popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

buildjudit.exe

Gen1 Generic Malware Malicious Library Antivirus UPX Malicious Packer Anti_VM ftp PE File PE64 OS Processor Check wget DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 31, 2024, 10:03 a.m. May 31, 2024, 10:05 a.m.
Size 10.7MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 cc7933b503e061ddde7158e108f19cc3
SHA256 049f48024f31d86c5d8bf56c3da1d7be539c877ad189fb0c5aa9a228601d19eb
CRC32 5F131960
ssdeep 196608:F46gBp3M/NHn3fY58FEjunH6Z0sU+FNuQ4zOZ+1ak3Yzb5:F46ksNH3J6qHwUaMrz5aP/
Yara
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1236
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004d60000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\python3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\python310.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\stub.exe
file C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\vcruntime140.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\libcrypto-1_1.dll
section {u'size_of_data': u'0x00a9ba00', u'virtual_address': u'0x00038000', u'entropy': 7.999133105660037, u'name': u'.rsrc', u'virtual_size': u'0x00a9b8a8'} entropy 7.99913310566 description A section with a high entropy has been found
entropy 0.988218704512 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\onefile_2076_133616029940000000\stub.exe
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Worgtop.d!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.MSIL
Skyhigh BehavesLike.Win64.Andariel.vc
McAfee Artemis!CC7933B503E0
Malwarebytes Malware.AI.2296844395
VIPRE Trojan.Generic.35935180
Sangfor Trojan.Win32.Save.a
BitDefender Trojan.Generic.35935180
Arcabit Trojan.Generic.D22453CC
VirIT Trojan.Win64.Agent.GRZ
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Python/PSW.Agent_AGen.V
APEX Malicious
Avast Win64:DropperX-gen [Drp]
Kaspersky Trojan-GameThief.MSIL.Worgtop.bzc
Alibaba TrojanPSW:Win64/Agent_AGen.086ad943
MicroWorld-eScan Trojan.Generic.35935180
Rising Stealer.Agent!8.C2 (CLOUD)
Emsisoft Trojan.Generic.35935180 (B)
F-Secure Dropper.DR/AVI.Agent.luscv
DrWeb Trojan.PWS.Stealer.38885
Zillya Trojan.Agent.Win64.44015
TrendMicro Trojan.Win64.AMADEY.YXEEXZ
McAfeeD ti!049F48024F31
FireEye Trojan.Generic.35935180
Sophos Mal/Generic-S
Ikarus Trojan.Python.Psw
Jiangmin Trojan.PSW.Stealer.dnf
Webroot W32.Trojan.Gen
Google Detected
Avira DR/AVI.Agent.luscv
MAX malware (ai score=89)
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft Win32.Troj.Generic.v
Gridinsoft Malware.Win64.Gen.tr
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm Trojan-GameThief.MSIL.Worgtop.bzc
GData Trojan.Generic.35935180
Varist W64/ABRisk.MEAS-4500
AhnLab-V3 Trojan/Win.DropperX-gen.C5625918
DeepInstinct MALICIOUS
VBA32 TrojanPSW.FBStealer
Panda Trj/GdSda.A
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXEEXZ
Tencent Msil.Trojan-GameThief.Worgtop.Ozfl
Yandex Trojan.PWS.FBStealer!y76knCQZjNU
SentinelOne Static AI - Malicious PE