Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 22, 2023, 9:41 p.m.	July 22, 2023, 9:47 p.m.

Size	779.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
MD5	`794b00893a1b95ade9379710821ac1a4`
SHA256	`5ac42d75e244d33856971120a25bd77f2c0712177384dfa61fb90c0e7790d34c`
CRC32	`594551D0`
ssdeep	`12288:QLttwyELMYnrfWxYLlHVyEaX9/7tWsGQyWkbtRoSxB:8ttIMYnoYBVyP97t99Ut`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)

freebobux.bin.exe "C:\Users\test22\AppData\Local\Temp\freebobux.bin.exe"
1540
- cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\C06C.tmp\freebobux.bat""
  2052
  - CLWCP.exe clwcp c:\temp\bg.bmp
    2096
  - wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\C06C.tmp\x.vbs"
    2208

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW July 22, 2023, 9:41 p.m.	buffer: 1 file(s) copied. console_handle: 0x00000007	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 22, 2023, 9:41 p.m.		1	1	0

The executable uses a known packer (1 event)

packer

UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

One or more processes crashed (3 events)

Time & API	Arguments	Status
__exception__ July 22, 2023, 9:41 p.m.	stacktrace: IWICColorContext_InitializeFromMemory_Proxy+0x37187 windowscodecs+0xd8660 @ 0x74358660 WICConvertBitmapSource+0x2472b WICMapGuidToShortName-0x10e74 windowscodecs+0x8f797 @ 0x7430f797 DllGetClassObject+0x12362 WICSerializeMetadataContent-0x7277 windowscodecs+0x23362 @ 0x742a3362 DllGetClassObject+0x118b1 WICSerializeMetadataContent-0x7d28 windowscodecs+0x228b1 @ 0x742a28b1 DllGetClassObject+0x11788 WICSerializeMetadataContent-0x7e51 windowscodecs+0x22788 @ 0x742a2788 DllGetClassObject+0x12659 WICSerializeMetadataContent-0x6f80 windowscodecs+0x23659 @ 0x742a3659 DllGetClassObject+0x8e24 WICSerializeMetadataContent-0x107b5 windowscodecs+0x19e24 @ 0x74299e24 DllGetClassObject+0x8c6d WICSerializeMetadataContent-0x1096c windowscodecs+0x19c6d @ 0x74299c6d iconcodecservice+0x14c8 @ 0x749514c8 SetKeyboardState+0xe587 CliImmSetHotKey-0x52d4 user32+0x4fa39 @ 0x7562fa39 LookupIconIdFromDirectoryEx+0x362 DdeCreateDataHandle-0x622 user32+0x2f316 @ 0x7560f316 CopyImage+0x4f SetWindowPlacement-0x5e user32+0x24a58 @ 0x75604a58 CopyImage+0xa3 SetWindowPlacement-0xa user32+0x24aac @ 0x75604aac DdeConnectList+0xcec GetKeyNameTextW-0xc20 user32+0x5fb81 @ 0x7563fb81 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a GetThemeBool+0x84e GetThemeTextExtent-0x1b5f uxtheme+0x16e9f @ 0x74496e9f DrawThemeParentBackground+0x419 GetThemeAppProperties-0x47 uxtheme+0x1eb8f @ 0x7449eb8f SystemParametersInfoA+0x40 DeleteMenu-0xba user32+0x26c70 @ 0x75606c70 clwcp+0x6d20f @ 0x46d20f clwcp+0x6d2f1 @ 0x46d2f1 clwcp+0x4e293 @ 0x44e293 clwcp+0x4ded6 @ 0x44ded6 clwcp+0x56398 @ 0x456398 clwcp+0x6d57c @ 0x46d57c BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc0000002 exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 1632932 registers.edi: 5468144 registers.eax: 1632932 registers.ebp: 1633012 registers.edx: 5323520 registers.ebx: 4094 registers.esi: 5467496 registers.ecx: 2005743738	1
__exception__ July 22, 2023, 9:41 p.m.	