popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe

Malicious Packer UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 21, 2024, 9:31 a.m. July 21, 2024, 9:35 a.m.
Size 72.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e2fc88419295970ffa4e773dcf566f14
SHA256 03e9d40b1a4fe605b9830af70bc6f3368a5b2ad308e518640275c8b312c6ebce
CRC32 9D6DD15D
ssdeep 1536:I1u5hH9KzxsRH0n+j6tOmouTjKqVjA/lOuP4pMb+KR0Nc8QsJq39:wu5bKzxw6hjt9Ulpee0Nc8QsC9
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
167.250.49.155 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00300000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0000b000', u'virtual_address': u'0x00001000', u'entropy': 7.009999028949223, u'name': u'.text', u'virtual_size': u'0x0000a966'} entropy 7.00999902895 description A section with a high entropy has been found
entropy 0.647058823529 description Overall entropy of this PE file is high
host 167.250.49.155
dead_host 167.250.49.155:445
Bkav W32.FamVT.RorenNHc.Trojan
ClamAV Win.Trojan.MSShellcode-7
Qihoo-360 HEUR/QVM20.1.B60A.Malware.Gen
McAfee Swrort.i
ALYac Trojan.CryptZ.Gen
Cylance Unsafe
VIPRE Trojan.Win32.Swrort.B (v)
Sangfor Malware
K7AntiVirus Trojan ( 004c49f81 )
BitDefender Trojan.CryptZ.Gen
K7GW Trojan ( 004c49f81 )
Cybereason malicious.192959
Arcabit Trojan.CryptZ.Gen
Invincea heuristic
Cyren W32/Swrort.A.gen!Eldorado
Symantec Packed.Generic.347
ESET-NOD32 a variant of Win32/Rozena.ED
APEX Malicious
Avast Win32:SwPatch [Wrm]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
NANO-Antivirus Trojan.Win32.Shellcode.ewfvwj
SUPERAntiSpyware Trojan.Backdoor-PoisonIvy
MicroWorld-eScan Trojan.CryptZ.Gen
Rising HackTool.Swrort!1.6477 (CLASSIC)
Ad-Aware Trojan.CryptZ.Gen
Emsisoft Trojan.CryptZ.Gen (B)
Comodo TrojWare.Win32.Rozena.A@4jwdqr
F-Secure Trojan.TR/Patched.Gen2
DrWeb Trojan.Swrort.1
TrendMicro BKDR_SWRORT.SM
Trapmine malicious.high.ml.score
FireEye Generic.mg.e2fc88419295970f
Sophos Mal/EncPk-TZ
Ikarus Trojan.Win32.Swrort
F-Prot W32/Swrort.A.gen!Eldorado
Webroot W32.Malware.Gen
Avira TR/Patched.Gen2
MAX malware (ai score=88)
Antiy-AVL Trojan/Win32.Rozena.ed
Microsoft Trojan:Win32/Meterpreter.O
Endgame malicious (high confidence)
ViRobot Trojan.Win32.Elzob.Gen
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Trojan.CryptZ.Gen
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34136.eq1@aqRGlkdi
Malwarebytes Trojan.Rozena
TrendMicro-HouseCall BKDR_SWRORT.SM
Yandex Trojan.Rosena.Gen.1