popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

my.exe

Generic Malware Malicious Library Antivirus UPX Malicious Packer ftp PE64 OS Processor Check PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 8, 2024, 9:49 a.m. July 8, 2024, 9:51 a.m.
Size 10.9MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 6470b936622d9502880cae6452d1bb48
SHA256 8dff8555a5960f7dd9b5915c7046d006eafabe9181627d0ee7f56aeddfc727af
CRC32 F8177856
ssdeep 98304:t3WBP9loEChXVFmEiZGZBRA5RACWiOxg:tm9oFxiI/C5CLp
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • ftp_command - ftp command
  • Antivirus - Contains references to security software
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
60.251.145.96 Active Moloch
91.238.203.71 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 2024/07/08 09:49:32 Forking
console_handle: 0x000000000000000b
1 1 0
section .symtab
host 60.251.145.96
host 91.238.203.71
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0
Bkav W64.AIDetectMalware
Elastic malicious (high confidence)
ALYac Generic.Application.Revhell.Marte.A.C3019868
VIPRE Generic.Application.Revhell.Marte.A.C3019868
BitDefender Generic.Application.Revhell.Marte.A.C3019868
Cybereason malicious.6622d9
Arcabit Generic.Application.Revhell.Marte.A.CD2E145C
ESET-NOD32 a variant of WinGo/HackTool.ReverseSsh.E.gen
Avast Win64:HacktoolX-gen [Trj]
Kaspersky HEUR:HackTool.Win64.ReverseSSH.gen
MicroWorld-eScan Generic.Application.Revhell.Marte.A.C3019868
Rising HackTool.ReverseSSH!1.EA42 (CLASSIC)
Emsisoft Generic.Application.Revhell.Marte.A.C3019868 (B)
F-Secure Heuristic.HEUR/AGEN.1372062
FireEye Generic.Application.Revhell.Marte.A.C3019868
Ikarus Trojan.WinGo.Clipbanker
Google Detected
Avira HEUR/AGEN.1372062
MAX malware (ai score=89)
Microsoft VirTool:Win64/SuperShell.A
ZoneAlarm HEUR:HackTool.Win64.ReverseSSH.gen
GData Generic.Application.Revhell.Marte.A.C3019868
AhnLab-V3 Trojan/Win.Generic.R610370
Malwarebytes Malware.AI.4117239432
MaxSecure Trojan.Malware.208817443.susgen
AVG Win64:HacktoolX-gen [Trj]
alibabacloud Backdoor:Multi/Supershell
dead_host 192.168.56.103:49171
dead_host 192.168.56.103:49161
dead_host 192.168.56.103:49170
dead_host 60.251.145.96:2255
dead_host 192.168.56.103:49173
dead_host 192.168.56.103:49172
dead_host 192.168.56.103:49165
dead_host 192.168.56.103:49169
dead_host 192.168.56.103:49167
dead_host 192.168.56.103:49168
dead_host 192.168.56.103:49166