stacktrace: IWICColorContext_InitializeFromMemory_Proxy+0x37187 windowscodecs+0xd8660 @ 0x74358660 WICConvertBitmapSource+0x2472b WICMapGuidToShortName-0x10e74 windowscodecs+0x8f797 @ 0x7430f797 DllGetClassObject+0x12362 WICSerializeMetadataContent-0x7277 windowscodecs+0x23362 @ 0x742a3362 DllGetClassObject+0x118b1 WICSerializeMetadataContent-0x7d28 windowscodecs+0x228b1 @ 0x742a28b1 DllGetClassObject+0x11788 WICSerializeMetadataContent-0x7e51 windowscodecs+0x22788 @ 0x742a2788 DllGetClassObject+0x12659 WICSerializeMetadataContent-0x6f80 windowscodecs+0x23659 @ 0x742a3659 DllGetClassObject+0x8e24 WICSerializeMetadataContent-0x107b5 windowscodecs+0x19e24 @ 0x74299e24 DllGetClassObject+0x8c6d WICSerializeMetadataContent-0x1096c windowscodecs+0x19c6d @ 0x74299c6d iconcodecservice+0x14c8 @ 0x749514c8 SetKeyboardState+0xe587 CliImmSetHotKey-0x52d4 user32+0x4fa39 @ 0x7562fa39 LookupIconIdFromDirectoryEx+0x362 DdeCreateDataHandle-0x622 user32+0x2f316 @ 0x7560f316 CopyImage+0x4f SetWindowPlacement-0x5e user32+0x24a58 @ 0x75604a58 CopyImage+0xa3 SetWindowPlacement-0xa user32+0x24aac @ 0x75604aac DdeConnectList+0xcec GetKeyNameTextW-0xc20 user32+0x5fb81 @ 0x7563fb81 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a GetThemeBool+0x84e GetThemeTextExtent-0x1b5f uxtheme+0x16e9f @ 0x74496e9f DrawThemeParentBackground+0x419 GetThemeAppProperties-0x47 uxtheme+0x1eb8f @ 0x7449eb8f SystemParametersInfoA+0x40 DeleteMenu-0xba user32+0x26c70 @ 0x75606c70 clwcp+0x6d21b @ 0x46d21b clwcp+0x6d2f1 @ 0x46d2f1 clwcp+0x4e293 @ 0x44e293 clwcp+0x4ded6 @ 0x44ded6 clwcp+0x56398 @ 0x456398 clwcp+0x6d57c @ 0x46d57c BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc0000002 exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 1632932 registers.edi: 5468144 registers.eax: 1632932 registers.ebp: 1633012 registers.edx: 5323520 registers.ebx: 4094 registers.esi: 5467496 registers.ecx: 2005743738	1
__exception__ July 22, 2023, 9:41 p.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x750bd08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x750b964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x750a4d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x750a6f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x750ae825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x750a6002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x750a5fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x750a49e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x750a5a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x778d9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x778f8f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x778f8e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x757f7a25 wscript+0x2fbd @ 0x312fbd BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x750d3ef4 registers.esp: 5764392 registers.edi: 0 registers.eax: 13278072 registers.ebp: 5764420 registers.edx: 1 registers.ebx: 0 registers.esi: 10447368 registers.ecx: 1949250940	1

Time & API

Arguments

Status

Return

Repeated

__exception__

July 22, 2023, 9:41 p.m.

stacktrace:

