popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

parent.exe

Generic Malware PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 11, 2024, 1:15 p.m. July 11, 2024, 1:22 p.m.
Size 9.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 79f0217feda3db821ac7c89d9c31ec7f
SHA256 dcf7bccac1a08fb5d70e6d4fbbcc5f67ede54fe54a378443dc684814e2272914
CRC32 A71CB764
ssdeep 192:Koc4q4LkGkokHWu3avV8RE3yzruVQl6ZarDaN:KoTq4a/H/3avV8ReyHuV
PDB Path C:\Users\woody\Documents\Visual Studio 2010\Projects\pcap\Release\pcap.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: SelectMyParent v0.0.0.1: start a program with a selected parent process
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Source code put in public domain by Didier Stevens, no Copyright
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: https://DidierStevens.com
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Use at your own risk
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: usage: SelectMyParent program pid
console_handle: 0x00000007
1 1 0
pdb_path C:\Users\woody\Documents\Visual Studio 2010\Projects\pcap\Release\pcap.pdb
MaxSecure Trojan.Malware.300983.susgen
alibabacloud HackTool:Win/SelectMyParent