Summary | ZeroBOX

09LW5kZ-.exe

PE64 PE File
Category Machine Started Completed
FILE s1_win7_x6401 July 30, 2023, 8:55 a.m. July 30, 2023, 9 a.m.
Size 9.9MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 b56676093945f3c0c4676803cf7e0d50
SHA256 ce7a9a4a88a1a9f154bb4e0650864933d87fd75bef94ec000faf24f75d0a308f
CRC32 6BEFB617
ssdeep 196608:8Q9EVu0I6h00r8jBYHob4t+6c7vdFjoRfkq3N6Zs83xH:80uu0LLYjA1uTpq3NDYH
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

IP Address Status Action
104.248.239.160 Active Moloch
164.124.101.2 Active Moloch
34.149.22.228 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.101:49163
34.149.22.228:443
None None None

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 2556
region_size: 159744
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000530000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x009c4600', u'virtual_address': u'0x0001f000', u'entropy': 7.643993295116917, u'name': u'.data', u'virtual_size': u'0x009c4500'} entropy 7.64399329512 description A section with a high entropy has been found
entropy 0.985126816055 description Overall entropy of this PE file is high
host 104.248.239.160
dead_host 104.248.239.160:80
Bkav W32.Common.05FAED26
Lionic Trojan.Win32.Injector.4!c
DrWeb Trojan.Siggen21.12170
MicroWorld-eScan Gen:Variant.Tedy.367730
FireEye Gen:Variant.Tedy.367730
ALYac Gen:Variant.Tedy.367730
Malwarebytes Crypt.Trojan.MSIL.DDS
VIPRE Gen:Variant.Tedy.367730
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005a508c1 )
Alibaba Trojan:Win64/Reflo.85b6ea73
K7GW Trojan ( 005a508c1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Tedy.D59C72
Cyren W64/Injector.BMR.gen!Eldorado
Symantec Trojan.Gen.MBT
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/GenKryptik.GIIA
Cynet Malicious (score: 100)
ClamAV Win.Packed.Tedy-10005655-0
Kaspersky Trojan.Win64.Reflo.ctn
BitDefender Gen:Variant.Tedy.367730
Avast Win64:Evo-gen [Trj]
Emsisoft Gen:Variant.Tedy.367730 (B)
F-Secure Trojan.TR/AD.Nekark.hlkng
TrendMicro Trojan.Win64.AMADEY.YXDGXZ
McAfee-GW-Edition BehavesLike.Win64.Sivis.tc
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Webroot W32.Trojan.TR.AD.Nekark.hlkng
Avira TR/AD.Nekark.hlkng
Antiy-AVL Trojan/Win64.GenKryptik
Microsoft Trojan:Win32/Xmrig!ic
ZoneAlarm Trojan.Win64.Reflo.ctn
GData Gen:Variant.Tedy.367730
Google Detected
AhnLab-V3 Trojan/Win.Generic.R570073
McAfee Artemis!B56676093945
MAX malware (ai score=81)
Cylance unsafe
Panda Trj/CI.A
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXDGXZ
Rising Trojan.Kryptik!8.8 (TFE:5:tSjl4DNY5BP)
Ikarus Trojan.Win64.Krypt
MaxSecure Trojan.Malware.214891875.susgen
Fortinet W64/GenKryptik.GIIA!tr
AVG Win64:Evo-gen [Trj]
Cybereason malicious.9bb991
DeepInstinct MALICIOUS