popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

f.exe

Malicious Library UPX Malicious Packer Anti_VM PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 11, 2024, 9:15 a.m. July 11, 2024, 9:28 a.m.
Size 14.6MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 79f198f849919600241b898f482d197f
SHA256 43c0b3f2764243d665c69a34fb15120cd9befd7a16382605ffa5c78e903c452e
CRC32 C0F03CE9
ssdeep 98304:xXFFDZxGhP6OhUqvOssB947StpGKfM0Y7kRv87VQQQQQQQQQQQQQ4hl391TO6JGw:PBchU4lg4O4MM0YYRqlPO65
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Host is none
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: Usage of C:\Users\test22\AppData\Local\Temp\f.exe:
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -c string exec command (ssh)
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -cookie string set poc cookie
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -debug int every time to LogErr (default 60)
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -domain string smb domain
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -h string IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -hf string host file, -hf ip.txt
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -hn string the hosts no scan,as: -hn 192.168.1.1/24
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -m string Select scan type ,as: -m ssh (default "all")
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -no not to save output log
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -nopoc not to scan web vul
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -np not to ping
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -num int poc rate (default 20)
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -o string Outputfile (default "result.txt")
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -p string Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017")
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -path string fcgi、smb romote file path
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -ping using ping replace icmp
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -pn string the ports no scan,as: -pn 445
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -pocname string use the pocs these contain pocname, -pocname weblogic
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -proxy string set poc proxy, -proxy http://127.0.0.1:8080
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -pwd string password
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -pwdf string password file
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -rf string redis file to write sshkey file (as: -rf id_rsa.pub)
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -rs string redis shell to write cron file (as: -rs 192.168.1.1:6666)
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -silent silent scan
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -sshkey string sshkey file (id_rsa)
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -t int Thread nums (default 600)
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -time int Set timeout (default 3)
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -u string url
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -uf string urlfile
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -user string username
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -userf string username file
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: -wt int Set web timeout (default 5)
console_handle: 0x000000000000000b
1 1 0
section .symtab
Cylance Unsafe
Sangfor Trojan.Win32.Agent.V4zb
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of WinGo/HackTool.Agent.BH
McAfee Artemis!79F198F84991
Kaspersky Trojan.Win32.Eb.csk
Alibaba Trojan:Win32/Generic.c29cd87d
Rising HackTool.FScan!1.EE23 (CLASSIC)
McAfeeD ti!43C0B3F27642
Ikarus PUA.Obfuscated
Microsoft Trojan:Win32/Wacatac.H!ml
ZoneAlarm Trojan.Win32.Eb.csk
Malwarebytes Malware.AI.3835395321
Tencent Win32.Trojan.Eb.Xmhl
MaxSecure Trojan.Malware.300983.susgen
alibabacloud Scanner:Multi/Fscan
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0