Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 1, 2024, 3:13 p.m.	Aug. 1, 2024, 3:15 p.m.

Size	4.6MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`9de2806368f77203832f5b4b421af88f`
SHA256	`e1b08a14812ef252294f0ca6df3c86d10203a407029684734e5118df0f75e845`
CRC32	`48E85316`
ssdeep	`49152:37HCl6NqBDHGrb/T5vO90d7HjmAFd4A64nsfJ0WNm14JKRxbh1TBOt7uCG/4LZsm:DqlM1euC2/iEJw`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file

lasjdflakdsjf.pdf.exe "C:\Users\test22\AppData\Local\Temp\lasjdflakdsjf.pdf.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
156.224.22.247	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.101:49172 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49161 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49167 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49166 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49164 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49173 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49169 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49165 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49183 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49171 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49174 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49195 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49177 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49188 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49202 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49189 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49170 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49190 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49179 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49196 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49209 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49185 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49211 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49186 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49176 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49217 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49191 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49178 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49194 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49184 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49200 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49192 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49193 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49219 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49199 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49205 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49201 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49203 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49208 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49198 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49204 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49212 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49206 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49207 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49218 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49215 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49221 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49162 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49168 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49175 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49180 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49181 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49187 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49197 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49210 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49213 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49214 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49216 156.224.22.247:443	None	None	None
TLS 1.3 192.168.56.101:49220 156.224.22.247:443	None	None	None

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

Communicates with host for which no DNS query was performed (1 event)

host

156.224.22.247

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

Bkav	W64.AIDetectMalware
Skyhigh	BehavesLike.Win64.HToolWinGo.rh
Cylance	unsafe
Elastic	malicious (high confidence)
ESET-NOD32	a variant of WinGo/Agent.RH
Ikarus	Trojan.WinGo.Agent
Google	Detected
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Wacatac.B!ml
DeepInstinct	MALICIOUS
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.RH!tr
alibabacloud	Trojan:Multi/Agent.RH

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Aug. 1, 2024, 3:06 p.m.	ordinal: 0 function_address: 0x000007fefd6b7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000076d30000		-1073741511	0

lasjdflakdsjf.pdf.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All