popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

services64.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 16, 2024, 10 a.m. June 16, 2024, 10:19 a.m.
Size 16.9MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 c8a50a6f1f73df72de866f6131346e69
SHA256 59e6a5009ce5e9547078db7f964bb8fc10ee999dd35b7e9243f119db8337aa8d
CRC32 F4CD36F4
ssdeep 393216:VqXwsD/P9ME9hCb4B6+SY34VAw+56VbaK5P5jH7s:VqX/DDb24xt4VF46V+Kp5T7
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
120.79.191.234 Active Moloch
121.254.136.9 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .00cfg
section .|Q+
section .=S+
section .g<7
section {u'size_of_data': u'0x010dfa00', u'virtual_address': u'0x00cb3000', u'entropy': 7.908719660525855, u'name': u'.g<7', u'virtual_size': u'0x010df868'} entropy 7.90871966053 description A section with a high entropy has been found
entropy 0.999826403958 description Overall entropy of this PE file is high
host 120.79.191.234
host 121.254.136.9
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.VMProtect.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Win64
Skyhigh Artemis
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0059f3491 )
K7GW Trojan ( 0059f3491 )
VirIT Trojan.Win64.Agent.GVC
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Packed.VMProtect.X suspicious
APEX Malicious
McAfee Artemis!C8A50A6F1F73
Avast Win64:Evo-gen [Trj]
Kaspersky Trojan.Win64.Reflo.glt
Alibaba Trojan:Win64/Reflo.22e4f9d2
NANO-Antivirus Trojan.Win64.BtcMine.komauc
Rising Trojan.Miner!8.EA1 (TFE:5:9RmvBkWOb3U)
F-Secure Trojan.TR/Redcap.cegdh
DrWeb Trojan.BtcMine.3776
TrendMicro Trojan.Win64.AMADEY.YXEFEZ
McAfeeD Real Protect-LS!C8A50A6F1F73
Trapmine suspicious.low.ml.score
FireEye Generic.mg.c8a50a6f1f73df72
Sophos Mal/Generic-S
Ikarus PUA.VMProtect
Webroot W32.Trojan.Dropper
Google Detected
Avira TR/Redcap.cegdh
Antiy-AVL Trojan[Packed]/Win64.VMProtect
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Trojan.Heur!.022120A3
Xcitium ApplicUnwnt@#1zd7n0cnecie2
ZoneAlarm Trojan.Win64.Reflo.glt
GData Win32.Backdoor.Rozena.IL7Q03
Varist W64/ABMiner.ZRHZ-5340
AhnLab-V3 Trojan/Win.Agent.C5630101
TACHYON Trojan/W64.Reflo.17697280
DeepInstinct MALICIOUS
VBA32 Trojan.CoinMiner
Malwarebytes Trojan.Packed
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXEFEZ
Tencent Win64.Trojan.Reflo.Zwhl
SentinelOne Static AI - Malicious PE
Fortinet W32/Malicious_Behavior.SBX
AVG Win64:Evo-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)