popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

persona.exe

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 9, 2024, 9:53 a.m. July 9, 2024, 10:04 a.m.
Size 396.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 a0f4dea92c2045c7da2664345e4e5edf
SHA256 ece5d03dbc48cc6126fb1757b3951b9aedfad5a007ebddd4e5f98eb1ff230946
CRC32 F9B738FB
ssdeep 12288:nfl2OJJ4RvmAyh5do9Py4AOh7/djAUWbkM:nflQmB5du5/FAnb
PDB Path C:\Users\kdx10\Downloads\RingQ-main\RingQ\x64\Release\RingQ.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
1.92.89.193 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\Users\kdx10\Downloads\RingQ-main\RingQ\x64\Release\RingQ.pdb
section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x23b1230
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64
0x64

exception.instruction_r: 48 8b 00 48 03 84 24 68 02 00 00 48 8b 8c 24 c8
exception.instruction: mov rax, qword ptr [rax]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x23b1230
registers.r14: 24297
registers.r15: 0
registers.rcx: 72220676
registers.rsi: 3811328
registers.r10: 0
registers.rbx: 100
registers.rsp: 1634984
registers.r11: 514
registers.r8: 1633400
registers.r9: 1633456
registers.rdx: 8796092887632
registers.r12: 5364098488
registers.rbp: 1635952
registers.rdi: 37421056
registers.rax: 72220676
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2552
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000023b0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2552
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000023e0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2552
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
-1073741800 0

NtAllocateVirtualMemory

 process_identifier: 2552
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002470000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x0001fc00', u'virtual_address': u'0x00047000', u'entropy': 7.988253567857917, u'name': u'.rsrc', u'virtual_size': u'0x0001fabd'} entropy 7.98825356786 description A section with a high entropy has been found
entropy 0.321112515803 description Overall entropy of this PE file is high
host 1.92.89.193
Lionic Trojan.Win32.Crysan.m!c
Cynet Malicious (score: 100)
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/TrojanDownloader.Agent.AVX
Paloalto generic.ml
Alibaba TrojanDownloader:Win64/HacktoolX.70697256
MicroWorld-eScan Trojan.GenericKD.73394974
Emsisoft Trojan.GenericKD.73394974 (B)
F-Secure Heuristic.HEUR/AGEN.1317582
McAfeeD ti!ECE5D03DBC48
Sophos Mal/Generic-S
Ikarus Trojan-Dropper.Win64.Agent
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1317582
Antiy-AVL Trojan[Backdoor]/MSIL.Crysan
Kingsoft Win32.Hack.Undef.a
ZoneAlarm VHO:Backdoor.MSIL.Crysan.gen
Google Detected
Malwarebytes Trojan.Downloader
TrendMicro-HouseCall Backdoor.Win64.COBEACON.YXEGGZ
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.74478283.susgen
Fortinet W64/Agent.AVX!tr.dldr
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)
alibabacloud Trojan[downloader]:Win/Agent.AYF