popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

JinxRunner.exe

Malicious Packer UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 4, 2023, 10:27 a.m. Oct. 4, 2023, 10:29 a.m.
Size 8.9MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 d53171d108afee9cdfcd948f986d5541
SHA256 4be352f2e263f8eb6b1d8c2e66c00fc29ee7144cf2343736afd32d5fd38e3b15
CRC32 860ECEDF
ssdeep 98304:D3xGW8gvQ2gPwWft0+taUMvBP/NGqELiEld2j:LxGXgv38Zi+IUMvBP6LJY
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
ipinfo.io
A 34.117.59.81
34.117.59.81
IP Address Status Action
164.124.101.2 Active Moloch
34.117.59.81 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49163 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49163
34.117.59.81:443 		None None None

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
section .symtab
domain ipinfo.io
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0