popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

CNO.txt.exe

Browser Login Data Stealer Generic Malware Malicious Library Downloader UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 4, 2024, 9:36 a.m. July 4, 2024, 9:38 a.m.
Size 483.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 cf6bd97368f587fc689f0cc96702e02e
SHA256 dc232b06c54e3d5c515c2c814e2159dc44e70dd1d30d3797411d888313b4675c
CRC32 4922D03B
ssdeep 6144:aXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNX5Gv:aX7tPMK8ctGe4Dzl4h2QnuPs/ZDOcv
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • infoStealer_browser_b_Zero - browser info stealer
  • Network_Downloader - File Downloader
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
216.9.224.18 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
description CNO.txt.exe tried to sleep 355 seconds, actually delayed analysis time by 355 seconds
host 216.9.224.18
Time & API Arguments Status Return Repeated

SetWindowsHookExA

 thread_identifier: 0
callback_function: 0x0040a2a4
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x00400000
1 1245395 0
dead_host 216.9.224.18:9943
Bkav W32.Common.1B7622A6
Lionic Trojan.Win32.Remcos.m!c
Elastic Windows.Trojan.Remcos
Cynet Malicious (score: 100)
CAT-QuickHeal Backdoor.RemcosIH.S31010159
Skyhigh BehavesLike.Win32.Remcos.gh
ALYac Generic.Remcos.E0AA6B5E
Cylance Unsafe
VIPRE Generic.Remcos.E0AA6B5E
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 00584baa1 )
BitDefender Generic.Remcos.E0AA6B5E
K7GW Riskware ( 00584baa1 )
Cybereason malicious.368f58
Arcabit Generic.Remcos.E0AA6B5E
Baidu Win32.Trojan.Kryptik.awm
VirIT Trojan.Win32.Genus.UED
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/Rescoms.V
APEX Malicious
McAfee Remcos-FDQO!CF6BD97368F5
Avast Win32:RATX-gen [Trj]
ClamAV Win.Trojan.Remcos-9841897-0
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
NANO-Antivirus Trojan.Win32.Remcos.keikbt
SUPERAntiSpyware Trojan.Agent/Gen-Remcos
MicroWorld-eScan Generic.Remcos.E0AA6B5E
Rising Backdoor.Remcos!1.BAC7 (CLASSIC)
Emsisoft Generic.Remcos.E0AA6B5E (B)
F-Secure Backdoor.BDS/Backdoor.Gen
DrWeb Trojan.Siggen22.19832
Zillya Trojan.Rescoms.Win32.1521
McAfeeD Real Protect-LS!CF6BD97368F5
FireEye Generic.mg.cf6bd97368f587fc
Sophos Mal/Remcos-B
Ikarus Backdoor.Remcos
Jiangmin Backdoor.Remcos.dyc
Google Detected
Avira BDS/Backdoor.Gen
MAX malware (ai score=81)
Antiy-AVL Trojan[Backdoor]/Win32.Rescoms.b
Kingsoft malware.kb.a.1000
Gridinsoft Ransom.Win32.Wacatac.oa!s1
Microsoft Backdoor:Win32/Remcos.GA!MTB
ZoneAlarm HEUR:Backdoor.Win32.Remcos.gen
GData Win32.Trojan.PSE.1OHYAG0
Varist W32/Trojan.SMWB-4856
AhnLab-V3 Backdoor/Win.Remcos.R625673
BitDefenderTheta Gen:NN.ZexaF.36806.ECW@aSD!aShi
DeepInstinct MALICIOUS