popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rt.exe

Gen1 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 21, 2024, 9:40 a.m. July 21, 2024, 9:42 a.m.
Size 6.8MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 16c657e788d1b5f6ba16f1880ae3ffa2
SHA256 6eaf94adedafef8b385c51dfb63306d4424478ed3ad5e7a4508e5bfcc5248565
CRC32 1EEEA486
ssdeep 196608:YAFbheN/FJMIDJf0gsAGK5SEQROuAKfv/D:0/Fqyf0gsfNpAKL
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x7fef7c97ef8
registers.r14: 0
registers.r15: 196974
registers.rcx: 196974
registers.rsi: 1
registers.r10: 196974
registers.rbx: 0
registers.rsp: 3380472
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 28
registers.r12: 0
registers.rbp: 9671840
registers.rdi: 0
registers.rax: 3380576
registers.r13: 28
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\python310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\rar.exe
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI7762\api-ms-win-crt-locale-l1-1-0.dll
Bkav W64.AIDetectMalware
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.HToolLazagne.vc
ALYac Gen:Variant.Lazy.547185
VIPRE Gen:Variant.Lazy.547185
Sangfor Trojan.Win32.Save.a
BitDefender Gen:Variant.Lazy.547185
Cybereason malicious.788d1b
Arcabit Trojan.Lazy.D85971
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Packed.PyInstaller.O suspicious
APEX Malicious
Avast Other:Malware-gen [Trj]
ClamAV Win.Malware.Lazy-10011008-0
Kaspersky Trojan-Spy.Win32.Agent.dffz
MicroWorld-eScan Gen:Variant.Lazy.547185
Rising Spyware.Agent/PYC!1.EA8F (CLASSIC)
Emsisoft Gen:Variant.Lazy.547185 (B)
F-Secure Trojan.TR/Crypt.FKM.Gen
DrWeb Python.Muldrop.25
Zillya Trojan.Disco.Win32.12039
FireEye Gen:Variant.Lazy.547185
Ikarus Trojan.Python.SLoader
Google Detected
Avira TR/Crypt.FKM.Gen
MAX malware (ai score=82)
Gridinsoft Malware.Win64.AI.oa!s1
Microsoft Trojan:Win32/Sonbokli.A!cl
ZoneAlarm Trojan-Spy.Win32.Agent.dffz
GData Gen:Variant.Lazy.547185
Varist W64/Agent.IMI.gen!Eldorado
Malwarebytes Generic.Malware.AI.DDS
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.121218.susgen
Fortinet W64/PyInstaller.L!tr
AVG Other:Malware-gen [Trj]
CrowdStrike win/malicious_confidence_90% (W)