popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

TextMarks.exe

Gen1 Malicious Library UPX Malicious Packer MSOffice File PE64 PE File OS Processor Check wget dll DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 29, 2024, 7:46 a.m. March 29, 2024, 7:57 a.m.
Size 30.6MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 ff35671d54d612772b0c22c141a3056e
SHA256 2f625ea35f82332c639049c4a849f39cd2b74acb013880d156a2f647497c2512
CRC32 A864D785
ssdeep 98304:Y1ykcjtwknB+uZuNRJ4GOnkYcxVCHixHIf2Lwp27IWDpWVnPfMIHpV6FECFErKrz:7RnB+uQ4lip97onPfMIHHvCFHWrL
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Malicious_Packer_Zero - Malicious Packer
  • wget_command - wget command
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Elastic malicious (high confidence)
Skyhigh Artemis
Cylance unsafe
K7AntiVirus Trojan ( 005b177d1 )
K7GW Trojan ( 005b177d1 )
VirIT Trojan.Win64.Agent.GKL
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/Agent.VY
Avast Win64:Malware-gen
Kaspersky Trojan.MSIL.Agent.qwisfb
F-Secure Trojan.TR/AVI.Agent.vsbxc
Sophos Mal/Generic-S
Ikarus Win32.Outbreak
Google Detected
Avira TR/AVI.Agent.vsbxc
Antiy-AVL Trojan/Win32.Agent
Gridinsoft Spy.Win64.Gen.tr
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm Trojan.MSIL.Agent.qwisfb
Varist W64/Agent.IKW.gen!Eldorado
AhnLab-V3 Malware/Win.Generic.C5605929
DeepInstinct MALICIOUS
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H0DCS24
Fortinet W32/Agent.VY!tr
AVG Win64:Malware-gen
alibabacloud Trojan:Multi/Agent.VY