Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 5, 2024, 10:40 a.m.	Aug. 5, 2024, 11:11 a.m.

Size	67.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`dc5648020ee3e38a8b716d0f9d2faac2`
SHA256	`aeb1335197aa4892b058ff77c3de3df9f87eac358fd814f991498e829f323c64`
CRC32	`5237ECD2`
ssdeep	`1536:4wJQRNWLONcAek9DO73v8KAS37t8vayovKQy52oZUIB:4tPNxet73vWmKtiKQDoZU`
Yara	Malicious_Library_Zero - Malicious_Library NMap - NMAP PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

nc.exe "C:\Users\test22\AppData\Local\Temp\nc.exe"
2052

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
45.137.64.40	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleA Aug. 5, 2024, 10:40 a.m.	buffer: Cmd line: console_handle: 0x0000000b	1	1	0

The executable uses a known packer (1 event)

packer

Armadillo v1.71

Communicates with host for which no DNS query was performed (1 event)

host

45.137.64.40

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

192.168.56.103:49172

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.AIDetectMalware
Lionic	Riskware.Win32.Agobot.1!c
Elastic	malicious (high confidence)
Skyhigh	BehavesLike.Win32.Gaobot.km
ALYac	Trojan.GenericKD.4899222
Cylance	Unsafe
VIPRE	Trojan.GenericKD.4899222
Sangfor	Riskware.Win32.Netcat.Uvx0
K7AntiVirus	Unwanted-Program ( 004b9bc11 )
BitDefender	Trojan.GenericKD.4899222
K7GW	Unwanted-Program ( 004b9bc11 )
Cybereason	malicious.20ee3e
Arcabit	Trojan.Generic.D4AC196
VirIT	Worm.Win32.Agobot.HYX
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/RemoteAdmin.NetCat.AB potentially unsafe
McAfee	RDN/RemAdm-Generic
Avast	Win32:Evo-gen [Trj]
ClamAV	Win.Worm.Agobot-238
Kaspersky	not-a-virus:HEUR:NetTool.Win32.NetCat.gen
NANO-Antivirus	Trojan.Win32.Agobot.eaxow
MicroWorld-eScan	Trojan.GenericKD.4899222
Rising	Trojan.Win32.Generic.18FDFE02 (C64:YzY0Ojzyy1LXh3Ea)
Emsisoft	Trojan.GenericKD.4899222 (B)
DrWeb	Tool.Netcat.220
Zillya	Backdoor.Agobot.Win32.2448
TrendMicro	BKDR_AGOBOT.LKG
McAfeeD	ti!AEB1335197AA
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.dc5648020ee3e38a
Sophos	Generic Reputation PUA (PUA)
Ikarus	Backdoor.Win32.Agobot
Jiangmin	Backdoor/Agobot.apg
Webroot	W32.Heuristic.Gen
Google	Detected
Antiy-AVL	Trojan[Backdoor]/Win32.Agobot
Kingsoft	malware.kb.a.977
Xcitium	Malware@#hxx6o6x3hn8s
Microsoft	Trojan:Win32/Tiggre!rfn
ViRobot	Backdoor.Win32.A.Agobot.71816
ZoneAlarm	not-a-virus:HEUR:NetTool.Win32.NetCat.gen
GData	Trojan.GenericKD.4899222
TACHYON	Backdoor/W32.IRCBot.68608.O
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Shelma
Malwarebytes	Malware.AI.4257443445
Panda	Trj/CI.A
TrendMicro-HouseCall	BKDR_AGOBOT.LKG
Tencent	Malware.Win32.Gencirc.1194dc90
Yandex	Trojan.GenAsa!DxFTqIwIx+4

nc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All