popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rev5757.exe

Metasploit Generic Malware PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 30, 2024, 9:41 a.m. May 30, 2024, 9:58 a.m.
Size 7.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 da7b09c790012d9eb2bcddf7ea88a2cd
SHA256 a46a489e9dd78df0b7aaa1c5af25a178bea9ff38a91ceaca71fc6ad6411640e2
CRC32 A2397ABD
ssdeep 24:eFGStrJ9u0/6OInZdkBQAV9c+mq9KZqUGeNDMSCvOXpmB:is0fckBQp+B96GSD9C2kB
Yara
  • IsPE64 - (no description)
  • Windows_Trojan_Metasploit_91bc5d7d - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
94.139.242.7 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .kbzh
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x76cba404
rev5757+0x41fe @ 0x1400041fe
0x7fffffdf250
0x12f708
0x12f740
rev5757+0x41fe @ 0x1400041fe
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58

exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65
exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404
exception.instruction: push rsp
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 697348
exception.address: 0x76cba404
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 5368726014
registers.rbx: 0
registers.rsp: 1244152
registers.r11: 514
registers.r8: 1242888
registers.r9: 1242944
registers.rdx: 8796092887632
registers.r12: 1244576
registers.rbp: 5368725514
registers.rdi: 88
registers.rax: 1993057284
registers.r13: 1244584
1 0 0
host 94.139.242.7
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Metasploit.4!c
Elastic Windows.Trojan.Metasploit
Cynet Malicious (score: 100)
CAT-QuickHeal HackTool.Metasploit.S9212471
Skyhigh BehavesLike.Win64.Infected.zz
ALYac Trojan.Metasploit.A
Cylance unsafe
VIPRE Trojan.Metasploit.A
Sangfor HackTool.Win32.Reverse64_Bin_v2_5_through_v4_x.uwccg
K7AntiVirus Trojan ( 004fae881 )
BitDefender Trojan.Metasploit.A
K7GW Trojan ( 004fae881 )
Cybereason malicious.790012
Arcabit Trojan.Metasploit.A
VirIT Trojan.Win32.Generic.BZPS
Symantec Meterpreter
ESET-NOD32 a variant of Win64/Rozena.M
APEX Malicious
McAfee Trojan-FJIN!DA7B09C79001
Avast Win32:MsfShell-V [Hack]
ClamAV Win.Malware.Metasploit-10022275-0
Kaspersky HEUR:Trojan.Win64.Packed.gen
NANO-Antivirus Trojan.Win64.Shell.kntqen
SUPERAntiSpyware Trojan.Agent/Gen-MalPack
MicroWorld-eScan Trojan.Metasploit.A
Rising Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft Trojan.Metasploit.A (B)
F-Secure Trojan.TR/Crypt.XPACK.Gen7
DrWeb BackDoor.Shell.244
TrendMicro TROJ64_SWRORT.SM1
McAfeeD Real Protect-LS!DA7B09C79001
Trapmine malicious.high.ml.score
FireEye Generic.mg.da7b09c790012d9e
Sophos ATK/Meter-A
Ikarus Trojan.Win64.Meterpreter
Jiangmin Trojan.Generic.auyjj
Google Detected
Avira TR/Crypt.XPACK.Gen7
MAX malware (ai score=85)
Antiy-AVL GrayWare/Win32.Rozena.j
Kingsoft malware.kb.b.977
Gridinsoft Trojan.Win64.Gen.tr
Microsoft Trojan:Win64/Metasploit!pz
ViRobot Trojan.Win.Z.Metasploit.7168.ERP
ZoneAlarm HEUR:Trojan.Win64.Packed.gen
GData Trojan.Metasploit.A
Varist W64/S-c4a4ef26!Eldorado
AhnLab-V3 Trojan/Win32.RL_Generic.R357794
Acronis suspicious
dead_host 94.139.242.7:5757
dead_host 192.168.56.101:49161