popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Session.exe

UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 11, 2024, 1:17 p.m. July 11, 2024, 1:55 p.m.
Size 73.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 f21b99b36592ff7415d56841d4fd62d0
SHA256 6f90f15c3337288d0fc686f6f2e3988043c126c356d6096e99158e60f91c3403
CRC32 FA8A8D90
ssdeep 768:IOEXYRpKodXNyVX7FgFrrm4rjO29DnK1JreG7PzGgt4Z6TDQ/wPdPtNR+d7iuhjJ:FkQ7dyVyrrkzF8CPdsiuUzu/ac
PDB Path C:\Users\Lenovo\Desktop\XieBro-v3.3\XieBro-v3.3\Resources\Unmanaged.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
3.115.14.110 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\Users\Lenovo\Desktop\XieBro-v3.3\XieBro-v3.3\Resources\Unmanaged.pdb
host 3.115.14.110
dead_host 3.115.14.110:80
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.NetLoader.lh
ALYac Gen:Variant.Lazy.501428
VIPRE Gen:Variant.Lazy.501428
Sangfor Trojan.Win32.Lazy.Vl3k
BitDefender Gen:Variant.Lazy.501428
Cybereason malicious.36592f
Arcabit Trojan.Lazy.D7A6B4
Symantec ML.Attribute.HighConfidence
APEX Malicious
McAfee Artemis!F21B99B36592
Avast Win64:MalwareX-gen [Trj]
Kaspersky UDS:DangerousObject.Multi.Generic
MicroWorld-eScan Gen:Variant.Lazy.501428
Rising Downloader.Agent!1.F938 (CLASSIC)
Emsisoft Gen:Variant.Lazy.501428 (B)
McAfeeD ti!6F90F15C3337
FireEye Gen:Variant.Lazy.501428
Sophos Mal/Generic-S
Webroot W32.Malware.Gen
Google Detected
MAX malware (ai score=85)
Antiy-AVL Trojan/Win32.Sabsik
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Ransom.Win64.Sabsik.sa
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Lazy.501428
AhnLab-V3 Dropper/Win.Generic.R641715
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H07GA24
Fortinet W32/PossibleThreat
AVG Win64:MalwareX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_90% (D)