popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

reverse.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 21, 2023, 12:57 p.m. July 21, 2023, 12:59 p.m.
Size 42.6KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 80cc187a15b6b6340385922631bad640
SHA256 8e40b48d06466da3b63341dc62dd0403c57fc2f017317d842ea86d601dde38e5
CRC32 F53B7517
ssdeep 384:0jXpuEDKOlrP95I4GS1dQhNz7YrgAlBCxIgVbPeuaBU3losjuzZ6UwYRGZqm7aLm:MuEDlV70HA6zPP3lLuzZPKq9WvlnZxb
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
3.22.15.135 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49161 -> 3.22.15.135:18642 2034945 ET MALWARE Win32/Suspected Reverse Shell Connection A Network Trojan was detected
TCP 192.168.56.103:49161 -> 3.22.15.135:18642 2102123 GPL EXPLOIT Microsoft cmd.exe banner Successful Administrator Privilege Gain

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: [!] Connecting...
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: [!] Connected
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: [!] Creating process...
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: [!] Process successfully created
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: [!] Exiting
console_handle: 0x00000007
1 1 0
cmdline cmd.exe
host 3.22.15.135
Bkav W32.AIDetectMalware
FireEye Generic.mg.80cc187a15b6b634
Cylance unsafe
Sangfor Trojan.Win32.Reverseshell.Vtf3
Alibaba Trojan:Win32/ReverseShell.876844da
BitDefenderTheta Gen:NN.ZexaF.36318.c0Y@aSjvDyg
Cyren W32/ReverseShell.B.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/ReverseShell.CB
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Win32:Malware-gen
Emsisoft Trojan.GenericKD.68274196 (B)
McAfee-GW-Edition BehavesLike.Win32.Worm.pm
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Trojan.GenericKD.68274196
Google Detected
McAfee RDN/Generic.dx
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
Rising Exploit.ShellCode!8.2A (CLOUD)
Ikarus Win32.Outbreak
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/ReverseShell.CB!tr
AVG Win32:Malware-gen
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)