popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

xoIBL6LAISDs.exe

Browser Login Data Stealer Generic Malware Malicious Library Downloader UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 7, 2023, 7:02 p.m. Nov. 7, 2023, 7:05 p.m.
Size 483.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 eb29546aff8b06616b7b226986fd7827
SHA256 021f3de7a37bd3c9e308f08b37a24e8d565b38af0db869fc3b224c363edbe0df
CRC32 5A8DAA45
ssdeep 6144:2/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec707ov:2/uPq3AfK496Gw0lwGXN3pvs/ZuN8v
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • Network_Downloader - File Downloader
  • infoStealer_browser_b_Zero - browser info stealer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
91.92.255.12 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
description xoIBL6LAISDs.exe tried to sleep 355 seconds, actually delayed analysis time by 355 seconds
host 91.92.255.12
Time & API Arguments Status Return Repeated

SetWindowsHookExA

 thread_identifier: 0
callback_function: 0x0040a2a4
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x00400000
1 5767561 0
dead_host 91.92.255.12:25050