popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

xCpfJFvnvULI.exe

Browser Login Data Stealer Generic Malware Malicious Library Downloader UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 3, 2023, 7:41 p.m. Oct. 3, 2023, 7:43 p.m.
Size 483.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 67f66acafd69e185e297a7fd06c24ed5
SHA256 4953397ff1e2db23646a3e86c91b1f5fd3b7a4e5565dffa00feb9bb26f054bc3
CRC32 FEA250AF
ssdeep 6144:m/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec7q7ov:m/uPq3AfK496Gw0lwGXN3pvs/Zuj8v
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • infoStealer_browser_b_Zero - browser info stealer
  • PE_Header_Zero - PE File Signature
  • Network_Downloader - File Downloader
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
asegurar100.4cloud.click
A 181.141.3.182
181.141.3.182
IP Address Status Action
164.124.101.2 Active Moloch
181.141.3.182 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.102:63709 -> 164.124.101.2:53 2046013 ET INFO DYNAMIC_DNS Query to a *.4cloud .click Domain Potentially Bad Traffic

Suricata TLS

No Suricata TLS

section .gfids
description xCpfJFvnvULI.exe tried to sleep 355 seconds, actually delayed analysis time by 355 seconds
Time & API Arguments Status Return Repeated

SetWindowsHookExA

 thread_identifier: 0
callback_function: 0x0040a2a4
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x00400000
1 131355 0
dead_host 181.141.3.182:8888
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Remcos.4!c
MicroWorld-eScan Generic.Remcos.2D0236B9
McAfee Remcos-FDQO!67F66ACAFD69
Malwarebytes Generic.Malware.AI.DDS
VIPRE Generic.Remcos.2D0236B9
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0053ba121 )
K7GW Trojan ( 0053ba121 )
Cybereason malicious.bcf643
Arcabit Generic.Remcos.2D0236B9
Baidu Win32.Trojan.Kryptik.awm
VirIT Trojan.Win32.Genus.TDZ
Cyren W32/Remcos.AE.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic Windows.Trojan.Remcos
ESET-NOD32 a variant of Win32/Rescoms.B
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Trojan.Remcos-9841897-0
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
BitDefender Generic.Remcos.2D0236B9
NANO-Antivirus Trojan.Win32.Remcos.kakzkh
Avast Win32:RATX-gen [Trj]
Tencent Malware.Win32.Gencirc.10bf23c3
Emsisoft Generic.Remcos.2D0236B9 (B)
F-Secure Backdoor.BDS/Backdoor.Gen
DrWeb Trojan.DownLoader46.4974
Zillya Trojan.Rescoms.Win32.1477
TrendMicro Backdoor.Win32.REMCOS.YXDJCZ
McAfee-GW-Edition BehavesLike.Win32.Remcos.gh
FireEye Generic.mg.67f66acafd69e185
Sophos Mal/Emogen-Y
Ikarus Win32.Outbreak
Jiangmin Backdoor.Remcos.dwr
Avira BDS/Backdoor.Gen
Antiy-AVL Trojan[Backdoor]/Win32.Rescoms.b
Kingsoft malware.kb.a.1000
Gridinsoft Trojan.Win32.Remcos.bot
Microsoft Backdoor:Win32/Remcos.GA!MTB
ViRobot Trojan.Win.Z.Remcos.494592.AY
ZoneAlarm HEUR:Backdoor.Win32.Remcos.gen
GData Generic.Remcos.2D0236B9
Google Detected
AhnLab-V3 Backdoor/Win.Remcos.R605454
BitDefenderTheta Gen:NN.ZexaF.36738.ECW@aWdnGrci
ALYac Generic.Remcos.2D0236B9
MAX malware (ai score=80)
VBA32 Backdoor.Remcos
Cylance unsafe