popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

inject.txt.exe

PE64 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 22, 2024, 2:23 p.m. July 22, 2024, 2:25 p.m.
Size 95.5KB
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 03bed904291f531fc5381307e361b70f
SHA256 15665af2e4efa5f4f5a25bdb36090961b92818d01f40f90b9eaa4cc5a97902e3
CRC32 A5A83F9D
ssdeep 1536:S8yZzfkJ6CQ1bvbrrySCIiaC6yiJikvEDSbvz4+zeGI8ZZwZdXhXOkUWTohlqeCg:BEzsqxE2t0puoC
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.208.158.176 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.208.158.176:7283 -> 192.168.56.101:49163 2400032 ET DROP Spamhaus DROP Listed Traffic Inbound group 33 Misc Attack

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x76cba404
0x4c01f3
0x7fffffdc000
0x13f0a8
0x4c0031
0x4c01f3

exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65
exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404
exception.instruction: push rsp
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 697348
exception.address: 0x76cba404
registers.r14: 1307208
registers.r15: 0
registers.rcx: 0
registers.rsi: 1307072
registers.r10: 4981235
registers.rbx: 1453503984
registers.rsp: 1306976
registers.r11: 582
registers.r8: 1306792
registers.r9: 4980785
registers.rdx: 8796092874752
registers.r12: 1306784
registers.rbp: 4980785
registers.rdi: 92
registers.rax: 1993057284
registers.r13: 1306792
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2692
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000004c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
host 185.208.158.176
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Marte.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Generic
Skyhigh Artemis!Trojan
ALYac Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Cylance Unsafe
VIPRE Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Sangfor Trojan.Win64.Rozena.Vm7w
K7AntiVirus Trojan ( 00519b2a1 )
BitDefender Generic.Shellcode.Ode.Marte.A.EE9FCE9E
K7GW Trojan ( 00519b2a1 )
Arcabit Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Symantec Meterpreter
ESET-NOD32 a variant of Win64/Rozena.M
APEX Malicious
McAfee Artemis!03BED904291F
Avast Win64:MetasploitEncod-B [Trj]
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Trojan:Win64/Meterpreter.222c73dd
MicroWorld-eScan Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Rising Trojan.Generic!8.C3 (CLOUD)
Emsisoft Generic.Shellcode.Ode.Marte.A.EE9FCE9E (B)
F-Secure Trojan.TR/Rozena.xxkgf
TrendMicro Backdoor.Win64.SWRORT.YXEGUZ
McAfeeD ti!15665AF2E4EF
FireEye Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Sophos Mal/Generic-S
Ikarus Trojan.Win64.Crypt
Webroot W32.Malware.Gen
Google Detected
Avira TR/Rozena.xxkgf
MAX malware (ai score=89)
Antiy-AVL Trojan/Win64.Rozena
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win64.Generic.sa
Microsoft Trojan:Win64/Meterpreter.E
ViRobot Trojan.Win.Z.Rozena.97776.A
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Varist W64/ABTrojan.DITB-7551
AhnLab-V3 Trojan/Win.Generic.C5642749
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3271261238
Panda Trj/GdSda.A
TrendMicro-HouseCall Backdoor.Win64.SWRORT.YXEGUZ
Tencent Malware.Win32.Gencirc.10c019a8
Fortinet W64/Rozena.M!tr
AVG Win64:MetasploitEncod-B [Trj]
dead_host 185.208.158.176:7283
dead_host 192.168.56.101:49163