popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ok.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 3, 2024, 6:35 p.m. July 3, 2024, 6:40 p.m.
Size 15.3MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 2a5bdb0a785762ab4982d360bd4c37e5
SHA256 ee49efe382aed3b7137265e3cb8ad53e30d38765b686a7f235ade461f726a162
CRC32 6D10A967
ssdeep 98304:em53m3zrVW4COL2A0m1eSsE9PIWtdFTeE8QcEEUOwi9M9W+EZIPI:7Jm3zr86zF1eSTZDtdFF5c9UxK
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.208.158.176 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.208.158.176:8888 -> 192.168.56.101:49162 2400032 ET DROP Spamhaus DROP Listed Traffic Inbound group 33 Misc Attack

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section .symtab
host 185.208.158.176
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
Bkav W64.AIDetectMalware
Elastic Multi.Trojan.Sliver
Cynet Malicious (score: 99)
Skyhigh BehavesLike.Win64.Trojan.wh
Cylance Unsafe
VIPRE Dump:Generic.Sliver.Marte.E.C9AD4C6C
Sangfor HackTool.Win32.Sliver_Implant_64bit.uwccg
BitDefender Dump:Generic.Sliver.Marte.E.C9AD4C6C
Cybereason malicious.a78576
Arcabit Dump:Generic.Sliver.Marte.E.C9AD4C6C
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/Agent.LO
APEX Malicious
Avast MalwareX-gen [Trj]
ClamAV Win.File.Sliver-9942542-0
Kaspersky HEUR:Trojan.Multi.MalGO.gen
MicroWorld-eScan Dump:Generic.Sliver.Marte.E.C9AD4C6C
Rising Backdoor.Sliver!1.FCA0 (CLASSIC)
Emsisoft Dump:Generic.Sliver.Marte.E.C9AD4C6C (B)
F-Secure Hack-Tool:W32/SBeacon.A
TrendMicro Backdoor.Win64.SILVER.SMYXCFWAZ
McAfeeD ti!EE49EFE382AE
FireEye Dump:Generic.Sliver.Marte.E.C9AD4C6C
Sophos ATK/Sliver-B
Ikarus Trojan.WinGo.Shellcoderunner
Google Detected
Avira HEUR/AGEN.1366847
MAX malware (ai score=80)
Microsoft Trojan:Win32/SuspGolang.GK
ZoneAlarm HEUR:Trojan.Multi.MalGO.gen
GData Dump:Generic.Sliver.Marte.E.C9AD4C6C
AhnLab-V3 Trojan/Win.Sliver.R598949
DeepInstinct MALICIOUS
Tencent Win32.Trojan.Malgo.Fwnw
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
AVG MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (D)
dead_host 185.208.158.176:8888
dead_host 192.168.56.101:49162
dead_host 192.168.56.101:49165