popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

OPERATIONAL_MOAT.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 3, 2024, 6:36 p.m. July 3, 2024, 6:42 p.m.
Size 15.1MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 fe630e60d070ead8f5421d4006872435
SHA256 de36571b24c40b3f03ec6dcdd8a6270b117ba3fd938f5df504417970049d867a
CRC32 4A1EF392
ssdeep 98304:a3JwoEktISlgYhMmxmur2oNxtLUNem6TBraPCwLQ0EV3E4NLIq:aqaNxmur2oztLUNeDZmCwLkHLIq
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
185.208.158.176 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.208.158.176:8888 -> 192.168.56.101:49161 2400032 ET DROP Spamhaus DROP Listed Traffic Inbound group 33 Misc Attack

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section .symtab
host 185.208.158.176
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Sliver.4!c
Elastic Multi.Trojan.Sliver
Cynet Malicious (score: 99)
Skyhigh BehavesLike.Win64.Trojan.wh
McAfee Artemis!FE630E60D070
Cylance Unsafe
VIPRE Generic.Sliver.Marte.B.4CC4DE34
Sangfor HackTool.Win32.Sliver_Implant_64bit.uwccg
BitDefender Generic.Sliver.Marte.B.4CC4DE34
Cybereason malicious.0d070e
Arcabit Generic.Sliver.Marte.B.4CC4DE34
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/Agent.LO
APEX Malicious
Avast MalwareX-gen [Trj]
ClamAV Win.File.Sliver-9942542-0
Kaspersky HEUR:Trojan.Multi.MalGO.gen
Alibaba Trojan:Win32/SuspGolang.69d51cfb
MicroWorld-eScan Generic.Sliver.Marte.B.4CC4DE34
Rising Backdoor.Sliver!1.FCA0 (CLASSIC)
Emsisoft Generic.Sliver.Marte.B.4CC4DE34 (B)
F-Secure Hack-Tool:W32/SBeacon.A
TrendMicro Backdoor.Win64.SILVER.SMYXCFWAZ
McAfeeD ti!DE36571B24C4
FireEye Generic.Sliver.Marte.B.4CC4DE34
Sophos ATK/Sliver-B
Ikarus Trojan.WinGo.Shellcoderunner
Google Detected
Avira HEUR/AGEN.1366847
MAX malware (ai score=88)
Gridinsoft Trojan.Win64.Agent.sa
Microsoft Trojan:Win32/SuspGolang.GK
ZoneAlarm HEUR:Trojan.Multi.MalGO.gen
GData Generic.Sliver.Marte.B.4CC4DE34
Varist W64/ABTrojan.NRPK-5498
DeepInstinct MALICIOUS
Tencent Win32.Trojan.Malgo.Jmnw
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Agent.LO!tr
AVG MalwareX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (D)
alibabacloud Trojan:Multi/SuspGolang.MU
dead_host 185.208.158.176:8888
dead_host 192.168.56.101:49164
dead_host 192.168.56.101:49161