popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

config.exe

PhysicalDrive Malicious Library UPX Anti_VM ftp PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 31, 2024, 3:41 p.m. Jan. 31, 2024, 3:55 p.m.
Size 2.7MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 f92cabc07a676ab522160b08b604683a
SHA256 90bd78de6f692255a95c7cf07d7547dd783c3580cda0d95a515f25b564f8fe43
CRC32 49999AB1
ssdeep 24576:ETk1nzHm9FFsMuQxS4ZEe2eqvYKQ3RSESYtp4jOULrbDX6gCVVg+UjDNdqYHQdqj:EI1GFrO9SShjOyaVQlwD/kJ8VM
PDB Path C:\Users\user\Desktop\cpp\seidr_build\x64\Release\seidr_build.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PhysicalDrive_20181001 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • ftp_command - ftp command
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\Users\user\Desktop\cpp\seidr_build\x64\Release\seidr_build.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 1 (FILE_OPEN)
file_handle: 0x00000000000000ac
filepath: \??\PhysicalDrive0
desired_access: 0x00100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE)
file_attributes: 0 ()
filepath_r: \??\PhysicalDrive0
create_options: 96 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 0 (FILE_SUPERSEDED)
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
1 0 0

DeviceIoControl

 input_buffer:
control_code: 458752 (IOCTL_DISK_GET_DRIVE_GEOMETRY)
device_handle: 0x00000000000000ac
output_buffer: Q ÿ?
1 1 0
Lionic Trojan.Win32.Stealer.12!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Dropper.vh
ALYac Trojan.GenericKD.71027210
Cylance unsafe
VIPRE Trojan.GenericKD.71027210
K7AntiVirus Riskware ( 00584baa1 )
BitDefender Trojan.GenericKD.71027210
K7GW Riskware ( 00584baa1 )
Arcabit Trojan.Generic.D43BCA0A
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Spy.Agent.HR
APEX Malicious
McAfee Artemis!F92CABC07A67
Avast Win64:PWSX-gen [Trj]
Kaspersky Trojan-PSW.Win64.Stealer.onx
Alibaba TrojanPSW:Win64/Stealer.67c1492a
MicroWorld-eScan Trojan.GenericKD.71027210
Emsisoft Trojan.GenericKD.71027210 (B)
F-Secure Trojan.TR/Redcap.yzbvu
TrendMicro TROJ_GEN.R011C0XA424
FireEye Trojan.GenericKD.71027210
Sophos Mal/Generic-S
Ikarus Trojan.Win64.Spy
Webroot W32.Trojan.GenKD
Google Detected
Avira TR/Redcap.yzbvu
MAX malware (ai score=88)
Antiy-AVL Trojan[PSW]/Win64.Stealer
Kingsoft Win32.Troj.Unknown.a
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm Trojan-PSW.Win64.Stealer.onx
GData Trojan.GenericKD.71027210
Varist W64/ABRisk.KPXQ-3313
AhnLab-V3 Trojan/Win.Generic.C5576803
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3183131569
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R011C0XA424
Tencent Malware.Win32.Gencirc.13fe938e
MaxSecure Trojan.Malware.222207948.susgen
Fortinet W32/PossibleThreat
AVG Win64:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_70% (W)