popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

iox.exe

Malicious Packer UPX Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 15, 2023, 8:25 a.m. Dec. 15, 2023, 8:29 a.m.
Size 2.3MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 9db2d314dd3f704a02051ef5ea210993
SHA256 c6cf82919b809967d9d90ea73772a8aa1c1eb3bc59252d977500f64f1a0d6731
CRC32 704EECA2
ssdeep 49152:rPxfoRnTLWPW2szKDygg0DJ2g7X2gcIT:DxUTN2szK
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: iox v0.4 Access intranet easily (https://github.com/eddieivan01/iox) Usage: iox fwd/proxy [-l [*][HOST:]PORT] [-r [*]HOST:PORT] [-k HEX] [-t TIMEOUT] [-u] [-h] [-v] Options: -l [*][HOST:]PORT address to listen on. `*` means encrypted socket -r [*]HOST:PORT remote host to connect, HOST can be IP or Domain. `*` means encrypted socket -k HEX hexadecimal format key, be used to generate Key and IV -u udp forward mode -t TIMEOUT set connection timeout(millisecond), default is 5000 -v enable log output -h print usage then exit
console_handle: 0x0000000000000007
1 1 0
section .symtab
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0