Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 16, 2024, 9:55 a.m.	June 16, 2024, 10:33 a.m.

Size	130.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`8018029cb32fd2517865b0145dea21e7`
SHA256	`c519b7508e750fefd49510b9ec8eb44cec5822f3704e1de5c252a8da3c5f079e`
CRC32	`C1F327DA`
ssdeep	`3072:lO55k/y5dAj+BMTYlgEQnB+Y+pek7+3OrFZeUqe6oM:lO5n5d56TYZQnB+Dpekyyqm`
Yara	Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware

output_64.exe "C:\Users\test22\AppData\Local\Temp\output_64.exe"
1792

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
43.154.138.240	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Communicates with host for which no DNS query was performed (1 event)

host

43.154.138.240

File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.SpywareX.m!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.NetLoader.ch
ALYac	Trojan.GenericKDZ.106140
Cylance	Unsafe
VIPRE	Trojan.GenericKDZ.106140
Sangfor	Trojan.Win32.Winos.swkaa
K7AntiVirus	Spyware ( 005a7e271 )
BitDefender	Trojan.GenericKDZ.106140
K7GW	Spyware ( 005a7e271 )
Cybereason	malicious.cb32fd
Arcabit	Trojan.Generic.D19E9C
VirIT	Trojan.Win64.Agent.CHMY
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Spy.Agent.GF
APEX	Malicious
McAfee	Artemis!8018029CB32F
Avast	Win32:Agent-BDWA [Drp]
ClamAV	Win.Malware.Spywarex-10022879-0
Kaspersky	HEUR:Backdoor.Win32.Agent.gen
Alibaba	TrojanSpy:Win64/SpywareX.6c4c716c
NANO-Antivirus	Trojan.Win64.Inject5.klvpvh
MicroWorld-eScan	Trojan.GenericKDZ.106140
Rising	Backdoor.PoisonMouse!1.EEEE (CLASSIC)
Emsisoft	Trojan.GenericKDZ.106140 (B)
F-Secure	Trojan.TR/Spy.Agent.euxsk
DrWeb	Trojan.Inject5.1341
Zillya	Backdoor.Agent.Win32.92417
TrendMicro	TROJ_GEN.R002C0XDP24
McAfeeD	ti!C519B7508E75
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.8018029cb32fd251
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Spy
Jiangmin	Backdoor.Agent.mse
Google	Detected
Avira	TR/Spy.Agent.euxsk
MAX	malware (ai score=80)
Antiy-AVL	Trojan[Spy]/Win64.Agent
Gridinsoft	Trojan.Win64.Agent.oa!s1
Microsoft	Backdoor:Win32/Multiverze
ViRobot	Trojan.Win.Z.Agent.133632.FD
ZoneAlarm	HEUR:Backdoor.Win32.Agent.gen
GData	Trojan.GenericKDZ.106140
Varist	W64/S-fef82044!Eldorado
AhnLab-V3	Trojan/Win.Generic.R639846
TACHYON	Backdoor/W64.Agent.133632
DeepInstinct	MALICIOUS

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (50 out of 53 events)

dead_host	192.168.56.103:49193
dead_host	192.168.56.103:49181
dead_host	192.168.56.103:49190
dead_host	192.168.56.103:49212
dead_host	192.168.56.103:49162
dead_host	192.168.56.103:49205
dead_host	192.168.56.103:49177
dead_host	192.168.56.103:49186
dead_host	192.168.56.103:49208
dead_host	192.168.56.103:49174
dead_host	43.154.138.240:8888
dead_host	192.168.56.103:49201
dead_host	192.168.56.103:49198
dead_host	192.168.56.103:49170
dead_host	192.168.56.103:49191
dead_host	192.168.56.103:49213
dead_host	192.168.56.103:49163
dead_host	192.168.56.103:49194
dead_host	192.168.56.103:49182
dead_host	192.168.56.103:49187
dead_host	192.168.56.103:49209
dead_host	192.168.56.103:49175
dead_host	192.168.56.103:49206
dead_host	192.168.56.103:49164
dead_host	192.168.56.103:49178
dead_host	192.168.56.103:49199
dead_host	192.168.56.103:49171
dead_host	192.168.56.103:49188
dead_host	43.154.138.240:6666
dead_host	192.168.56.103:49202
dead_host	192.168.56.103:49195
dead_host	192.168.56.103:49183
dead_host	192.168.56.103:49184
dead_host	192.168.56.103:49172
dead_host	192.168.56.103:49207
dead_host	192.168.56.103:49165
dead_host	192.168.56.103:49179
dead_host	192.168.56.103:49196
dead_host	192.168.56.103:49210
dead_host	192.168.56.103:49168
dead_host	192.168.56.103:49189
dead_host	192.168.56.103:49203
dead_host	192.168.56.103:49192
dead_host	192.168.56.103:49180
dead_host	192.168.56.103:49185
dead_host	192.168.56.103:49173
dead_host	192.168.56.103:49204
dead_host	192.168.56.103:49176
dead_host	192.168.56.103:49197
dead_host	192.168.56.103:49211

output_64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All