Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 4, 2024, 1:19 p.m.	Aug. 4, 2024, 1:56 p.m.

Size	4.1MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`35a8e22dd6eafbae106923d23eecded3`
SHA256	`98513ceab91cd867d161f67c96075e4827c75119d5723e3c5644b733aedc492a`
CRC32	`D24C3C19`
ssdeep	`98304:23JB9kGb8Uj1xieQS8Yvhi7leY1IAApR8LTPYaPtn:pGAUj18lZohAkrAGR8HDt`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file

345.exe "C:\Users\test22\AppData\Local\Temp\345.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00414e00', u'virtual_address': u'0x00747000', u'entropy': 7.8931184711989975, u'name': u'UPX1', u'virtual_size': u'0x00415000'}

entropy

7.8931184712

description

A section with a high entropy has been found

entropy

0.999880382775

description

Overall entropy of this PE file is high

The executable is compressed using UPX (3 events)

section	UPX0	description	Section name indicates UPX
section	UPX1	description	Section name indicates UPX
section	UPX2	description	Section name indicates UPX

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Aug. 4, 2024, 1:12 p.m.	ordinal: 0 function_address: 0x000007fefd6b7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000076d30000		-1073741511	0

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W64.AIDetectMalware
Lionic	Hacktool.Win32.Marte.3!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.CoinMiner.rc
ALYac	Generic.Application.Revhell.Marte.A.542B6EF0
Cylance	Unsafe
VIPRE	Generic.Application.Revhell.Marte.A.542B6EF0
Sangfor	Hacktool.Win64.Reversessh.Vly9
BitDefender	Generic.Application.Revhell.Marte.A.542B6EF0
Cybereason	malicious.dd6eaf
Arcabit	Generic.Application.Revhell.Marte.A.542B6EF0
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/HackTool.ReverseSsh.E.gen
APEX	Malicious
McAfee	Artemis!35A8E22DD6EA
Avast	Win64:HacktoolX-gen [Trj]
ClamAV	Multios.Webshell.Supershell-10011593-0
Kaspersky	UDS:Backdoor.Win64.Supershell
Alibaba	HackTool:Win64/SuperShell.8fdeb985
MicroWorld-eScan	Generic.Application.Revhell.Marte.A.542B6EF0
Rising	HackTool.ReverseSSH!1.EA42 (CLOUD)
Emsisoft	Generic.Application.Revhell.Marte.A.542B6EF0 (B)
F-Secure	Trojan.TR/Redcap.qigbp
TrendMicro	TROJ_GEN.R002C0DH324
McAfeeD	ti!98513CEAB91C
FireEye	Generic.mg.35a8e22dd6eafbae
Ikarus	Trojan.WinGo.Agent
Google	Detected
Avira	TR/Redcap.qigbp
Antiy-AVL	GrayWare/Win32.Kryptik.ffp
Kingsoft	Win64.HackTool.ReverseSSH.gen
Gridinsoft	Hack.Win64.Patcher.sa
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	HEUR:HackTool.Win64.ReverseSSH.gen
GData	Generic.Application.Revhell.Marte.A.542B6EF0
Varist	W64/Agent.FXW.gen!Eldorado
AhnLab-V3	Trojan/Win.SuperShell.R657922
DeepInstinct	MALICIOUS
TrendMicro-HouseCall	TROJ_GEN.R002C0DH324
Tencent	Win64.Hacktool.Reversessh.Ikjl
MAX	malware (ai score=83)
Fortinet	Adware/ReverseSsh
AVG	Win64:HacktoolX-gen [Trj]
alibabacloud	Backdoor:Multi/Supershell

345.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All