popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

sign_now.vbs

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 11, 2024, 2:40 p.m. June 11, 2024, 2:42 p.m.
Size 6.7KB
Type ASCII text, with very long lines
MD5 539544ea65b5ecdb757d49fd92cc335d
SHA256 6b3f2e0c7ca1bdc6fb56035ec57ea39ef1f8b626bc5d99866fe00ba119357c8d
CRC32 EA466BBC
ssdeep 192:RYwRbYUTH0wDzAPXGTmAhY3tfHama0hY3rfTLbR26b:pbYUTH0vuKeS16maCSLTLbLb
Yara None matched

Name Response Post-Analysis Lookup
www.python.org
CNAME dualstack.python.map.fastly.net
A 146.75.48.223
151.101.108.223
IP Address Status Action
146.75.48.223 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49161 -> 146.75.48.223:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WSASend

 buffer: qmfgãKRûu½õ3$ñyḥlZÛkRœ¸ M RD‚Œ/5 ÀÀÀ À 28,ÿwww.python.org  
socket: 564
0 0

WSASend

 buffer: 51fgãL"ߐcËu£Õ;!€Ó²n+v™ 'h´ìÁ›:Ž¹  ÿ
socket: 564
0 0
Skyhigh BehavesLike.VBS.Dropper.xp
Symantec ISB.Downloader!gen60
TrendMicro-HouseCall Mal_VBSCRDLX
Avast Script:SNH-gen [Trj]
NANO-Antivirus Trojan.Script.Vbs-heuristic.druvzi
TrendMicro Mal_VBSCRDLX
Kingsoft Script.Ks.Malware.12156
Microsoft Trojan:Script/Sabsik.FL.A!ml
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
Yandex HTML.Psyme.Gen
AVG Script:SNH-gen [Trj]
Time & API Arguments Status Return Repeated

WSASend

 buffer: qmfgãKRûu½õ3$ñyḥlZÛkRœ¸ M RD‚Œ/5 ÀÀÀ À 28,ÿwww.python.org  
socket: 564
0 0

WSASend

 buffer: 51fgãL"ߐcËu£Õ;!€Ó²n+v™ 'h´ìÁ›:Ž¹  ÿ
socket: 564
0 0