popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

s.exe

Browser Login Data Stealer Generic Malware Malicious Library UPX Malicious Packer PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 17, 2024, 10:21 a.m. June 17, 2024, 10:26 a.m.
Size 6.6MB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 b7b18619464ce06f97278c1cf029a5cb
SHA256 f511b148321d0f3bcbf624f59b103da5f868e92e67a068c3f86c0b584b5fc620
CRC32 922705FE
ssdeep 98304:lYwVveHq4nm9EzN0UeJPRJzqZYfNoMWcc+5Pw:lb3HmQRsCNoLccYP
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Malicious_Library_Zero - Malicious_Library
  • infoStealer_browser_b_Zero - browser info stealer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
94.156.67.86 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 94.156.67.86:9090 -> 192.168.56.101:49163 2400014 ET DROP Spamhaus DROP Listed Traffic Inbound group 15 Misc Attack

Suricata TLS

No Suricata TLS

file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
APEX Malicious
Rising Trojan.Generic@AI.100 (RDMK:cmRtazqtep0CiVlvSF/2/ULG/kCh)
McAfeeD ti!F511B148321D
FireEye Generic.mg.b7b18619464ce06f
SentinelOne Static AI - Suspicious PE
CrowdStrike win/malicious_confidence_90% (W)
host 94.156.67.86
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0060fb69
function_name: wine_get_version
module: ntdll
module_address: 0x76f10000
3221225785 0