popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

java.exe

UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 17, 2024, 8:51 p.m. July 17, 2024, 8:55 p.m.
Size 3.2MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 cf8827cf86ed8c72f1276eb9c2456278
SHA256 1c3c0360d15452f17a8035da1174e4a53d59ea641d195b8e8f22016dac8e8803
CRC32 C40D7340
ssdeep 49152:8z4Ltsn00caBmsGkHoye6f+mP5IMGWXBQqXly7mVEPDNBE4iGeSzHOTNCfLH6DtU:r0DBtHokf+0LGwPXIm6PD/JHHOTNSHu
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
91.238.203.71 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 2024/07/17 20:51:46 Forking
console_handle: 0x000000000000000b
1 1 0
section {u'size_of_data': u'0x0032c400', u'virtual_address': u'0x0058d000', u'entropy': 7.900392322117215, u'name': u'UPX1', u'virtual_size': u'0x0032d000'} entropy 7.90039232212 description A section with a high entropy has been found
entropy 0.999846130174 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
cmdline whoami
host 91.238.203.71
file C:\Users\test22\AppData\Local\Temp\whoami.exe
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Supershell.m!c
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.wc
ALYac Trojan.Generic.36516585
Cylance Unsafe
VIPRE Trojan.Generic.36516585
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005a3dcb1 )
BitDefender Trojan.Generic.36516585
K7GW Trojan ( 005a3dcb1 )
Cybereason malicious.f86ed8
Arcabit Trojan.Generic.D22D32E9
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/HackTool.ReverseSsh.B
APEX Malicious
McAfee Artemis!CF8827CF86ED
Avast Win64:MalwareX-gen [Trj]
Kaspersky Backdoor.Win64.Supershell.b
Alibaba Backdoor:Win64/Supershell.50dd636b
MicroWorld-eScan Trojan.Generic.36516585
Rising HackTool.ReverseSSH!1.EA42 (CLOUD)
Emsisoft Trojan.Generic.36516585 (B)
F-Secure Trojan.TR/AVI.Agent.vgtad
TrendMicro TROJ_GEN.R002C0XG924
McAfeeD Real Protect-LS!CF8827CF86ED
FireEye Trojan.Generic.36516585
Sophos Generic Reputation PUA (PUA)
Ikarus Trojan-PSW.Agent
Google Detected
Avira TR/AVI.Agent.vgtad
Antiy-AVL GrayWare/Win32.Kryptik.ffp
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Trojan.Win64.Agent.sa
Microsoft Program:Win32/Wacapew.C!ml
ZoneAlarm Backdoor.Win64.Supershell.b
GData Trojan.Generic.36516585
Varist W64/Agent.FXW.gen!Eldorado
AhnLab-V3 Trojan/Win.Generic.R649802
DeepInstinct MALICIOUS
VBA32 Backdoor.Win64.Supershell
Malwarebytes Malware.AI.3149972421
TrendMicro-HouseCall TROJ_GEN.R002C0XG924
Tencent Win64.Backdoor.Supershell.Xmhl
MAX malware (ai score=82)
Fortinet W32/ReverseSsh.B!tr
AVG Win64:MalwareX-gen [Trj]
Paloalto generic.ml
alibabacloud Grayware:Win/Reversessh.7a3920cf