popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Random.exe

PE32 PE File .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 28, 2023, 9:16 a.m. Nov. 28, 2023, 9:33 a.m.
Size 1.9MB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 bb83e8db740d3441abb88dc34fd3759e
SHA256 e5f297504744c01bec8a5903f55b7fcc149e39a334a1c1cb80960878604b5012
CRC32 6F11103E
ssdeep 24576:Y2gnhjtlJEVGylDWYMl2q9SASTcfRYO1BguRF7/FgvfzckJrvSmbuvF:Y2scwylVMlVwqRhxFMBJWdF
PDB Path ©ˆÎxÁ%j-™Ä»¾ë—!¥ÈìZà!`—TQ€h¥ÖB¤´¢$òL»ýfãóÍTöÆE×írtwüâÁMäÔ¿T†âD¦Ø!ۙ óCiQÌÝFÇðPïîåÌô‚#¢Þó”a™
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
pdb_path ©ˆÎxÁ%j-™Ä»¾ë—!¥ÈìZà!`—TQ€h¥ÖB¤´¢$òL»ýfãóÍTöÆE×írtwüâÁMäÔ¿T†âD¦Ø!ۙ óCiQÌÝFÇðPïîåÌô‚#¢Þó”a™
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 2097152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00840000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f31000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f32000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00b50000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00bf0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00512000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00545000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0054b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00547000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0052c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00670000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0051c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0051a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.MSILHeracles.126757
Skyhigh Artemis!Trojan
McAfee Artemis!BB83E8DB740D
Malwarebytes Generic.Malware/Suspicious
VIPRE Gen:Variant.MSILHeracles.126757
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Symantec MSIL.KillAV!gen1
ESET-NOD32 a variant of MSIL/Kryptik.AKFZ
APEX Malicious
Kaspersky HEUR:Trojan-Spy.MSIL.SnakeLogger.gen
BitDefender Gen:Variant.MSILHeracles.126757
Avast Win32:RATX-gen [Trj]
Tencent Msil.Trojan-Spy.Snakelogger.Rsmw
Emsisoft Gen:Variant.MSILHeracles.126757 (B)
FireEye Generic.mg.bb83e8db740d3441
MAX malware (ai score=83)
Kingsoft MSIL.Trojan-Spy.SnakeLogger.gen
Microsoft Program:Win32/Wacapew.C!ml
Arcabit Trojan.MSILHeracles.D1EF25
ZoneAlarm HEUR:Trojan-Spy.MSIL.SnakeLogger.gen
GData Gen:Variant.MSILHeracles.126757
Cynet Malicious (score: 100)
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:RATX-gen [Trj]