE file is high
Lionic Trojan.Win32.Generic.4!c
tehtris Generic.Malware
Cynet Malicious (score: 99)
ALYac Backdoor.Agent.status
Cylance unsafe
Sangfor Trojan.Win64.Nukesped.Ve15
CrowdStrike win/malicious_confidence_90% (W)
Alibaba Trojan:Win64/NukeSped.ca4b8221
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 Win64/NukeSped.PN
APEX Malicious
Kaspersky Trojan.Win64.Agentb.kvrp
BitDefender Trojan.GenericKD.67419136
ViRobot Trojan.Win.Z.Themida.2265600
MicroWorld-eScan Trojan.GenericKD.67419136
Rising Trojan.NukeSped!8.3184 (CLOUD)
Emsisoft Trojan.GenericKD.67419136 (B)
F-Secure Heuristic.HEUR/AGEN.1313061
VIPRE Trojan.GenericKD.67419136
TrendMicro TROJ_GEN.R002C0XF923
McAfee-GW-Edition BehavesLike.Win64.Backdoor.vc
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.55f0225d58585d60
Sophos Mal/Generic-S
Ikarus Trojan.Win64.Themida
GData Trojan.GenericKD.67419136
Avira HEUR/AGEN.1313061
Antiy-AVL Trojan/Win32.PossibleThreat
Gridinsoft Trojan.Heur!.038100A3
Arcabit Trojan.Generic.D404BC00
ZoneAlarm Trojan.Win64.Agentb.kvrp
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
AhnLab-V3 Trojan/Win.LazarLoader.C5362649
McAfee Artemis!55F0225D5858
MAX malware (ai score=81)
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0XF923
Tencent Malware.Win32.Gencirc.13cce1f8
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/PossibleThreat
Cybereason malicious.e3d703
DeepInstinct MALICIOUS