popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

x.exe

Malicious Library UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 1, 2023, 8:01 a.m. Aug. 1, 2023, 8:06 a.m.
Size 2.2MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 56d79c2e80c07da469b2e00bcf381659
SHA256 424879b9429fcf6cf0fe3c8b2cb5670e689497cc4bbb1ea9115585dc6e931ac3
CRC32 90E5DF5E
ssdeep 24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABt3:PBozBdhEV7q8bOQnIFWY+3Je0wf
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RDATA
description x.exe tried to sleep 131 seconds, actually delayed analysis time by 104 seconds
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 1 (FILE_OPEN)
file_handle: 0x00000000000000ac
filepath: \??\PhysicalDrive0
desired_access: 0x00100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE)
file_attributes: 0 ()
filepath_r: \??\PhysicalDrive0
create_options: 96 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 0 (FILE_SUPERSEDED)
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
1 0 0

DeviceIoControl

 input_buffer:
control_code: 458752 (IOCTL_DISK_GET_DRIVE_GEOMETRY)
device_handle: 0x00000000000000ac
output_buffer: Q ÿ?
1 1 0
Bkav W32.Common.396421F9
Lionic Trojan.Win32.Stealer.12!c
MicroWorld-eScan Trojan.GenericKD.68414547
FireEye Trojan.GenericKD.68414547
ALYac Trojan.GenericKD.68414547
Cylance unsafe
Zillya Trojan.Stealer.Win64.160
K7AntiVirus Password-Stealer ( 0058bf531 )
Alibaba TrojanPSW:Win64/Stealer.c1cb5c72
K7GW Password-Stealer ( 0058bf531 )
Cyren W64/S-1ba309c0!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/PSW.Agent.BK
Kaspersky Trojan-PSW.Win64.Stealer.age
BitDefender Trojan.GenericKD.68414547
Tencent Malware.Win32.Gencirc.10be934d
TACHYON Trojan-PWS/W64.InfoStealer.2280448
Emsisoft Trojan.GenericKD.68414547 (B)
F-Secure Trojan.TR/PSW.Agent.lyrhj
DrWeb Trojan.PWS.Stealer.37033
VIPRE Trojan.GenericKD.68414547
McAfee-GW-Edition BehavesLike.Win64.Dropper.vh
Sophos Mal/Generic-S
Ikarus Trojan-PSW.Agent
Jiangmin Trojan.PSW.Stealer.chb
Webroot W32.Trojan.Invictastealer
Avira TR/PSW.Agent.lyrhj
Antiy-AVL Trojan[Backdoor]/Win64.Mozaakai
Gridinsoft Malware.Win64.Gen.bot
Arcabit Trojan.Generic.D413EC53
ViRobot Trojan.Win.Z.Zusy.2280448.BU
ZoneAlarm Trojan-PSW.Win64.Stealer.age
GData Trojan.GenericKD.68414547
Cynet Malicious (score: 100)
AhnLab-V3 Backdoor/Win.Mozaakai.R568695
MAX malware (ai score=89)
DeepInstinct MALICIOUS
Malwarebytes PasswordStealer.Spyware.Stealer.DDS
TrendMicro-HouseCall TROJ_GEN.R002C0DGS23
Rising Backdoor.Mozaakai!8.11A7D (TFE:5:m459qOqnsqT)
Yandex Trojan.PWS.Agent!ZV2d0QxvppY
Fortinet W64/Agent.BK!tr
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)