IWICColorContext_InitializeFromMemory_Proxy+0x37187 windowscodecs+0xd8660 @ 0x74358660
WICConvertBitmapSource+0x2472b WICMapGuidToShortName-0x10e74 windowscodecs+0x8f797 @ 0x7430f797
DllGetClassObject+0x12362 WICSerializeMetadataContent-0x7277 windowscodecs+0x23362 @ 0x742a3362
DllGetClassObject+0x118b1 WICSerializeMetadataContent-0x7d28 windowscodecs+0x228b1 @ 0x742a28b1
DllGetClassObject+0x11788 WICSerializeMetadataContent-0x7e51 windowscodecs+0x22788 @ 0x742a2788
DllGetClassObject+0x12659 WICSerializeMetadataContent-0x6f80 windowscodecs+0x23659 @ 0x742a3659
DllGetClassObject+0x8e24 WICSerializeMetadataContent-0x107b5 windowscodecs+0x19e24 @ 0x74299e24
DllGetClassObject+0x8c6d WICSerializeMetadataContent-0x1096c windowscodecs+0x19c6d @ 0x74299c6d
iconcodecservice+0x14c8 @ 0x749514c8
SetKeyboardState+0xe587 CliImmSetHotKey-0x52d4 user32+0x4fa39 @ 0x7562fa39
LookupIconIdFromDirectoryEx+0x362 DdeCreateDataHandle-0x622 user32+0x2f316 @ 0x7560f316
CopyImage+0x4f SetWindowPlacement-0x5e user32+0x24a58 @ 0x75604a58
CopyImage+0xa3 SetWindowPlacement-0xa user32+0x24aac @ 0x75604aac
DdeConnectList+0xcec GetKeyNameTextW-0xc20 user32+0x5fb81 @ 0x7563fb81
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a
GetThemeBool+0x84e GetThemeTextExtent-0x1b5f uxtheme+0x16e9f @ 0x74496e9f
DrawThemeParentBackground+0x419 GetThemeAppProperties-0x47 uxtheme+0x1eb8f @ 0x7449eb8f
SystemParametersInfoA+0x40 DeleteMenu-0xba user32+0x26c70 @ 0x75606c70
clwcp+0x6d20f @ 0x46d20f
clwcp+0x6d2f1 @ 0x46d2f1
clwcp+0x4e293 @ 0x44e293
clwcp+0x4ded6 @ 0x44ded6
clwcp+0x56398 @ 0x456398
clwcp+0x6d57c @ 0x46d57c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc0000002
exception.offset: 46887
exception.address: 0x7559b727
registers.esp: 1632932
registers.edi: 5468144
registers.eax: 1632932
registers.ebp: 1633012
registers.edx: 5323520
registers.ebx: 4094
registers.esi: 5467496
registers.ecx: 2005743738

__exception__

July 22, 2023, 9:41 p.m.

stacktrace:

IWICColorContext_InitializeFromMemory_Proxy+0x37187 windowscodecs+0xd8660 @ 0x74358660
WICConvertBitmapSource+0x2472b WICMapGuidToShortName-0x10e74 windowscodecs+0x8f797 @ 0x7430f797
DllGetClassObject+0x12362 WICSerializeMetadataContent-0x7277 windowscodecs+0x23362 @ 0x742a3362
DllGetClassObject+0x118b1 WICSerializeMetadataContent-0x7d28 windowscodecs+0x228b1 @ 0x742a28b1
DllGetClassObject+0x11788 WICSerializeMetadataContent-0x7e51 windowscodecs+0x22788 @ 0x742a2788
DllGetClassObject+0x12659 WICSerializeMetadataContent-0x6f80 windowscodecs+0x23659 @ 0x742a3659
DllGetClassObject+0x8e24 WICSerializeMetadataContent-0x107b5 windowscodecs+0x19e24 @ 0x74299e24
DllGetClassObject+0x8c6d WICSerializeMetadataContent-0x1096c windowscodecs+0x19c6d @ 0x74299c6d
iconcodecservice+0x14c8 @ 0x749514c8
SetKeyboardState+0xe587 CliImmSetHotKey-0x52d4 user32+0x4fa39 @ 0x7562fa39
LookupIconIdFromDirectoryEx+0x362 DdeCreateDataHandle-0x622 user32+0x2f316 @ 0x7560f316
CopyImage+0x4f SetWindowPlacement-0x5e user32+0x24a58 @ 0x75604a58
CopyImage+0xa3 SetWindowPlacement-0xa user32+0x24aac @ 0x75604aac
DdeConnectList+0xcec GetKeyNameTextW-0xc20 user32+0x5fb81 @ 0x7563fb81
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a
GetThemeBool+0x84e GetThemeTextExtent-0x1b5f uxtheme+0x16e9f @ 0x74496e9f
DrawThemeParentBackground+0x419 GetThemeAppProperties-0x47 uxtheme+0x1eb8f @ 0x7449eb8f
SystemParametersInfoA+0x40 DeleteMenu-0xba user32+0x26c70 @ 0x75606c70
clwcp+0x6d21b @ 0x46d21b
clwcp+0x6d2f1 @ 0x46d2f1
clwcp+0x4e293 @ 0x44e293
clwcp+0x4ded6 @ 0x44ded6
clwcp+0x56398 @ 0x456398
clwcp+0x6d57c @ 0x46d57c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

