popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

mtls.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 3, 2024, 7:39 a.m. May 3, 2024, 7:52 a.m.
Size 15.2MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 3b65343bff4c7397ed19ef22efaae899
SHA256 9ff7ad76b41e17a34223b0c5e7081a7a93ecb7124dab07050bd24fcc8d0a4a7e
CRC32 C146BDE3
ssdeep 98304:0C0n6j9BjOWR+UKyA0uGJj0BmuUwmyCal5bXSDHELZZmBtv45xyDtoG:0Ch/NR+UKyA0uymmuUwLPl5bXSDkLW
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
ns1.mtls.ink
A 167.71.205.181
167.71.205.181
IP Address Status Action
164.124.101.2 Active Moloch
167.71.205.181 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.101:49161
167.71.205.181:5443 		None None None
TLS 1.3
192.168.56.101:49165
167.71.205.181:5443 		None None None
TLS 1.3
192.168.56.101:49163
167.71.205.181:5443 		None None None

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section .symtab
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 16
family: 0
1 0 0
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Sliver.4!c
Cynet Malicious (score: 99)
Skyhigh BehavesLike.Win64.Sliver.wh
ALYac DeepScan:Generic.Sliver.Marte.E.F5BD385E
VIPRE DeepScan:Generic.Sliver.Marte.E.F5BD385E
Sangfor HackTool.Win32.Sliver_Implant_64bit.uwccg
BitDefender DeepScan:Generic.Sliver.Marte.E.F5BD385E
Arcabit DeepScan:Generic.Sliver.Marte.E.F5BD385E
VirIT Trojan.Win64.Genus.GOJ
Symantec ML.Attribute.HighConfidence
Elastic Multi.Trojan.Sliver
ESET-NOD32 a variant of WinGo/Agent.LO
APEX Malicious
McAfee Artemis!3B65343BFF4C
ClamAV Win.File.Sliver-9942542-0
Kaspersky HEUR:Trojan.Multi.MalGO.gen
MicroWorld-eScan DeepScan:Generic.Sliver.Marte.E.F5BD385E
Emsisoft DeepScan:Generic.Sliver.Marte.E.F5BD385E (B)
F-Secure Hack-Tool:W32/SBeacon.A
TrendMicro Backdoor.Win64.SILVER.SMYXCFWAZ
FireEye DeepScan:Generic.Sliver.Marte.E.F5BD385E
Sophos ATK/Sliver-B
Ikarus Trojan.WinGo.Shellcoderunner
Google Detected
Avira HEUR/AGEN.1366847
MAX malware (ai score=89)
Antiy-AVL Trojan/Multi.MalGO
Microsoft VirTool:Win32/Sliver.D!MTB
ZoneAlarm HEUR:Trojan.Multi.MalGO.gen
GData DeepScan:Generic.Sliver.Marte.E.F5BD385E
AhnLab-V3 Trojan/Win.Sliver.R598949
DeepInstinct MALICIOUS
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
alibabacloud Trojan:Multi/Sliver.D9OKG