Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 7, 2024, 9:52 a.m.	Aug. 7, 2024, 10:03 a.m.

Size	89.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5a5ccdbe3cdd135a57f61138867932a8`
SHA256	`22f91304b04da17a6cb89365ddd5ad39b7bcb6fcf8d82a027381bb97e4ecb217`
CRC32	`9104A843`
ssdeep	`768:dclgS8UuNwcb1iMMfdM3aNXEHcarqfKjJeVIJkfAqWAM/UpbTAPdKKbNW7:7SS2QiMMfdM3aNXmc0eV+kfAL8dWwKRy`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware

193.exe "C:\Users\test22\AppData\Local\Temp\193.exe"
1000

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
115.159.47.193	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Armadillo v1.71

Foreign language identified in PE resource (5 events)

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000159d0

size

0x00000568

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000159d0

size

0x00000568

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00016aa0

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00016aa0

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00016aa0

size

0x00000014

Communicates with host for which no DNS query was performed (1 event)

host

115.159.47.193

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Redosdru.18846
Skyhigh	Trojan-FJYJ!5A5CCDBE3CDD
Cylance	Unsafe
VIPRE	Trojan.Cud.Gen.1
K7AntiVirus	Trojan-Downloader ( 0055e3da1 )
BitDefender	Trojan.Cud.Gen.1
K7GW	Trojan-Downloader ( 0055e3da1 )
Cybereason	malicious.e3cdd1
Arcabit	Trojan.Cud.Gen.1
Baidu	Win32.Trojan-Downloader.Agent.cw
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.BIX
APEX	Malicious
McAfee	Trojan-FJYJ!5A5CCDBE3CDD
Avast	Win32:Malware-gen
ClamAV	Win.Downloader.Farfli-6453698-0
Kaspersky	HEUR:Backdoor.Win32.Generic
Alibaba	Backdoor:Win32/Zlob.180910
NANO-Antivirus	Trojan.Win32.Agent.envewf
MicroWorld-eScan	Trojan.Cud.Gen.1
Rising	Backdoor.Generic!8.CE (TFE:5:baEM1NflA5J)
Emsisoft	Trojan.Cud.Gen.1 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.Packed2.40991
Zillya	Downloader.Agent.Win32.300179
TrendMicro	BKDR_ZEGOST.SM17
McAfeeD	ti!22F91304B04D
FireEye	Generic.mg.5a5ccdbe3cdd135a
Sophos	Troj/AutoG-HV
SentinelOne	Static AI - Malicious PE
Jiangmin	Backdoor.Generic.aczi
Google	Detected
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=87)
Antiy-AVL	Trojan/Win32.SGeneric
Kingsoft	malware.kb.a.1000
Gridinsoft	Trojan.Win32.Agent.vb!s1
Xcitium	TrojWare.Win32.Redosdru.A@5su6ps
Microsoft	Trojan:Win32/Redosdru
ZoneAlarm	HEUR:Backdoor.Win32.Generic
GData	Trojan.Cud.Gen.1
AhnLab-V3	Trojan/Win32.RL_Redosdru.R365250
BitDefenderTheta	Gen:NN.ZexaF.36810.fqX@aaQZsyej
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Dynamer
Ikarus	Trojan-Downloader.Win32.Agent
Panda	Trj/Genetic.gen

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (50 out of 54 events)

dead_host	192.168.56.103:49193
dead_host	192.168.56.103:49181
dead_host	192.168.56.103:49190
dead_host	192.168.56.103:49212
dead_host	192.168.56.103:49162
dead_host	192.168.56.103:49205
dead_host	192.168.56.103:49177
dead_host	192.168.56.103:49186
dead_host	192.168.56.103:49208
dead_host	192.168.56.103:49174
dead_host	192.168.56.103:49201
dead_host	192.168.56.103:49167
dead_host	192.168.56.103:49198
dead_host	192.168.56.103:49170
dead_host	192.168.56.103:49191
dead_host	192.168.56.103:49213
dead_host	192.168.56.103:49163
dead_host	192.168.56.103:49194
dead_host	192.168.56.103:49182
dead_host	192.168.56.103:49187
dead_host	115.159.47.193:80
dead_host	192.168.56.103:49209
dead_host	192.168.56.103:49175
dead_host	192.168.56.103:49206
dead_host	192.168.56.103:49164
dead_host	192.168.56.103:49178
dead_host	192.168.56.103:49199
dead_host	192.168.56.103:49171
dead_host	192.168.56.103:49188
dead_host	192.168.56.103:49202
dead_host	192.168.56.103:49195
dead_host	192.168.56.103:49183
dead_host	192.168.56.103:49184
dead_host	192.168.56.103:49214
dead_host	192.168.56.103:49172
dead_host	192.168.56.103:49207
dead_host	192.168.56.103:49165
dead_host	192.168.56.103:49179
dead_host	192.168.56.103:49196
dead_host	192.168.56.103:49210
dead_host	192.168.56.103:49168
dead_host	192.168.56.103:49189
dead_host	192.168.56.103:49203
dead_host	192.168.56.103:49192
dead_host	192.168.56.103:49180
dead_host	192.168.56.103:49185
dead_host	192.168.56.103:49215
dead_host	192.168.56.103:49173
dead_host	192.168.56.103:49204
dead_host	192.168.56.103:49176

193.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All