__exception__

July 22, 2023, 9:41 p.m.

stacktrace:

CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x750bd08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x750b964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x750a4d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x750a6f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x750ae825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x750a6002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x750a5fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x750a49e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x750a5a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x778d9a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x778f8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x778f8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x757f7a25
wscript+0x2fbd @ 0x312fbd
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x750d3ef4
registers.esp: 5764392
registers.edi: 0
registers.eax: 13278072
registers.ebp: 5764420
registers.edx: 1
registers.ebx: 0
registers.esi: 10447368
registers.ecx: 1949250940

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 22, 2023, 9:41 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\Temp\C06C.tmp\CLWCP.exe
file	C:\Users\test22\AppData\Local\Temp\C06C.tmp\freebobux.bat
file	C:\Users\test22\AppData\Local\Temp\C06C.tmp\x.vbs

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\C06C.tmp\CLWCP.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\C06C.tmp\CLWCP.exe

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0006b400', u'virtual_address': u'0x0037a000', u'entropy': 7.9993656001838955, u'name': u'UPX1', u'virtual_size': u'0x0006c000'}

entropy

7.99936560018

description

A section with a high entropy has been found

entropy

0.550706033376

description

Overall entropy of this PE file is high

Yara rule detected in process memory (8 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

The executable is compressed using UPX (2 events)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2052 resumed a thread in remote process 2208
NtResumeThread July 22, 2023, 9:41 p.m.	thread_handle: 0x00000294 suspend_count: 1 process_identifier: 2208	1	0	0

The process wscript.exe wrote an executable file to disk (1 event)

file	C:\Windows\SysWOW64\wscript.exe

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 events)

Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Trojan.GenericKD.36168245
FireEye	Trojan.GenericKD.36168245
ALYac	Trojan.GenericKD.36168245
Cylance	unsafe
VIPRE	Trojan.GenericKD.36168245
Sangfor	Trojan.Win32.Agent.V6dm
Arcabit	Trojan.Generic.D227E235
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	BAT/BadJoke.RA
BitDefender	Trojan.GenericKD.36168245
Avast	Win32:Trojan-gen
Emsisoft	Trojan.GenericKD.36168245 (B)
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.moderate.ml.score
Sophos	Generic Reputation PUA (PUA)
Jiangmin	HackTool.KMSAuto.en
Antiy-AVL	Trojan/BAT.BadJoke
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Trojan.GenericKD.36168245
Google	Detected
McAfee	Artemis!794B00893A1B
VBA32	TrojanPSW.Zbot
Malwarebytes	Malware.Heuristic.1003
TrendMicro-HouseCall	TROJ_GEN.R002H09BL23
Rising	Trojan.Zpevdo!8.F912 (CLOUD)
Ikarus	Trojan.BAT.BadJoke
MaxSecure	Trojan.Malware.201038644.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS

freebobux.bin.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All