popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1500381323.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 30, 2023, 5:40 p.m. June 30, 2023, 5:50 p.m.
Size 2.5MB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 9ddd093cef3f15d6fd8d5d0ec9e0e014
SHA256 8f0fed1d3f086a7f6d26db844963193e1eb5ee0dd53cbd8de2fdc13f95e65479
CRC32 B2C5FADE
ssdeep 49152:JTcxIbnTlbPSHifkG/Sc9fAyXhMacjKxqn9qzM8NbUAH16O1Dfr0Wh6b+BzIIWQ:JiEnBmHekGz9fAyhMoOh8NbUAHB1Dfr/
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
65.21.213.208 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: This version of C:\Users\test22\AppData\Roaming\bebra.exe is not compatible with the version of Windows you're running. Check your computer's system information
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
console_handle: 0x0000000b
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Chromium\User Data\Local State
file C:\Users\test22\AppData\Roaming\bebra.exe
cmdline C:\Windows\system32\cmd.exe /c C:\Users\test22\AppData\Roaming\bebra.exe
file C:\Users\test22\AppData\Roaming\bebra.exe
section {u'size_of_data': u'0x0025ea00', u'virtual_address': u'0x00001000', u'entropy': 6.8563426664946245, u'name': u'.text', u'virtual_size': u'0x0025e85c'} entropy 6.85634266649 description A section with a high entropy has been found
entropy 0.93416746872 description Overall entropy of this PE file is high
host 65.21.213.208
Lionic Trojan.Win32.BroPass.i!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.65242942
FireEye Generic.mg.9ddd093cef3f15d6
McAfee Artemis!9DDD093CEF3F
Cylance Unsafe
VIPRE Trojan.GenericKD.65242942
K7AntiVirus Spyware ( 005690661 )
Alibaba TrojanSpy:Win32/Bebra.97cc50b5
K7GW Spyware ( 005690661 )
Arcabit Trojan.Generic.D3E3873E
BitDefenderTheta Gen:NN.ZexaF.36252.IMX@aWwIczi
Cyren W32/Agent.FKY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Spy.BebraStealer.D
Cynet Malicious (score: 99)
ClamAV Win.Spyware.Bebrastealer-9982888-0
Kaspersky UDS:Trojan-PSW.Win32.BroPass
BitDefender Trojan.GenericKD.65242942
NANO-Antivirus Trojan.Win32.BebraStealer.junbmh
Avast Win32:Evo-gen [Trj]
Tencent Win32.Trojan.FalseSign.Ydkl
DrWeb Trojan.DownLoader45.39094
Zillya Trojan.BebraStealer.Win32.43
TrendMicro Trojan.Win32.PRIVATELOADER.YXDA4Z
McAfee-GW-Edition GenericRXUY-KL!9DDD093CEF3F
Emsisoft Trojan.GenericKD.65242942 (B)
Ikarus Trojan-Spy.Win32
Avira HEUR/AGEN.1254846
Antiy-AVL Trojan[PSW]/Win32.Convagent
Gridinsoft Ransom.Win32.Sabsik.sa
Microsoft Trojan:Win32/Bebra.MA!MTB
GData Trojan.GenericKD.65242942
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5312952
VBA32 BScope.Trojan.Bebra
ALYac Trojan.GenericKD.65242942
MAX malware (ai score=80)
Malwarebytes Spyware.PasswordStealer.Generic
TrendMicro-HouseCall Trojan.Win32.PRIVATELOADER.YXDA4Z
Rising Spyware.BebraStealer!8.173EB (TFE:5:HtG7rdSXBaB)
Yandex TrojanSpy.BebraStealer!rRnQbIQZOJ4
SentinelOne Static AI - Suspicious PE
Fortinet W32/Fragtor.193348!tr
AVG Win32:Evo-gen [Trj]
Panda Trj/Genetic.gen