popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

axb.exe

UPX Malicious Library OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 2, 2023, 6:43 p.m. Sept. 2, 2023, 6:52 p.m.
Size 8.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 8f66a9149d62c7a6c8a5e1256c9343eb
SHA256 a49bd1b74a7a8a570032ba6aaf34044e260fefb2d4012a15f2a2b06abef21fe1
CRC32 FF039CAF
ssdeep 196608:3ueZVVizoTMt/XGusECmLeprgLB+S4DGdi5RqtcY3A6U3HlZGQZ4oPp:llizqMxCm6Gtdur5oSx3XGQX
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
156.236.72.121 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
WriteFile+0x94 GetCPHashNode-0x2c kernelbase+0x1ba4 @ 0x7fefd4f1ba4
WriteFile+0x36 WideCharToMultiByte-0x1a kernel32+0x235d6 @ 0x76c335d6
axb+0xb078 @ 0x13f04b078
axb+0xb666 @ 0x13f04b666
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 89 03 b8 01 00 00 00 48 8b 5c 24 78 48 8b b4 24
exception.symbol: WriteFile+0x94 GetCPHashNode-0x2c kernelbase+0x1ba4
exception.instruction: mov dword ptr [rbx], eax
exception.module: KERNELBASE.dll
exception.exception_code: 0xc0000005
exception.offset: 7076
exception.address: 0x7fefd4f1ba4
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2031296
registers.r11: 514
registers.r8: 2030008
registers.r9: 2030048
registers.rdx: 8796092887632
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 32768
registers.r13: 0
1 0 0
file C:\Users\test22\AppData\Local\Temp\onefile_2552_133381370198281250\test.exe
host 156.236.72.121
Bkav W32.AIDetectMalware.64
Lionic Trojan.Win32.Generic.4!c
MicroWorld-eScan Gen:Variant.Tedy.398944
FireEye Gen:Variant.Tedy.398944
VIPRE Gen:Variant.Tedy.398944
Alibaba TrojanSpy:Win32/Cordimik.83ea2181
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 Python/Spy.Agent.QU
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Tedy.398944
Avast Win64:Evo-gen [Trj]
Tencent Malware.Win32.Gencirc.11b00322
Emsisoft Gen:Variant.Tedy.398944 (B)
Zillya Trojan.Disco.Win64.553
McAfee-GW-Edition BehavesLike.Win64.Generic.rc
Antiy-AVL Trojan[PSW]/Win64.Disco
Microsoft Trojan:Win32/Wacatac.B!ml
Gridinsoft Ransom.Win64.Wacatac.sa
Arcabit Trojan.Tedy.D61660
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Tedy.398944
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.DropperX-gen.C5451159
Cylance unsafe
APEX Malicious
Rising Spyware.Agent!8.C6 (CLOUD)
MAX malware (ai score=80)
AVG Win64:Evo-gen [Trj]
DeepInstinct MALICIOUS
dead_host 156.236.72.121:443
dead_host 192.168.56.101:49817