Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 7, 2023, 9:25 a.m.	Aug. 7, 2023, 9:29 a.m.

Size	224.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bca6e394222e591240d968c68e6ebfc0`
SHA256	`4cf3e61708a23a554c170095166cb5f057696ab311ee364ed1ea9677287be0c9`
CRC32	`8827DF75`
ssdeep	`3072:yb9DP66sfcup57HC4TYwG8gaAC4o0dTOYwFF08MGcfkuJaUo9xAg0Fujok40xge7:ybNPRVUBlG8gYZ0BOrojGQGAOj4KDiu`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

pcr.exe "C:\Users\test22\AppData\Local\Temp\pcr.exe"
2680

Name	Response	Post-Analysis Lookup
aeqhvh.nasongle.t34gs1x.top	A 172.67.171.45 A 104.21.39.183	104.21.39.183

IP Address	Status	Action
104.21.39.183	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49162 -> 104.21.39.183:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
UDP 192.168.56.101:54148 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 7, 2023, 9:25 a.m.			0	0

Performs some HTTP requests (1 event)

request

GET http://AEQhVH.nasongle.t34gs1x.top/cc.txt

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

aeqhvh.nasongle.t34gs1x.top

description

Generic top level domain TLD

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W32.Common.EC15CA72
Lionic	Trojan.Win32.Farfli.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.68437282
FireEye	Generic.mg.bca6e394222e5912
McAfee	GenericRXWG-VY!BCA6E394222E
Malwarebytes	Malware.AI.4228770494
Sangfor	Backdoor.Win32.Farfli.Vl7i
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Farfli.e2e075f4
K7GW	Trojan-Downloader ( 005a992b1 )
K7AntiVirus	Trojan-Downloader ( 005a992b1 )
Arcabit	Trojan.Generic.D4144522
Cyren	W32/ABRisk.MTPT-5683
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/TrojanDownloader.Agent.HBY
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Backdoor.Win32.Farfli.gen
BitDefender	Trojan.GenericKD.68437282
NANO-Antivirus	Trojan.Win32.Farfli.jxwlul
Avast	Win32:BackdoorX-gen [Trj]
Tencent	Malware.Win32.Gencirc.13eb68d8
Emsisoft	Trojan.GenericKD.68437282 (B)
F-Secure	Trojan.TR/Dldr.Agent.ofjdi
DrWeb	Trojan.Siggen11.63246
VIPRE	Trojan.GenericKD.68437282
TrendMicro	TROJ_GEN.R023C0XH323
McAfee-GW-Edition	BehavesLike.Win32.AdwareLinkury.dh
Sophos	Mal/Generic-S
Webroot	W32.Trojan.Gen
Avira	TR/Dldr.Agent.ofjdi
MAX	malware (ai score=84)
Antiy-AVL	Trojan[Backdoor]/Win32.Farfli
Microsoft	Trojan:Win32/Casdet!rfn
ViRobot	Trojan.Win.Z.Agent.229376.HVA
ZoneAlarm	HEUR:Backdoor.Win32.Farfli.gen
GData	Trojan.GenericKD.68437282
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5463615
BitDefenderTheta	Gen:NN.ZexaF.36348.ouW@aGv4hRni
ALYac	Trojan.GenericKD.68437282
VBA32	suspected of Trojan.Downloader.gen
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R023C0XH323
Rising	Backdoor.Farfli!8.B4 (TFE:5:feLBk2rA69L)
Ikarus	Trojan.Win32.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.HBY!tr.dldr

pcr.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All