popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

mm.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 3, 2024, 7:38 a.m. May 3, 2024, 7:41 a.m.
Size 15.1MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 90023ee5d93707bca67e178daf81830f
SHA256 a90b80d9385f3b196ca2fb9d25a02a16700fda0187ae621d2dcace18b68307d4
CRC32 91671C00
ssdeep 98304:f9jn2KhtJjZo6O3NVS4hQGdAnE7eiXgcwd2:fhh/jZs3NA4hQGdn7gcww
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
167.71.205.181 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49165
167.71.205.181:5443 		None None None
TLS 1.3
192.168.56.103:49161
167.71.205.181:5443 		None None None
TLS 1.3
192.168.56.103:49163
167.71.205.181:5443 		None None None

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section .symtab
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 16
family: 0
1 0 0
host 167.71.205.181
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Sliver.4!c
Cynet Malicious (score: 99)
Skyhigh BehavesLike.Win64.Sliver.wh
ALYac DeepScan:Generic.Sliver.Marte.G.038AFE00
Cylance unsafe
VIPRE DeepScan:Generic.Sliver.Marte.G.038AFE00
Sangfor HackTool.Win32.Sliver_Implant_64bit.uwccg
BitDefender DeepScan:Generic.Sliver.Marte.G.038AFE00
K7GW Trojan ( 0059f2e01 )
K7AntiVirus Trojan ( 0059f2e01 )
Arcabit DeepScan:Generic.Sliver.Marte.G.038AFE00
VirIT Trojan.Win64.Genus.GOJ
Symantec ML.Attribute.HighConfidence
Elastic Multi.Trojan.Sliver
ESET-NOD32 a variant of WinGo/Agent.LO
McAfee Artemis!90023EE5D937
Avast Win64:Malware-gen
ClamAV Win.File.Sliver-9942542-0
Kaspersky HEUR:Trojan.Multi.MalGO.gen
Alibaba Trojan:Win32/Sliver.b7c2a57f
MicroWorld-eScan DeepScan:Generic.Sliver.Marte.G.038AFE00
Emsisoft DeepScan:Generic.Sliver.Marte.G.038AFE00 (B)
F-Secure Hack-Tool:W32/SBeacon.A
Zillya Trojan.Agent.Win32.3888646
TrendMicro Backdoor.Win64.SILVER.SMYXCFWAZ
FireEye DeepScan:Generic.Sliver.Marte.G.038AFE00
Sophos ATK/Sliver-B
Ikarus Trojan.WinGo.Shellcoderunner
Google Detected
Avira HEUR/AGEN.1366847
MAX malware (ai score=88)
Antiy-AVL Trojan/Multi.MalGO
Kingsoft Win32.Troj.Unknown.a
Microsoft VirTool:Win32/Sliver.D!MTB
ZoneAlarm HEUR:Trojan.Multi.MalGO.gen
GData DeepScan:Generic.Sliver.Marte.G.038AFE00
DeepInstinct MALICIOUS
Malwarebytes Trojan.Sliver
Tencent Win32.Trojan.Malgo.Lflw
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Agent.LO!tr
AVG Win64:Malware-gen
Paloalto generic.ml