Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 30, 2024, 9:48 a.m.	April 30, 2024, 9:52 a.m.

Size	1.2MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`fc36ebc7382bec2df0e88995a1cec452`
SHA256	`38754abb186abcbde27381e5fe69a510152311dcfffd9afa192a4fc9ec56e9e4`
CRC32	`DCC313FE`
ssdeep	`12288:Er/7+R/dYRdLh2ujJmix5l2LoB0QCc0DiXhjgVBjvb9cUZt5D/:o61dYjh2ujl72LoVv3gVBJ5`
PDB Path	C:\Users\timwhite\Desktop\CVE-2018-8639-EXP\CVE-2018-8639-EXP\x64\Debug\CVE-2018-8639-EXP.pdb
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

LPE_ALL.exe "C:\Users\test22\AppData\Local\Temp\LPE_ALL.exe"
660
- cmd.exe C:\Windows\system32\cmd.exe /c pause
  2060

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW April 30, 2024, 9:48 a.m.	buffer: Press any key to continue . . . console_handle: 0x0000000000000007	1	1	0

pdb_path

C:\Users\timwhite\Desktop\CVE-2018-8639-EXP\CVE-2018-8639-EXP\x64\Debug\CVE-2018-8639-EXP.pdb

packer

Microsoft Visual C++ V8.0 (Debug)

cmdline

C:\Windows\system32\cmd.exe /c pause

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Skyhigh	Artemis!Trojan
Cylance	unsafe
Sangfor	Exploit.Win32.CVE.Vl8a
BitDefender	Trojan.GenericKD.72580368
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win64/Exploit.CVE-2018-8639.E
McAfee	Artemis!FC36EBC7382B
Alibaba	Exploit:Application/CVE-2018-8639.ffd182e5
MicroWorld-eScan	Trojan.GenericKD.72580368
Rising	Exploit.CVE-2018-8639!1.C9E7 (CLASSIC)
Emsisoft	Trojan.GenericKD.72580368 (B)
Zillya	Exploit.CVE20188639.Win64.2
FireEye	Trojan.GenericKD.72580368
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Hacktool
Google	Detected
MAX	malware (ai score=88)
Antiy-AVL	Trojan[Exploit]/Win64.CVE-2018-8639
Microsoft	Trojan:Win32/Zpevdo.B
GData	Trojan.GenericKD.72580368
Varist	W64/ABRisk.HKUR-8602
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware/Suspicious
alibabacloud	Exp:Win/CVE.2018.8639

LPE_ALL.exe