Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 13, 2024, 11:19 a.m.	April 13, 2024, 11:19 a.m.

Size	296.6KB
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3135f1c77e01d6df92c04083716c5c47`
SHA256	`31d9bd4c734cbfa25036a6947352a5a56d0f9aa59c6fc10cc2f47248d2a15d5b`
CRC32	`3CE0C4BF`
ssdeep	`6144:FptAhnY+Cvu5tt5lj4yIxOLc9xZuuz6ISD6JY:fOYXG/jwz9CXIS+JY`
PDB Path	Cortege.pdb
Yara	Craxs_RAT - Craxs RAT PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

Cortege.pdb

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00044a00', u'virtual_address': u'0x00002000', u'entropy': 7.7448489151280695, u'name': u'.text', u'virtual_size': u'0x00044944'}

entropy

7.74484891513

description

A section with a high entropy has been found

entropy

0.992766726944

description

Overall entropy of this PE file is high

Ore-Cli-Win-1.1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All