Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 17, 2024, 9:36 a.m.	May 17, 2024, 9:42 a.m.

Size	60.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`1965ab1b3664aac84acb1b6e262b1b7f`
SHA256	`bf22960c019b1f3a7ce431948efacd23b68f32dd5d65d3aa9d6727bdccfda80d`
CRC32	`53CB0C82`
ssdeep	`1536:8LJg1OAEuxWhXTmNquG9L0RT/ADGRMluv:8LJlAEuxAWqu3ZMluv`
PDB Path	c:\netcat\Release\netcat.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature NMap - NMAP IsPE32 - (no description)

nc.exe "C:\Users\test22\AppData\Local\Temp\nc.exe"
2040

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleA May 17, 2024, 9:36 a.m.	buffer: Cmd line: console_handle: 0x0000000b	1	1	0

This executable has a PDB path (1 event)

pdb_path

c:\netcat\Release\netcat.pdb

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Bkav	W32.AIDetectMalware
Lionic	Riskware.Win32.NetCat.1!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.GenericPMF.S519521
Skyhigh	Tool-NetCat.g
ALYac	Application.RemoteAdmin.RGU
Cylance	unsafe
VIPRE	Application.RemoteAdmin.RGU
Sangfor	Hacktool.Win32.Remoteadmin.V3hj
K7AntiVirus	Unwanted-Program ( 0049ebb41 )
BitDefender	Application.RemoteAdmin.RGU
K7GW	Unwanted-Program ( 0049ebb41 )
VirIT	RemoteAdmin.Win32.Netcat.A
Symantec	NetCat
Elastic	malicious (high confidence)
ESET-NOD32	Win32/RemoteAdmin.NetCat potentially unsafe
McAfee	Tool-NetCat.g
Avast	FileRepMalware [Trj]
Kaspersky	not-a-virus:RemoteAdmin.Win32.NetCat.a
NANO-Antivirus	Riskware.Win32.NetCat.eimnse
SUPERAntiSpyware	PUP.NetCat/Variant
MicroWorld-eScan	Application.RemoteAdmin.RGU
Rising	HackTool.NetCat!1.BBDD (CLASSIC)
Emsisoft	Application.RemoteAdmin.RGU (B)
F-Secure	Riskware:W32/NetCat.C
Zillya	Trojan.RemoteAdmin.Win32.8
TrendMicro	HackTool.Win32.Netcat.SM
FireEye	Generic.mg.1965ab1b3664aac8
Sophos	NetCat (PUA)
Jiangmin	Trojan/VulnWatch.a
Webroot	W32.Malware.Gen
Google	Detected
Avira	SPR/NetCat.P
MAX	malware (ai score=100)
Antiy-AVL	RiskWare[RemoteAdmin]/Win32.NetCat.a
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Malware.Win32.Gen.sm!s1
Xcitium	ApplicUnsaf.Win32.RemoteAdmin.NetCat.g@1miisx
Arcabit	Application.RemoteAdmin.RGU
ZoneAlarm	not-a-virus:RemoteAdmin.Win32.NetCat.a
GData	Application.RemoteAdmin.RGU
Varist	W32/Agent.THOE-8538
AhnLab-V3	Win-AppCare/NTSniff_v111.61440
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Panda	Hacktool/NetCat.B
Zoner	Trojan.Win32.38913
Tencent	Malware.Win32.Gencirc.13c13687
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.1934784.susgen

nc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All