popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

qwe.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 18, 2023, 9:44 a.m. Dec. 18, 2023, 9:48 a.m.
Size 467.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9f497e5418aaf7b8f15b92535de3c0d9
SHA256 343472c00eb7b941aa8b25e90a3b9335a00f52690edefe1d9eb2df9bfa126b2c
CRC32 D598AD87
ssdeep 12288:tWjFG3WnyUhcw0tJ8QDdUh6Q2M587ZD8AHZgLs:tWRGmnyUhcnbDd+zkNKL
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
65.60.36.22 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
qwe+0x440ce @ 0x3f40ce
qwe+0x1b345 @ 0x3cb345
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 08 01 c8 83 c0 04 89 45 d4 a1 dc 48 41 00 66
exception.symbol: qwe+0x4a29b
exception.instruction: mov ecx, dword ptr [eax]
exception.module: qwe.exe
exception.exception_code: 0xc0000005
exception.offset: 303771
exception.address: 0x3fa29b
registers.esp: 5765904
registers.edi: 4169458
registers.eax: 8613
registers.ebp: 5766084
registers.edx: 5765944
registers.ebx: 0
registers.esi: 5765916
registers.ecx: 1
1 0 0
host 65.60.36.22
Bkav W32.AIDetectMalware
MicroWorld-eScan Gen:Heur.Mint.Zard.25
FireEye Generic.mg.9f497e5418aaf7b8
Skyhigh BehavesLike.Win32.Generic.gh
ALYac Gen:Heur.Mint.Zard.25
CrowdStrike win/malicious_confidence_60% (D)
Arcabit Trojan.Mint.Zard.25
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
APEX Malicious
Kaspersky HEUR:Trojan-Downloader.Win32.Zload.vho
BitDefender Gen:Heur.Mint.Zard.25
Emsisoft Gen:Heur.Mint.Zard.25 (B)
VIPRE Gen:Heur.Mint.Zard.25
Trapmine malicious.high.ml.score
SentinelOne Static AI - Malicious PE
Kingsoft Win32.Troj.HrupT.xm.352256
Microsoft Program:Win32/Wacapew.C!ml
ZoneAlarm HEUR:Trojan-Downloader.Win32.Zload.vho
GData Gen:Heur.Mint.Zard.25
Cynet Malicious (score: 100)
MAX malware (ai score=83)
Cylance unsafe
Rising Trojan.Generic@AI.90 (RDML:OVjD2m1BsDgndkfN2QcgTQ)
BitDefenderTheta Gen:NN.ZexaF.36608.DqW@aSlN3Ie
Cybereason malicious.977b63
DeepInstinct MALICIOUS