popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

cab.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 8, 2024, 4:50 p.m. July 8, 2024, 4:54 p.m.
Size 3.7MB
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 5aefab6d98b943df267e28b42b5871e0
SHA256 3896dedb4a4ca12282a10e96c17a220ee4a223ff3f786284e12a42fe3c59a114
CRC32 62533877
ssdeep 98304:7aui/tKaSe0HQxy0G/GcDW2fx2ZHbXXjCR9u:7aMaT0CC/GcDWSSbXXje9
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.67.133.143 Active Moloch
45.152.67.101 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 2024/07/08 16:49:11 Forking
console_handle: 0x0000000b
1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
section {u'size_of_data': u'0x003b5e00', u'virtual_address': u'0x006a2000', u'entropy': 7.895869091382375, u'name': u'UPX1', u'virtual_size': u'0x003b6000'} entropy 7.89586909138 description A section with a high entropy has been found
entropy 0.999868421053 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
cmdline whoami
host 172.67.133.143
host 45.152.67.101
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x00ecfa79
function_name: wine_get_version
module: ntdll
module_address: 0x778a0000
3221225785 0
Bkav W32.AIDetectMalware
Lionic Hacktool.Win32.Marte.3!c
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
ALYac Generic.Application.Revhell.Marte.A.58D43C29
Cylance Unsafe
VIPRE Generic.Application.Revhell.Marte.A.58D43C29
Sangfor Hacktool.Win64.Reversessh.Vmhp
BitDefender Generic.Application.Revhell.Marte.A.58D43C29
Cybereason malicious.d98b94
Arcabit Generic.Application.Revhell.Marte.A.58D43C29
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/HackTool.ReverseSsh.A
APEX Malicious
McAfee Artemis!5AEFAB6D98B9
Avast MalwareX-gen [Trj]
Kaspersky HEUR:HackTool.Win64.ReverseSSH.gen
Alibaba HackTool:Win64/SuperShell.9d64e020
MicroWorld-eScan Generic.Application.Revhell.Marte.A.58D43C29
Rising HackTool.ReverseSSH!1.EA42 (CLOUD)
Emsisoft Generic.Application.Revhell.Marte.A.58D43C29 (B)
F-Secure Trojan.TR/AVI.Agent.cskbp
TrendMicro TROJ_GEN.R002C0DG724
McAfeeD ti!3896DEDB4A4C
FireEye Generic.Application.Revhell.Marte.A.58D43C29
Sophos Generic Reputation PUA (PUA)
Ikarus Trojan.WinGo.Hacktool
Google Detected
Antiy-AVL GrayWare/Win32.Kryptik.ffp
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Hack.Win32.Patcher.sa
Microsoft VirTool:Win64/SuperShell.A
ZoneAlarm HEUR:HackTool.Win64.ReverseSSH.gen
GData Generic.Application.Revhell.Marte.A.58D43C29
Varist W32/ABApplication.YRFY-5989
BitDefenderTheta Gen:NN.ZexaF.36808.TpGfaWSRvhg
DeepInstinct MALICIOUS
Malwarebytes Trojan.Injector.UPX
Panda Trj/Agent.SR
TrendMicro-HouseCall TROJ_GEN.R002C0DG724
Tencent Win64.Hacktool.Reversessh.Gdhl
MAX malware (ai score=85)
MaxSecure Trojan.Malware.300983.susgen
Fortinet Adware/ReverseSsh
AVG MalwareX-gen [Trj]
Paloalto generic.ml
alibabacloud Backdoor:Multi/Supershell