Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 14, 2024, 1:22 p.m.	Aug. 14, 2024, 1:27 p.m.

Size	26.9MB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`1e0a83fac6922bde341193e7085a6f33`
SHA256	`2295878561b60d1c5470bd23a4a49091620aad27dce4ad1ff63026d88a4c7944`
CRC32	`D494850F`
ssdeep	`196608:RJwbZldnAKKLBKTOXvzNGSiBXKDCJ5BPOWI+kEiTXh:rEd6LEXcCJDO8kE8h`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature ftp_command - ftp command Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) wget_command - wget command UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

ngrok86.exe "C:\Users\test22\AppData\Local\Temp\ngrok86.exe"
300

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (42 events)

Time & API	Arguments	Status	Return
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: fatal error: console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: bcryptprimitives.dll not found console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime: panic before malloc heap initialized console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime stack: console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime.throw console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x1033117 console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x1e console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime/panic.go console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x4d console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: fp= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x18fea8 console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: sp= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x18fe94 console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: pc= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x442b3d console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime.loadOptionalSyscalls console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime/os_windows.go console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x33d console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: fp= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x18fec8 console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: sp= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x18fea8 console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: pc= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x43e5bd console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime.osinit console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime/os_windows.go console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x3f console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: fp= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x18ff00 console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: sp= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x18fec8 console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: pc= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x43eb5f console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime.rt0_go console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: runtime/asm_386.s console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x15a console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: fp= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x18ff04 console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: sp= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x18ff00 console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: pc= console_handle: 0x0000000b	1	1
WriteConsoleA Aug. 14, 2024, 1:22 p.m.	buffer: 0x47d59a console_handle: 0x0000000b	1	1

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

File has been identified by 17 AntiVirus engines on VirusTotal as malicious (17 events)

Skyhigh	Artemis
Sangfor	Trojan.Win32.Ngrok.Vr62
ESET-NOD32	a variant of WinGo/Ngrok.B potentially unsafe
McAfee	Artemis!1E0A83FAC692
Avast	Win32:Malware-gen
Kaspersky	not-a-virus:HEUR:NetTool.Multi.Ngrok.a
Sophos	Generic Reputation PUA (PUA)
Webroot	Pua.Ngrok
Google	Detected
ZoneAlarm	not-a-virus:HEUR:NetTool.Multi.Ngrok.a
Varist	W32/ABApplication.YCNA-5126
DeepInstinct	MALICIOUS
Malwarebytes	RiskWare.Ngrok
MaxSecure	Trojan.Malware.234992274.susgen
Fortinet	Adware/Ngrok
AVG	Win32:Malware-gen
Paloalto	generic.ml

ngrok86.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All