popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

remcmdstub.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 17, 2024, 9:04 a.m. July 17, 2024, 9:09 a.m.
Size 61.8KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 35da3b727567fab0c7c8426f1261c7f5
SHA256 89027f1449be9ba1e56dd82d13a947cb3ca319adfe9782f4874fbdc26dc59d09
CRC32 FE64EF00
ssdeep 1536:bJfanvXuN86jJ9hUHYBlXUYwT24a+yVwQ:lanPGjJTU4IYia+yVX
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: Usage: C:\Users\test22\AppData\Local\Temp\remcmdstub.exe (4 InheritableEventHandles) (CommandLineToSpawn)
console_handle: 0x00000007
1 1 0
DrWeb Program.RemoteAdmin.937
Jiangmin RemoteAdmin.NetSup.ai
Gridinsoft Trojan.Win32.Downloader.dd!c