popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe

Malicious Packer UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 21, 2024, 9:31 a.m. July 21, 2024, 9:33 a.m.
Size 72.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c781ee8c2429c44cda2d6d2ab3830991
SHA256 b2d678372811bbfb4c356e5a9b27526425f4d4ac2ae481b037decac6db7aa198
CRC32 048F2BF1
ssdeep 1536:IEAYo2XZRPanx5Wxd2W4VhAjphWMb+KR0Nc8QsJq39:P7o4anx4+ne0Nc8QsC9
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
167.250.49.155 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0000b000', u'virtual_address': u'0x00001000', u'entropy': 7.004583901392275, u'name': u'.text', u'virtual_size': u'0x0000a966'} entropy 7.00458390139 description A section with a high entropy has been found
entropy 0.647058823529 description Overall entropy of this PE file is high
host 167.250.49.155
dead_host 167.250.49.155:445
Bkav W32.FamVT.RorenNHc.Trojan
ClamAV Win.Trojan.MSShellcode-7
McAfee Swrort.i
ALYac Trojan.CryptZ.Gen
Cylance Unsafe
VIPRE Trojan.Win32.Swrort.B (v)
Sangfor Malware
K7AntiVirus Trojan ( 004c49f81 )
BitDefender Trojan.CryptZ.Gen
K7GW Trojan ( 004c49f81 )
Cybereason malicious.c2429c
Arcabit Trojan.CryptZ.Gen
Invincea heuristic
Cyren W32/Swrort.A.gen!Eldorado
Symantec Packed.Generic.347
ESET-NOD32 a variant of Win32/Rozena.ED
APEX Malicious
Avast Win32:SwPatch [Wrm]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
NANO-Antivirus Trojan.Win32.Shellcode.ewfvwj
SUPERAntiSpyware Trojan.Backdoor-PoisonIvy
MicroWorld-eScan Trojan.CryptZ.Gen
Rising Malware.Heuristic!ET#100% (RDMK:cmRtazq718hG/VpiWEnuXxLW07Pp)
Ad-Aware Trojan.CryptZ.Gen
Emsisoft Trojan.CryptZ.Gen (B)
Comodo TrojWare.Win32.Rozena.A@4jwdqr
F-Secure Trojan.TR/Patched.Gen2
DrWeb Trojan.Swrort.1
TrendMicro BKDR_SWRORT.SM
Trapmine malicious.high.ml.score
FireEye Generic.mg.c781ee8c2429c44c
Sophos Mal/EncPk-TZ
Ikarus Trojan.Win32.Swrort
F-Prot W32/Swrort.A.gen!Eldorado
Webroot W32.Malware.Gen
Avira TR/Patched.Gen2
MAX malware (ai score=82)
Antiy-AVL Trojan/Win32.Rozena.ed
Microsoft Trojan:Win32/Meterpreter.O
Endgame malicious (high confidence)
ViRobot Trojan.Win32.Elzob.Gen
AhnLab-V3 Trojan/Win32.Shell.R1283
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Trojan.CryptZ.Gen
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34136.eq1@aaESKcdi
Malwarebytes Trojan.Rozena
TrendMicro-HouseCall BKDR_SWRORT.SM
Yandex Trojan.Rosena.Gen.1