popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

aaa.exe

Malicious Library Downloader Admin Tool (Sysinternals etc ...) UPX PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 27, 2024, 12:34 p.m. July 27, 2024, 12:36 p.m.
Size 19.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1318fbc69b729539376cb6c9ac3cee4c
SHA256 e972fb08a4dcde8d09372f78fe67ba283618288432cdb7d33015fc80613cb408
CRC32 DB53B0CE
ssdeep 192:C+y8/RdxS7cMa1gxJX2+71entqb8yRTkKrfac09HynJxTaqVIdthI4m/Gtyx:C+yE/xK5X2+Y/yBMynuqVIdf1ti
Yara
  • Network_Downloader - File Downloader
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
121.52.212.161 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

host 121.52.212.161
dead_host 121.52.212.161:135
dead_host 121.52.212.161:445