popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

tv2.exe

Metasploit Generic Malware PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 17, 2024, 9 a.m. July 17, 2024, 9:04 a.m.
Size 7.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 108f1fb53a61d46e8df4331ed0724c9d
SHA256 dd748e04276a2d77490012f8373d8b6be0baa76140c9c3b649f43caec20c919a
CRC32 7125A044
ssdeep 24:eFGStrJ9u0/67BnZdkBQAVWWcfwKZqweNDMSCvOXpmB:is0CRkBQxoOSD9C2kB
Yara
  • Windows_Trojan_Metasploit_91bc5d7d - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
191.232.181.180 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .suxx
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x76cba404
tv2+0x41fe @ 0x1400041fe
0x7fffffde250
0x12f708
0x12f740
tv2+0x41fe @ 0x1400041fe
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58

exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65
exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404
exception.instruction: push rsp
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 697348
exception.address: 0x76cba404
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 5368726014
registers.rbx: 0
registers.rsp: 1244152
registers.r11: 514
registers.r8: 1242888
registers.r9: 1242944
registers.rdx: 8796092883536
registers.r12: 1244576
registers.rbp: 5368725514
registers.rdi: 88
registers.rax: 1993057284
registers.r13: 1244584
1 0 0
host 191.232.181.180
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Metasploit.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal HackTool.Metasploit.S9212471
Skyhigh BehavesLike.Win64.Infected.zz
ALYac Trojan.Metasploit.A
Cylance Unsafe
VIPRE Trojan.Metasploit.A
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 004fae881 )
BitDefender Trojan.Metasploit.A
K7GW Trojan ( 004fae881 )
Cybereason malicious.53a61d
Arcabit Trojan.Metasploit.A
VirIT Trojan.Win32.Generic.BZPS
Symantec Meterpreter
Elastic Windows.Trojan.Metasploit
ESET-NOD32 a variant of Win64/Rozena.M
APEX Malicious
McAfee Trojan-FJIN!108F1FB53A61
Avast Win32:MsfShell-V [Hack]
ClamAV Win.Malware.Metasploit-10022275-0
Kaspersky HEUR:Trojan.Win64.Packed.gen
Alibaba Trojan:Win64/Meterpreter.6e73a5c5
SUPERAntiSpyware Trojan.Agent/Gen-MalPack
MicroWorld-eScan Trojan.Metasploit.A
Rising Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft Trojan.Metasploit.A (B)
F-Secure Trojan.TR/Crypt.XPACK.Gen7
DrWeb BackDoor.Shell.244
McAfeeD Real Protect-LS!108F1FB53A61
Trapmine malicious.high.ml.score
FireEye Generic.mg.108f1fb53a61d46e
Sophos ATK/Meter-A
Ikarus Trojan.Win64.Meterpreter
Jiangmin Trojan.Generic.auyjj
Webroot W32.Trojan.Gen
Google Detected
Avira TR/Crypt.XPACK.Gen7
MAX malware (ai score=80)
Antiy-AVL GrayWare/Win32.Rozena.j
Kingsoft Win64.Trojan.Packed.gen
Gridinsoft Trojan.Win64.Gen.tr
Microsoft Trojan:Win64/Meterpreter!pz
ViRobot Trojan.Win.Z.Rozena.7168.OHA
ZoneAlarm HEUR:Trojan.Win64.Packed.gen
GData Trojan.Metasploit.A
Varist W64/Rozena.IG
AhnLab-V3 Trojan/Win32.RL_Generic.R358445
Acronis suspicious
dead_host 192.168.56.101:49161
dead_host 191.232.181.180:443