Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 06:09
audiodg.exe
09.22 06:09
psfod.exe
09.22 06:09
73EtsZxIoDetWTu.exe
09.22 06:09
otqp9.exe
09.22 06:09
xx.exe
09.22 06:09
fck.exe
09.22 06:09
LummaC222222.exe
09.22 06:09
seethebestwayforunders...
09.22 06:09
Name.exe
09.22 06:09
needmoney.exe

Latest News
09.23 08:09
컬러풀대구 웨딩박람회, 오는 10월 엑스...
09.23 08:09
3D Printing a Wire-Wra...
09.23 07:09
Three Media Moguls Are...
09.23 07:09
Harris Vows to Grow AI...
09.23 07:09
September 23, 2024
09.23 06:09
Apollo to Offer Multib...
09.23 05:09
The Russian APT Tool M...
09.23 05:09
Hackaday Links: Septem...
09.23 05:09
Fed’s Rate Cut Comes W...
09.23 05:09
Schluss mit Bildmanipu...

Summary | ZeroBOX

021983908713.exe

PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 14, 2023, 7:55 a.m.	Dec. 14, 2023, 8:08 a.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`5553b09479b6bb61784ac90f9089d889`
SHA256	`44e022223df79fb2724a328b1390e2724ecaf8721328c4cf36e03da2a67c4a95`
CRC32	`EC2A8DC7`
ssdeep	`24:eFGStrJ9u0/6QanRnZdkBQAV23WkNYKZqPeNDMSCvOXpmB:is0dahkBQFGZSD9C2kB`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

021983908713.exe "C:\Users\test22\AppData\Local\Temp\021983908713.exe"
940

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
188.75.155.250	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gjea

Communicates with host for which no DNS query was performed (1 event)

host

188.75.155.250

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

188.75.155.250:4444

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Metasploit.4!c
Elastic	Windows.Trojan.Metasploit
DrWeb	BackDoor.Shell.244
MicroWorld-eScan	Trojan.Metasploit.A
CAT-QuickHeal	HackTool.Metasploit.S9212471
Skyhigh	BehavesLike.Win64.Infected.zz
ALYac	Trojan.Metasploit.A
Malwarebytes	Trojan.MalPack
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 004fae881 )
Alibaba	Trojan:Win32/CobaltStrike.5f03
K7GW	Trojan ( 004fae881 )
Cybereason	malicious.36e7fa
VirIT	Trojan.Win32.Generic.BZPS
Symantec	Meterpreter
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
Kaspersky	HEUR:Trojan.Win64.Packed.gen
BitDefender	Trojan.Metasploit.A
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
Avast	Win32:MsfShell-V [Hack]
Tencent	Hacktool.Win64.Rozena.a
Emsisoft	Trojan.Metasploit.A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
VIPRE	Trojan.Metasploit.A
TrendMicro	TROJ64_SWRORT.SM1
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.5553b09479b6bb61
Sophos	ATK/Meter-A
SentinelOne	Static AI - Malicious PE
MAX	malware (ai score=82)
Jiangmin	Trojan.Generic.auyjj
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
Varist	W64/S-c4a4ef26!Eldorado
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	malware.kb.b.977
Microsoft	Trojan:Win64/Metasploit!pz
Gridinsoft	Trojan.Win64.Gen.tr
Arcabit	Trojan.Metasploit.A
ViRobot	Trojan.Win.Z.Metasploit.7168.DTO
ZoneAlarm	HEUR:Trojan.Win64.Packed.gen
GData	Trojan.Metasploit.A
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.RL_Generic.R357794
Acronis	suspicious
McAfee	Trojan-FJIN!5553B09479B6
Cylance	unsafe