popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 8, 2024, 9:40 a.m. July 8, 2024, 9:48 a.m.
Size 2.9MB
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 ed44c98c40576ef50f6abcf6e40c71d7
SHA256 05d385e9faa8175db3c963f7fad2b3ecee0bb45deacfbf8824bdea9a181e63b1
CRC32 219FD6F1
ssdeep 49152:svW87wGcsoYjRaCX0n1oi5owJXHorpRUrpFucvsmFY59tAHBaCKz4Z:s+87t1Vln0l5TJXINGNloxCKz4Z
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
91.238.203.71 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 2024/07/08 09:40:04 Forking
console_handle: 0x0000000b
1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
section {u'size_of_data': u'0x002e3800', u'virtual_address': u'0x00508000', u'entropy': 7.903149014616555, u'name': u'UPX1', u'virtual_size': u'0x002e4000'} entropy 7.90314901462 description A section with a high entropy has been found
entropy 0.999830995437 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
cmdline whoami
host 91.238.203.71
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0017f679
function_name: wine_get_version
module: ntdll
module_address: 0x778a0000
3221225785 0

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0029fc39
function_name: wine_get_version
module: ntdll
module_address: 0x778a0000
3221225785 0
Bkav W32.AIDetectMalware
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/HackTool.ReverseSsh.D
Avast Win32:HacktoolX-gen [Trj]
Kaspersky HEUR:HackTool.Win64.ReverseSSH.gen
Rising HackTool.ReverseSSH!1.EA42 (CLASSIC)
McAfeeD ti!05D385E9FAA8
Trapmine suspicious.low.ml.score
FireEye Generic.mg.ed44c98c40576ef5
Sophos Generic ML PUA (PUA)
Antiy-AVL GrayWare/Win32.Kryptik.ffp
ZoneAlarm HEUR:HackTool.Win64.ReverseSSH.gen
BitDefenderTheta Gen:NN.ZexaF.36808.4oGfaumRR3f
DeepInstinct MALICIOUS
Malwarebytes Trojan.Injector.UPX
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:HacktoolX-gen [Trj]
CrowdStrike win/malicious_confidence_60% (D)
alibabacloud Backdoor:Multi/Supershell