popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

new64.dll

Malicious Library PE64 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 12, 2023, 9:24 a.m. July 12, 2023, 9:27 a.m.
Size 3.5MB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 9872f989cd453187ec12ffd4744be0db
SHA256 2369bd280fe47d796e83ec2ff2fe6ca1503fb0bb5dc11c87aada9b182044c52d
CRC32 394793BC
ssdeep 98304:/nQyuNYyGQEn8c2JTNV7ziZ+tsrwWlTg1ij342dFbF:vQfWQEp2VNQMeVg1O3
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
check2.zennolab.com
A 5.45.94.247
5.45.94.247
ip0.zenno.services
A 185.87.150.22
185.87.150.22
ajax.googleapis.com
A 142.251.220.106
172.217.161.202
IP Address Status Action
142.251.220.106 Active Moloch
164.124.101.2 Active Moloch
185.87.150.22 Active Moloch
5.42.65.67 Active Moloch
5.45.94.247 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.2
192.168.56.101:49173
5.45.94.247:443 		C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.zennolab.com 3e:8b:a3:20:a0:0d:4d:07:9c:63:8f:cd:97:09:64:89:22:dd:a3:75
TLS 1.2
192.168.56.101:49171
5.45.94.247:443 		C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.zennolab.com 3e:8b:a3:20:a0:0d:4d:07:9c:63:8f:cd:97:09:64:89:22:dd:a3:75
TLS 1.2
192.168.56.101:49172
185.87.150.22:443 		C=US, O=Let's Encrypt, CN=R3 CN=ip0.zenno.services 84:ca:d1:35:0b:0b:e1:a0:d1:9d:7e:74:79:3a:05:9c:d4:ca:30:8d

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section ..zip0
section ..zip1
section ..zip2
resource name DISKIO
resource name SHIELDG3
request GET http://check2.zennolab.com/proxy.php
request GET http://ip0.zenno.services/proxy.php
request GET http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2700
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x00379000', u'virtual_address': u'0x00180000', u'entropy': 7.799372837128036, u'name': u'..zip2', u'virtual_size': u'0x00378e48'} entropy 7.79937283713 description A section with a high entropy has been found
entropy 0.999297456794 description Overall entropy of this PE file is high
host 5.42.65.67
Elastic malicious (high confidence)
FireEye Generic.mg.9872f989cd453187
McAfee Artemis!9872F989CD45
Cylance unsafe
CrowdStrike win/malicious_confidence_100% (W)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Coroxy.C.gen
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky UDS:Trojan-Proxy.Win32.Sybici
Avast FileRepMalware [Misc]
McAfee-GW-Edition BehavesLike.Win64.Downloader.wc
Sophos Mal/Generic-S
Microsoft Program:Win32/Wacapew.C!ml
ZoneAlarm UDS:Trojan-Proxy.Win32.Sybici
Rising Trojan.Coroxy!8.10E83 (CLOUD)
AVG FileRepMalware [Misc]
DeepInstinct MALICIOUS