popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Oni_Fortnite_Cheat.exe

Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer ftp PE64 dll PE File OS Processor Check ZIP Format DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 5, 2023, 5:11 p.m. Oct. 5, 2023, 5:16 p.m.
Size 24.2MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 b6bc88989728f250b472d036a6b87a2a
SHA256 ffaf7e8680dbd96e059072461c257ec6457e8a04113144b827c257a79e462451
CRC32 6B948F6E
ssdeep 393216:Hh3nJWQDoYNLOPhVOshouIkPdtRL5J26YD76lCOd/V:Hh3EQMYduhwwouJtRLHWmb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x7fef7c97ef8
registers.r14: 0
registers.r15: 196964
registers.rcx: 196964
registers.rsi: 1
registers.r10: 196964
registers.rbx: 0
registers.rsp: 4221608
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 28
registers.r12: 0
registers.rbp: 10339776
registers.rdi: 0
registers.rax: 4221712
registers.r13: 28
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Pythonwin\mfc140u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\libffi-8.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\libcrypto-3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\libssl-3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\python311.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\pywin32_system32\pywintypes311.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\pywin32_system32\pythoncom311.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\VCRUNTIME140_1.dll
cmdline "C:\Users\test22\AppData\Local\Temp\Oni_Fortnite_Cheat.exe"
file C:\Users\test22\AppData\Local\Temp\_MEI20722\cryptography-41.0.3.dist-info\INSTALLER
file C:\Users\test22\AppData\Local\Temp\_MEI20722\cryptography-41.0.3.dist-info\RECORD
file C:\Users\test22\AppData\Local\Temp\_MEI20722\PIL\_webp.cp311-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Cipher\_raw_aes.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Cipher\_raw_aesni.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Math\_modexp.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Hash\_SHA512.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\cryptography-41.0.3.dist-info\REQUESTED
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_sqlite3.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Cipher\_raw_des.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\libcrypto-3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Hash\_RIPEMD160.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Hash\_ghash_clmul.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Hash\_SHA256.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\cryptography-41.0.3.dist-info\top_level.txt
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\PublicKey\_ec_ws.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_queue.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\PublicKey\_x25519.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\PublicKey\_ed448.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Cipher\_chacha20.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Hash\_MD4.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Cipher\_raw_ecb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\unicodedata.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Hash\_SHA224.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_overlapped.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\cryptography-41.0.3.dist-info\WHEEL
file C:\Users\test22\AppData\Local\Temp\_MEI20722\charset_normalizer\md.cp311-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\certifi\py.typed
file C:\Users\test22\AppData\Local\Temp\_MEI20722\cryptography\hazmat\bindings\_rust.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\select.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\psutil\_psutil_windows.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\cryptography-41.0.3.dist-info\METADATA
file C:\Users\test22\AppData\Local\Temp\_MEI20722\PIL\_imagingcms.cp311-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Util\_strxor.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\win32com\shell\shell.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Cipher\_raw_eksblowfish.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Hash\_SHA1.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\pyexpat.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Cipher\_raw_ofb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Pythonwin\mfc140u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\setuptools-65.5.0.dist-info\WHEEL
file C:\Users\test22\AppData\Local\Temp\_MEI20722\setuptools-65.5.0.dist-info\top_level.txt
file C:\Users\test22\AppData\Local\Temp\_MEI20722\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Hash\_MD2.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\_bz2.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Util\_cpuid_c.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\python311.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\Cipher\_raw_ctr.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20722\Cryptodome\PublicKey\_ed25519.pyd
Bkav W32.Common.F06A6308
Malwarebytes Malware.AI.1360642610
Zillya Trojan.Disin.Script.64
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 Python/Spy.Agent.KI
Cynet Malicious (score: 99)
Kaspersky Trojan.Win32.Agent.xberjv
Alibaba TrojanPSW:Win32/Almi_Disco.a
NANO-Antivirus Trojan.Win64.Drop.kbrxkq
Rising Trojan.Agent!8.B1E (CLOUD)
F-Secure Trojan.TR/Spy.Agent.ftmyh
DrWeb Python.Stealer.1153
McAfee-GW-Edition Artemis
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Pyinstaller
Jiangmin TrojanSpy.Agent.aftb
Avira TR/Spy.Agent.ftmyh
Microsoft Trojan:Script/Phonzy.B!ml
Gridinsoft Trojan.Win64.Packed.oa!s1
ZoneAlarm Trojan.Win32.Agent.xberjv
Google Detected
AhnLab-V3 Trojan/Win.Evo-gen.R606238
McAfee Artemis!B6BC88989728
DeepInstinct MALICIOUS
Cylance unsafe
Panda Trj/Chgt.AD
MaxSecure Trojan.Malware.121218.susgen
Fortinet W32/Agent.KI!tr.spy
AVG Win64:Evo-gen [Trj]
Avast Win64:Evo-gen [Trj]