popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

RingQ.exe

UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 5, 2024, 9:28 a.m. Aug. 5, 2024, 9:34 a.m.
Size 553.5KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 37dee1de8dfc6871a92f48937810af37
SHA256 c5004bdf7845cddf0075a993b6f8ea8103c6d8fc76ccedc973e2a2bbf465bf9c
CRC32 20B95752
ssdeep 6144:hQoiDwTbrIZWpyboi2E79IX28mAQmFpPuNftHG0CLipmdRR8A/RRcdSd9JwjmXfV:hIDctycgIX/PuNFwLPJwmfLY/
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .00cfg
section .retplne
resource name AVI
resource name XLM
description RingQ.exe tried to sleep 288 seconds, actually delayed analysis time by 0 seconds
name AVI language LANG_CHINESE filetype RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000306a4 size 0x00006400
name XLM language LANG_CHINESE filetype XML 1.0 document, ASCII text sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00036aa4 size 0x00007690
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_ICON language LANG_CHINESE filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0008e850 size 0x00004228
name RT_MENU language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00092a78 size 0x00000022
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00092a9c size 0x0000008e
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00092c4c size 0x0000003e
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00092c4c size 0x0000003e
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00092c8c size 0x000002ac
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Elastic Windows.Hacktool.RingQ
Cynet Malicious (score: 99)
Cylance Unsafe
VIPRE Trojan.GenericKD.73625451
Sangfor Downloader.Win64.Agent.V0lh
K7AntiVirus Trojan-Downloader ( 005b7ba61 )
BitDefender Trojan.GenericKD.73625451
K7GW Trojan-Downloader ( 005b7ba61 )
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/TrojanDownloader.Agent.AVX
APEX Malicious
Avast Win64:DropperX-gen [Drp]
Alibaba TrojanDownloader:Win64/MalwareX.f473d7e2
MicroWorld-eScan Trojan.GenericKD.73625451
Rising Downloader.Agent!8.B23 (TFE:5:SjRX8iBEshN)
Emsisoft Trojan.GenericKD.73625451 (B)
F-Secure Trojan.TR/Dldr.Agent.ynwlh
Zillya Downloader.Agent.Win64.15871
TrendMicro TROJ_GEN.R002C0DH124
McAfeeD ti!C5004BDF7845
FireEye Trojan.GenericKD.73625451
Sophos Mal/Generic-S
Ikarus Trojan.Win64.Agent
Google Detected
Avira TR/Dldr.Agent.ynwlh
MAX malware (ai score=81)
Antiy-AVL GrayWare/Win32.Wacapew
Microsoft TrojanDownloader:Win64/Graftor!MTB
GData Trojan.GenericKD.73625451
Varist W64/ABTrojan.NJBI-6255
AhnLab-V3 Downloader/Win.Generic.C5654305
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.85726027
Panda Trj/GdSda.A
TrendMicro-HouseCall TROJ_GEN.R002C0DH124
Tencent Malware.Win32.Gencirc.10c02059
Fortinet W64/Agent.AVX!tr.dldr
AVG Win64:DropperX-gen [Drp]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_70% (D)
alibabacloud Trojan[downloader]:Win/Agent.AYF