popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

2.jpg

PE32 PE File .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 11, 2023, 7:38 a.m. July 11, 2023, 7:40 a.m.
Size 268.5KB
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 7416ede6924c85117720a8a9d158c67f
SHA256 2b2c926a0d587f409f3c7453d3d9018642cdc51abce1752eb2bf395728619576
CRC32 2593E33E
ssdeep 6144:sfKS9XQhhREyGp2cCeu6rdBCAOXLSqr8IN:C0Q2cCjnr
PDB Path E:\ProjectHome\CSharpProjectHome\Loader\Loader\obj\Release\Loader.pdb
Yara
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
ip-api.com
A 208.95.112.1
208.95.112.1
frp-bar.top
A 116.10.184.211
116.10.184.211
IP Address Status Action
116.10.184.211 Active Moloch
164.124.101.2 Active Moloch
208.95.112.1 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:50800 -> 164.124.101.2:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 208.95.112.1:80 2036383 ET MALWARE Common RAT Connectivity Check Observed A Network Trojan was detected
TCP 192.168.56.103:49164 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

pdb_path E:\ProjectHome\CSharpProjectHome\Loader\Loader\obj\Release\Loader.pdb
request GET http://ip-api.com/json/
domain frp-bar.top description Generic top level domain TLD
domain ip-api.com
section {u'size_of_data': u'0x00042800', u'virtual_address': u'0x00002000', u'entropy': 7.979519385255091, u'name': u'.text', u'virtual_size': u'0x00042758'} entropy 7.97951938526 description A section with a high entropy has been found
entropy 0.992537313433 description Overall entropy of this PE file is high
dead_host 116.10.184.211:25089
Elastic malicious (high confidence)
FireEye Generic.mg.7416ede6924c8511
Cylance unsafe
Sangfor Trojan.Win32.Save.a
Alibaba Trojan:MSIL/Kryptik.d959271b
CrowdStrike win/malicious_confidence_100% (W)
Symantec MSIL.KillAV!gen1
ESET-NOD32 a variant of MSIL/Kryptik.TDC
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.MSIL.Quasar.gen
Avast Win32:CrypterX-gen [Trj]
Tencent Msil.Trojan.Dropper.Swhl
F-Secure Trojan.TR/Dropper.MSIL.Gen
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Sophos Mal/Generic-S
Avira TR/Dropper.MSIL.Gen
Antiy-AVL Trojan/MSIL.Kryptik
Microsoft Backdoor:MSIL/Quasar.GG!MTB
ViRobot Trojan.Win.Z.Sabsik.274944
ZoneAlarm HEUR:Trojan-Spy.MSIL.Quasar.gen
GData MSIL.Backdoor.Quasar.T7NEWB
AhnLab-V3 Trojan/Win32.RL_AgentTesla.C4181110
Acronis suspicious
McAfee Artemis!7416EDE6924C
Malwarebytes Generic.Malware/Suspicious
TrendMicro-HouseCall TROJ_GEN.R002H0DG923
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:Pfmfd6/BFmrQxjf1xsapTg)
SentinelOne Static AI - Malicious PE
Fortinet MSIL/Generic.AP.274570!tr
BitDefenderTheta Gen:NN.ZemsilF.36302.qm0@aipcZnb
AVG Win32:CrypterX-gen [Trj]
DeepInstinct MALICIOUS