popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

4441.exe

Metasploit Meterpreter Generic Malware PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 30, 2024, 9:43 a.m. May 30, 2024, 10:03 a.m.
Size 7.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 50a2e65a4d576d9aeb3b0b396ae3e898
SHA256 92eca604943589607c90984e0f566e4435c5544c8a16f452474d40b60642992e
CRC32 BD2E3E9C
ssdeep 24:eFGStrJ9u0/6f6nZdkBQAVv1YaKLqQeNDMSCvOXpmB:is0SykBQYqawSD9C2kB
Yara
  • IsPE64 - (no description)
  • Windows_Trojan_Metasploit_91bc5d7d - (no description)
  • PE_Header_Zero - PE File Signature
  • MALWARE_Win_MeterpreterStager - Detects Meterpreter stager payload
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
212.116.121.19 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .jtlu
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x76cba404
4441+0x41fe @ 0x1400041fe
0x7fffffdf250
0x12f708
0x12f740
4441+0x41fe @ 0x1400041fe
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58

exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65
exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404
exception.instruction: push rsp
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 697348
exception.address: 0x76cba404
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 5368726014
registers.rbx: 0
registers.rsp: 1244152
registers.r11: 514
registers.r8: 1242888
registers.r9: 1242944
registers.rdx: 8796092887632
registers.r12: 1244576
registers.rbp: 5368725514
registers.rdi: 88
registers.rax: 1993057284
registers.r13: 1244584
1 0 0
host 212.116.121.19
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Metasploit.4!c
ClamAV Win.Malware.Metasploit-10022275-0
Cylance unsafe
CrowdStrike win/malicious_confidence_100% (W)
K7AntiVirus Trojan ( 004fae881 )
VirIT Trojan.Win32.Generic.BZPS
Symantec Meterpreter
ESET-NOD32 a variant of Win64/Rozena.M
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
NANO-Antivirus Trojan.Win64.Shell.kntpkb
SUPERAntiSpyware Trojan.Agent/Gen-MalPack
MicroWorld-eScan Trojan.Metasploit.A
F-Secure Trojan.TR/Crypt.XPACK.Gen7
VIPRE Trojan.Metasploit.A
TrendMicro TROJ64_SWRORT.SM1
McAfeeD Real Protect-LS!50A2E65A4D57
Trapmine malicious.high.ml.score
Sophos ATK/Meter-A
Ikarus Trojan.Win64.Meterpreter
Avira TR/Crypt.XPACK.Gen7
Antiy-AVL GrayWare/Win32.Rozena.j
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Trojan.Win64.Gen.tr
ViRobot Trojan.Win.Z.Rozena.7168.MLK
Google Detected
AhnLab-V3 Trojan/Win64.Shelma.R274246
Acronis suspicious
Malwarebytes Trojan.MalPack
Zoner Probably Heur.ExeHeaderL
TrendMicro-HouseCall TROJ64_SWRORT.SM1
Tencent Hacktool.Win64.Rozena.a
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W64/Rozena.J!tr
Cybereason malicious.a4d576
DeepInstinct MALICIOUS
alibabacloud Backdoor:Win/shellcode.api(dyn)
dead_host 192.168.56.101:49161
dead_host 212.116.121.19:4441