popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rev.exe

Metasploit Generic Malware PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 30, 2024, 9:43 a.m. May 30, 2024, 9:45 a.m.
Size 7.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 b3e1688a68a66cf3844242de091a1dde
SHA256 083a504054bf5034a40c863a4d1dd489a89fa50cc944f8c71994ec3292e95248
CRC32 AEE7327C
ssdeep 24:eFGStrJ9u0/6hQnZdkBQAVn1Y+BXKLqdeNDMSCvOXpmB:is0wEkBQAq+BX9SD9C2kB
Yara
  • IsPE64 - (no description)
  • Windows_Trojan_Metasploit_91bc5d7d - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
94.139.242.7 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .wuch
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x76cba404
rev+0x41fe @ 0x1400041fe
0x7fffffde250
0x12f708
0x12f740
rev+0x41fe @ 0x1400041fe
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58

exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65
exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404
exception.instruction: push rsp
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 697348
exception.address: 0x76cba404
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 5368726014
registers.rbx: 0
registers.rsp: 1244152
registers.r11: 514
registers.r8: 1242888
registers.r9: 1242944
registers.rdx: 8796092883536
registers.r12: 1244576
registers.rbp: 5368725514
registers.rdi: 88
registers.rax: 1993057284
registers.r13: 1244584
1 0 0
host 94.139.242.7
dead_host 94.139.242.7:5454
dead_host 192.168.56.101:49161