popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ORDER-232112.pdf.js

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 14, 2023, 10:25 a.m. Dec. 14, 2023, 10:27 a.m.
Size 7.2KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 ad919f29a6186c40a5bcb76d18803bfb
SHA256 a7268c2478032f450c94b63b79b20f38e66d82d7ab76578ed2c6035e42e8b0e8
CRC32 96C42944
ssdeep 192:hr84vcGA0h55jOOeiRvcgpKG4bviy7dFnA2jseJp85YvcnuitvtpfEIfvuGgIqsw:FXp5r3pK5ZPfavuibS/Gj1uQHnK
Yara None matched

Name Response Post-Analysis Lookup
grapemundo.com
A 103.50.163.157
103.50.163.157
IP Address Status Action
103.50.163.157 Active Moloch
164.124.101.2 Active Moloch

Time & API Arguments Status Return Repeated

InternetCrackUrlW

 url: https://grapemundo.com/Apk/good.vbs
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 12582912
http_method: GET
referer:
path: /Apk/good.vbs
1 13369356 0
Time & API Arguments Status Return Repeated

InternetCrackUrlW

 url: https://grapemundo.com/Apk/good.vbs
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 12582912
http_method: GET
referer:
path: /Apk/good.vbs
1 13369356 0

send

 buffer: !
socket: 844
sent: 1
1 1 0

send

 buffer: qmezY‘]´*ûpOKؖ ¼Å½it÷?Âë­8nÜìy×`/5 ÀÀÀ À 28,ÿgrapemundo.com  
socket: 956
sent: 118
1 118 0

send

 buffer: !
socket: 844
sent: 1
1 1 0

send

 buffer: !
socket: 844
sent: 1
1 1 0

send

 buffer: qmezY’–ÿ7i¿ŠPÒ ë¶”Ÿœaúg©HŒ[âÉ%²ð,B/5 ÀÀÀ À 28,ÿgrapemundo.com  
socket: 956
sent: 118
1 118 0

send

 buffer: !
socket: 844
sent: 1
1 1 0

send

 buffer: !
socket: 844
sent: 1
1 1 0

send

 buffer: 51ezY’cøK„Û“ ®*” |€¶Å‚¾óK82õˆ  ÿ
socket: 956
sent: 58
1 58 0

send

 buffer: !
socket: 844
sent: 1
1 1 0

send

 buffer: !
socket: 844
sent: 1
1 1 0
Lionic Trojan.Script.Cryxos.4!c
FireEye JS:Trojan.Cryxos.10732
Skyhigh BehavesLike.JS.Nemucod.zx
Symantec ISB.Downloader!gen60
ESET-NOD32 VBS/TrojanDownloader.Agent.PHZ
Avast Other:Malware-gen [Trj]
Kaspersky HEUR:Trojan.Script.Generic
BitDefender JS:Trojan.Cryxos.10732
NANO-Antivirus Trojan.Script.Heuristic-js.iacgm
MicroWorld-eScan JS:Trojan.Cryxos.10732
Sophos JS/Drop-DHB
VIPRE JS:Trojan.Cryxos.10732
Emsisoft JS:Trojan.Cryxos.10732 (B)
Ikarus Trojan-Downloader.JS.Agent
Varist URL/Downldr.EA.gen!Eldorado
Microsoft Trojan:JS/Obfuse
Arcabit JS:Trojan.Cryxos.D29EC
ZoneAlarm HEUR:Trojan.Script.Generic
GData JS:Trojan.Cryxos.10732
Google Detected
ALYac JS:Trojan.Cryxos.10732
MAX malware (ai score=82)
Rising Downloader.Agent/VBS!8.10EA5 (TOPIS:E0:9kuM9iQ3OWD)
AVG Other:Malware-gen [Trj]