popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

filer.exe

.NET framework(MSIL) Antivirus UPX Malicious Packer PE File OS Processor Check PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 28, 2023, 9:16 a.m. Nov. 28, 2023, 9:25 a.m.
Size 5.7MB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 51f23cd8d73782f1dd032789f10def23
SHA256 3b42d80f519d6a10afbda90dd7c92eb26f0d03be90b759f1d2c786efea7c05ff
CRC32 B5498D6F
ssdeep 98304:pR7UhLlXQgyyusLOIIw7BEtRkT7eAPTgHMQNGGGGGGGGGGGGGGGGGGGGGGGGGGGP:pilAiusLOVKBEET7eAPTgHMQNGGGGGG2
PDB Path C:\Users\??????????\source\repos\WindowsFormsApp10\WindowsFormsApp10\bin\x86\Release\Secured\WindowsFromApp1.pdb
Yara
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\Users\??????????\source\repos\WindowsFormsApp10\WindowsFormsApp10\bin\x86\Release\Secured\WindowsFromApp1.pdb
section {u'size_of_data': u'0x005a9000', u'virtual_address': u'0x00002000', u'entropy': 7.195138694173828, u'name': u'.text', u'virtual_size': u'0x005a8eec'} entropy 7.19513869417 description A section with a high entropy has been found
entropy 0.999655053467 description Overall entropy of this PE file is high
Lionic Trojan.Win32.Stealerc.i!c
Elastic malicious (high confidence)
FireEye Generic.mg.51f23cd8d73782f1
Skyhigh Artemis!Trojan
McAfee Artemis!51F23CD8D737
Malwarebytes Trojan.Crypt.MSIL.Generic
Sangfor Suspicious.Win32.Save.a
Cybereason malicious.1b7ea8
BitDefenderTheta Gen:NN.ZemsilF.36608.@p0@auBN@4j
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of MSIL/GenKryptik.GQNV
Cynet Malicious (score: 100)
ClamAV Win.Packed.njRAT-10002074-1
Kaspersky HEUR:Trojan-PSW.MSIL.Stealerc.gen
Avast CrypterX-gen [Trj]
DrWeb BackDoor.BladabindiNET.30
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Kingsoft Win32.PSWTroj.Undef.a
Microsoft Trojan:MSIL/Coinminer.UF!MTB
Gridinsoft Malware.Win32.XWorm.tr
ZoneAlarm HEUR:Trojan-PSW.MSIL.Stealerc.gen
Google Detected
VBA32 Trojan.MSIL.DiscoStealer.Heur
Cylance unsafe
TrendMicro-HouseCall TROJ_GEN.R002H0DKR23
Rising Backdoor.njRAT!1.9E49 (CLOUD)
Ikarus Win32.Outbreak
AVG CrypterX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)