Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.23 03:09
66eef0ca0fb35_lfdsa.exe
09.23 02:09
easyfirewall.exe
09.23 02:09
Name.exe
09.23 11:09
wcxoplwq.exe
09.23 11:09
66f00f515201d_otr.exe#...
09.23 11:09
Journal.exe
09.23 11:09
PI No.1070034483.exe
09.23 11:09
66f011901da27_crypted....
09.23 11:09
66f063cce5470_crypted....
09.23 11:09
notebyx.exe

Latest News
09.23 05:09
라온메타, ‘메타버스 드론 조종 실습 콘...
09.23 05:09
Resilienz für Stärke i...
09.23 05:09
FBI schaltet riesiges ...
09.23 05:09
2026년도 개인정보 보호‧활용 기술 R...
09.23 05:09
2026년도 개인정보 기술 표준화 추진을...
09.23 05:09
체이널리시스, ‘2024 글로벌 가상자산...
09.23 05:09
StratoSoar Glider Flie...
09.23 05:09
Thai Virtual Bank Race...
09.23 05:09
Partnerangebot: M&...
09.23 05:09
Jobangebot per Whatsap...

Summary | ZeroBOX

rev5656.exe

Metasploit Generic Malware PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 30, 2024, 9:42 a.m.	May 30, 2024, 9:52 a.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`6a9cbc059911a2dc01fbdb901a0107e8`
SHA256	`0671478053332972b07e9896e459ecc4d4d8c6a32457f135dd7e843aae2abb73`
CRC32	`0A72E5A0`
ssdeep	`24:eFGStrJ9u0/6hnnZdkBQAV23WOx+JKZqoeNDMSCvOXpmB:is0wDkBQrx+JaSD9C2kB`
Yara	IsPE64 - (no description) Windows_Trojan_Metasploit_91bc5d7d - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware

rev5656.exe "C:\Users\test22\AppData\Local\Temp\rev5656.exe"
1156

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
94.139.242.7	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.lils

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ May 30, 2024, 9:42 a.m.	stacktrace: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x7706a404 rev5656+0x41fe @ 0x1400041fe 0x7fffffdf250 0x12f708 0x12f740 rev5656+0x41fe @ 0x1400041fe 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65 exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 exception.instruction: push rsp exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 697348 exception.address: 0x7706a404 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 5368726014 registers.rbx: 0 registers.rsp: 1244152 registers.r11: 514 registers.r8: 1242888 registers.r9: 1242944 registers.rdx: 8796092887632 registers.r12: 1244576 registers.rbp: 5368725514 registers.rdi: 88 registers.rax: 1996923908 registers.r13: 1244584	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host

94.139.242.7

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Metasploit.4!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Metasploit.S9212471
Skyhigh	BehavesLike.Win64.Infected.zz
ALYac	Trojan.Metasploit.A
Cylance	unsafe
VIPRE	Trojan.Metasploit.A
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 004fae881 )
BitDefender	Trojan.Metasploit.A
K7GW	Trojan ( 004fae881 )
Cybereason	malicious.59911a
Arcabit	Trojan.Metasploit.A
VirIT	Trojan.Win32.Generic.BZPS
Symantec	Meterpreter
Elastic	Windows.Trojan.Metasploit
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
McAfee	Trojan-FJIN!6A9CBC059911
Avast	Win32:MsfShell-V [Hack]
ClamAV	Win.Malware.Metasploit-10022275-0
Kaspersky	HEUR:Trojan.Win64.Packed.gen
NANO-Antivirus	Trojan.Win64.Shell.kntsgd
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
MicroWorld-eScan	Trojan.Metasploit.A
Rising	Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft	Trojan.Metasploit.A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
DrWeb	BackDoor.Shell.244
TrendMicro	TROJ64_SWRORT.SM1
McAfeeD	Real Protect-LS!6A9CBC059911
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.6a9cbc059911a2dc
Sophos	ATK/Meter-A
Ikarus	Trojan.Win64.Meterpreter
Jiangmin	Trojan.Generic.auyjj
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Trojan.Win64.Gen.tr
Microsoft	Trojan:Win64/Metasploit!pz
ViRobot	Trojan.Win.Z.Metasploit.7168.ERO
ZoneAlarm	HEUR:Trojan.Win64.Packed.gen
GData	Trojan.Metasploit.A
Varist	W64/S-c4a4ef26!Eldorado
AhnLab-V3	Trojan/Win32.RL_Generic.R358445
Acronis	suspicious
DeepInstinct	MALICIOUS

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 events)

dead_host	192.168.56.103:49161
dead_host	94.139.242.7:5656