Summary | ZeroBOX

explore.exe

Malicious Library UPX OS Processor Check PE64 PE File
Category Machine Started Completed
FILE s1_win7_x6403_us July 26, 2023, 5:26 p.m. July 26, 2023, 5:30 p.m.
Size 94.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 0eb17599a6d6340826cde1fb9555a801
SHA256 bf1462ab1a3cf16b7d68d3adf6e045445295dc6aeeb282a8aa2cbdfba764bae5
CRC32 998A308A
ssdeep 1536:uszP8laTTjQTUCoL+bfDioMqmmQqVsW3d09dlP9uCZc5:uszEmXQISLioMkQEMh9uC
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
103.57.228.101 Active Moloch

section _RDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 1680
region_size: 30003200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002340000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

flags: 16
family: 0
1 0 0
host 103.57.228.101
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0
Bkav W32.Common.7CE4E507
Lionic Trojan.Win32.Rekvex.4!c
MicroWorld-eScan Gen:Variant.Zusy.478419
FireEye Gen:Variant.Zusy.478419
ALYac Gen:Variant.Zusy.478419
Malwarebytes Malware.AI.553375904
Zillya Trojan.Rekvex.Win32.150
Sangfor Trojan.Win32.Rozena.Vbsa
K7AntiVirus Trojan ( 005988b31 )
Alibaba Trojan:Win64/Rozena.f10ea64c
K7GW Trojan ( 005988b31 )
Arcabit Trojan.Zusy.D74CD3
Cyren W64/ABRisk.VDRD-5763
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Rozena.TA
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky Trojan.Win32.Rekvex.bah
BitDefender Gen:Variant.Zusy.478419
Avast Win64:TrojanX-gen [Trj]
Tencent Malware.Win32.Gencirc.13ea7484
Emsisoft Gen:Variant.Zusy.478419 (B)
F-Secure Trojan.TR/Redcap.nksry
VIPRE Gen:Variant.Zusy.478419
TrendMicro TROJ_GEN.R002C0XGP23
McAfee-GW-Edition BehavesLike.Win64.Generic.nm
Sophos Mal/Generic-S
Jiangmin Trojan.Rekvex.bk
Avira TR/Redcap.nksry
Antiy-AVL Trojan/Win64.Rozena
Microsoft Trojan:Win64/Rozena.EN!MTB
ViRobot Trojan.Win.Z.Rekvex.96768.C
ZoneAlarm Trojan.Win32.Rekvex.bah
GData Gen:Variant.Zusy.478419
Google Detected
AhnLab-V3 Trojan/Win.Generic.R521258
McAfee Artemis!0EB17599A6D6
MAX malware (ai score=80)
VBA32 Trojan.Rekvex
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0XGP23
Rising Trojan.Rekvex!8.1170C (TFE:5:IE1K4aiQOqH)
Yandex Trojan.Rozena!//JMMR/cwKE
Ikarus Trojan.Win64.Rozena
MaxSecure Trojan.Malware.187602278.susgen
Fortinet W64/Rozena.TA!tr
AVG Win64:TrojanX-gen [Trj]
DeepInstinct MALICIOUS