popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

HSTS.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 3, 2024, 7:39 a.m. May 3, 2024, 7:57 a.m.
Size 14.8MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 f970eb941bf3666823b761cea657061c
SHA256 22dacef022f62c901300e147bb9668998bd18aeac3673916b6a4270c03e82839
CRC32 F4F47EC6
ssdeep 98304:735VqWVnuufsZcXVbcD9QCfGiqI00LmAkFgjQEXu8q8Tv:z5VqOnqZcXVb61PW0LrkFgjpdqS
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
ns1.mtls.ink
A 167.71.205.181
167.71.205.181
IP Address Status Action
164.124.101.2 Active Moloch
167.71.205.181 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.101:49162
167.71.205.181:443 		None None None
TLS 1.3
192.168.56.101:49166
167.71.205.181:443 		None None None
TLS 1.3
192.168.56.101:49164
167.71.205.181:443 		None None None

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section .symtab
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 16
family: 0
1 0 0
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Sliver.4!c
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Multi
Skyhigh BehavesLike.Win64.Sliver.vh
ALYac DeepScan:Generic.Sliver.Marte.G.05D91351
Cylance unsafe
VIPRE DeepScan:Generic.Sliver.Marte.G.05D91351
Sangfor HackTool.Win32.Sliver_Implant_64bit.uwccg
BitDefender DeepScan:Generic.Sliver.Marte.G.05D91351
K7GW Trojan ( 0059f2e01 )
K7AntiVirus Trojan ( 0059f2e01 )
Arcabit DeepScan:Generic.Sliver.Marte.G.05D91351
Symantec ML.Attribute.HighConfidence
Elastic Multi.Trojan.Sliver
ESET-NOD32 a variant of WinGo/Agent.LO
APEX Malicious
McAfee Artemis!F970EB941BF3
Avast FileRepMalware [Trj]
ClamAV Win.File.Sliver-9942542-0
Kaspersky HEUR:Trojan.Multi.MalGO.gen
Alibaba Trojan:Win32/Sliver.accabc92
MicroWorld-eScan DeepScan:Generic.Sliver.Marte.G.05D91351
Emsisoft DeepScan:Generic.Sliver.Marte.G.05D91351 (B)
F-Secure Hack-Tool:W32/SBeacon.A
TrendMicro Backdoor.Win64.SILVER.SMYXCFWAZ
FireEye DeepScan:Generic.Sliver.Marte.G.05D91351
Sophos ATK/Sliver-B
Ikarus Trojan.WinGo.Shellcoderunner
Google Detected
Avira HEUR/AGEN.1366847
MAX malware (ai score=85)
Antiy-AVL Trojan/Multi.MalGO
Gridinsoft Trojan.Win64.Agent.sa
Microsoft VirTool:Win32/Sliver.D!MTB
ZoneAlarm HEUR:Trojan.Multi.MalGO.gen
GData DeepScan:Generic.Sliver.Marte.G.05D91351
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.890899407
Tencent Win32.Trojan.Malgo.Etgl
SentinelOne Static AI - Malicious PE
Fortinet W32/Agent.LO!tr
AVG FileRepMalware [Trj]
Paloalto generic.ml
alibabacloud Trojan:Multi/Sliver.D9OKG