Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 5, 2024, 10:34 a.m.	Aug. 5, 2024, 10:55 a.m.

Size	201.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`197f78ed2328b1369153eda070489805`
SHA256	`837dc4e83fcefc8334384c88d672eb2dee31bceb64657ca7bb4322536a810192`
CRC32	`B6B2A074`
ssdeep	`3072:iVLwTJhLB6Da/dJaBITodleeTx0qbhaStTnK65gnF9RzNxEugH8No2:0wTHL8O/dJamodle+0QAonK6ezwH8y2`
PDB Path	C:\Users\Admin\Desktop\masscan-master\bin\masscan.pdb
Yara	ftp_command - ftp command Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Users\Admin\Desktop\masscan-master\bin\masscan.pdb

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0000ec00', u'virtual_address': u'0x00020000', u'entropy': 7.082305164770597, u'name': u'.rdata', u'virtual_size': u'0x0000eaf6'}

entropy

7.08230516477

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00002400', u'virtual_address': u'0x0002f000', u'entropy': 7.187578540717186, u'name': u'.data', u'virtual_size': u'0x00002c38'}

entropy

7.18757854072

description

A section with a high entropy has been found

entropy

0.339152119701

description

Overall entropy of this PE file is high

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Lionic	Hacktool.Win32.Masscan.3!c
Cynet	Malicious (score: 100)
Skyhigh	GenericRXGX-VV!197F78ED2328
ALYac	Generic.Application.Masscan.A.B804044E
Cylance	Unsafe
VIPRE	Generic.Application.Masscan.A.B804044E
Sangfor	PUP.Win32.Masscan.Vh90
K7AntiVirus	Unwanted-Program ( 005437bf1 )
BitDefender	Generic.Application.Masscan.A.B804044E
K7GW	Unwanted-Program ( 005437bf1 )
Cybereason	malicious.d2328b
Arcabit	Generic.Application.Masscan.A.BDC44CCE
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/NetTool.Masscan.A potentially unsafe
APEX	Malicious
McAfee	GenericRXGX-VV!197F78ED2328
Kaspersky	HackTool.Win32.Agent.ahmz
NANO-Antivirus	Trojan.Win32.Ric.iudsyy
MicroWorld-eScan	Generic.Application.Masscan.A.B804044E
Rising	Malware.Heuristic!ET#92% (C64:YzY0OrH7+0cfq2oQ)
Emsisoft	Generic.Application.Masscan.A.B804044E (B)
Zillya	Tool.Agent.Win32.24410
TrendMicro	TROJ_GEN.R06BC0DBT24
McAfeeD	ti!837DC4E83FCE
FireEye	Generic.Application.Masscan.A.B804044E
Sophos	Generic Reputation PUA (PUA)
Jiangmin	HackTool.Agent.dix
Webroot	W32.Adware.Gen
MAX	malware (ai score=100)
Antiy-AVL	HackTool/Win32.Agent
Kingsoft	Win32.HackTool.Agent.ahmz
Gridinsoft	Virtool.Win32.AI.cl
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	HackTool.Win32.Agent.ahmz
GData	Generic.Application.Masscan.A.B804044E
AhnLab-V3	HackTool/Win.Portscan.C5599843
BitDefenderTheta	Gen:NN.ZexaF.36810.muW@aSMXYMli
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R06BC0DBT24
MaxSecure	Trojan.Malware.11695537.susgen
CrowdStrike	win/grayware_confidence_60% (W)
alibabacloud	HackTool:Multi/masscan

mass.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All