popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

monster.exe

Gen1 Generic Malware Malicious Library Antivirus UPX Malicious Packer Anti_VM ftp PE File PE64 OS Processor Check wget DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 17, 2024, 1:25 p.m. June 17, 2024, 1:28 p.m.
Size 10.7MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 3f4f5c57433724a32b7498b6a2c91bf0
SHA256 0608a7559f895fab33ae65bbfbdc5bebd21eea984f76e1b5571c80906824d665
CRC32 6FD3EE0F
ssdeep 196608:mRu4YAJSAfoaqA6U+L5LsSmyYbH6t08RMQcCqcGUIRBw0xvH77Y:2u4YAJSAfoaZ0sSmpH6W8R/RVIc2vH7
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1452
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000046e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\onefile_2680_133630983057343750\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2680_133630983057343750\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2680_133630983057343750\python3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2680_133630983057343750\python310.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2680_133630983057343750\stub.exe
file C:\Users\test22\AppData\Local\Temp\onefile_2680_133630983057343750\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2680_133630983057343750\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2680_133630983057343750\vcruntime140.dll
section {u'size_of_data': u'0x00a9e600', u'virtual_address': u'0x00038000', u'entropy': 7.999135040854206, u'name': u'.rsrc', u'virtual_size': u'0x00a9e528'} entropy 7.99913504085 description A section with a high entropy has been found
entropy 0.988185577316 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\onefile_2680_133630983057343750\stub.exe
Bkav W64.AIDetectMalware
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.vc
Sangfor Suspicious.Win32.Save.a
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Python/PSW.Agent.BFN
Avast FileRepMalware [Misc]
Zillya Trojan.Alien.Win64.392
Ikarus Trojan.Python.Psw
Jiangmin Trojan.PSW.Stealer.dnf
Google Detected
Antiy-AVL Trojan/Win64.Agent
Microsoft Trojan:Win32/Wacatac.H!ml
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.119551306
Tencent Malware.Win32.Gencirc.10c00037
SentinelOne Static AI - Malicious PE
AVG FileRepMalware [Misc]
CrowdStrike win/malicious_confidence_100% (D)