popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

fress.vbs

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 4, 2024, 9:42 a.m. July 4, 2024, 9:44 a.m.
Size 25.5KB
Type Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5 eadbe0d07dc98f935224d3ccea5c6b96
SHA256 770ad73ae81183ddcf34dc4b20048c867d26f7796e893b467d050452e1be769d
CRC32 B71E649B
ssdeep 384:4gEKm2eZIaRmYm0zfbEXJFay4c+n2/0LKj1LnNLzhDR:A2QfYZFay4c+n2/0LKj1LnNLzh1
Yara None matched

Name Response Post-Analysis Lookup
paste.ee
A 185.26.104.247
185.26.104.247
IP Address Status Action
164.124.101.2 Active Moloch
185.26.104.247 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

InternetCrackUrlW

 url: https://paste.ee/d/7HCkx
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 12582912
http_method: GET
referer:
path: /d/7HCkx
1 13369356 0
Skyhigh BehavesLike.VBS.Dropper.lv
Symantec ISB.Downloader!gen40
ESET-NOD32 VBS/TrojanDownloader.Agent.AAKW
Avast Script:SNH-gen [Drp]
Kaspersky HEUR:Trojan-Downloader.Script.Generic
NANO-Antivirus Trojan.Script.Vbs-heuristic.druvzi
Rising Downloader.Agent/VBS!8.10EA5 (TOPIS:E0:rHcE8wIYbGF)
Ikarus Trojan-Downloader.VBS.Agent
Google Detected
Microsoft Trojan:VBS/AgentTesla.RVF!MTB
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
AVG Script:SNH-gen [Drp]
Time & API Arguments Status Return Repeated

InternetCrackUrlW

 url: https://paste.ee/d/7HCkx
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 12582912
http_method: GET
referer:
path: /d/7HCkx
1 13369356 0

send

 buffer: !
socket: 828
sent: 1
1 1 0
dead_host 185.26.104.247:443