popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66bf353c38733_Grids.exe

Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE64 PE File dll OS Processor Check DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 19, 2024, 2:10 p.m. Aug. 19, 2024, 3:04 p.m.
Size 21.3MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 efd6377cf1f3e1efd885db9343a9a686
SHA256 a461cb4287fb32a2b34bb3ad04c1535f009887189c35bb1fb945b2e3735351bf
CRC32 3606FFE7
ssdeep 98304:nU2cl1gL63HtoMuyNO9Oq6C7k5H43mhS9EogmZXrppEzkkw0IuP7uypNdh26Alp+:U2c3s16C7mlS2otXIRj3pw/c1cEVv
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.symbol:
        
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.address:
        0x0
        

      
    
  
    
      
        registers.r14:
        5386473184
        

      
        registers.r15:
        0
        

      
        registers.rcx:
        -1
        

      
        registers.rsi:
        2750465
        

      
        registers.r10:
        3221225480
        

      
        registers.rbx:
        -10000
        

      
        registers.rsp:
        2750792
        

      
        registers.r11:
        514
        

      
        registers.r8:
        2750832
        

      
        registers.r9:
        350
        

      
        registers.rdx:
        0
        

      
        registers.r12:
        2751360
        

      
        registers.rbp:
        2750856
        

      
        registers.rdi:
        5365567840
        

      
        registers.rax:
        0
        

      
        registers.r13:
        5439248
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x000fe200', u'virtual_address': u'0x01493000', u'entropy': 7.058272731951757, u'name': u'.rsrc', u'virtual_size': u'0x000fe006'}
                                        
                                    
                                        
                                            entropy
                                            7.05827273195
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    Bkav
                                    W64.AIDetectMalware
                                    
                                


                            

                        

                            

                                

                                    Lionic
                                    Trojan.Win32.Agent.Y!c
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 99)
                                    
                                


                            

                        

                            

                                

                                    Sangfor
                                    Trojan.Win32.Agent.Vdsi
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win64:Malware-gen
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    Trojan.MSIL.Agent.qwiuzp
                                    
                                


                            

                        

                            

                                

                                    F-Secure
                                    Trojan.TR/Agent.avpom
                                    
                                


                            

                        

                            

                                

                                    TrendMicro
                                    Trojan.Win64.PRIVATELOADER.YXEHPZ
                                    
                                


                            

                        

                            

                                

                                    McAfeeD
                                    ti!A461CB4287FB
                                    
                                


                            

                        

                            

                                

                                    Sophos
                                    Mal/Generic-S
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    Avira
                                    TR/Agent.avpom
                                    
                                


                            

                        

                            

                                

                                    Antiy-AVL
                                    Trojan/Win32.Wacatac
                                    
                                


                            

                        

                            

                                

                                    Kingsoft
                                    MSIL.Trojan.Agent.qwiuzp
                                    
                                


                            

                        

                            

                                

                                    Gridinsoft
                                    Spy.Win64.Gen.tr
                                    
                                


                            

                        

                            

                                

                                    Microsoft
                                    Trojan:Win32/Wacatac.B!ml
                                    
                                


                            

                        

                            

                                

                                    ZoneAlarm
                                    Trojan.MSIL.Agent.qwiuzp
                                    
                                


                            

                        

                            

                                

                                    DeepInstinct
                                    MALICIOUS
                                    
                                


                            

                        

                            

                                

                                    Ikarus
                                    Trojan.WinGo.Agent
                                    
                                


                            

                        

                            

                                

                                    TrendMicro-HouseCall
                                    Trojan.Win64.PRIVATELOADER.YXEHPZ
                                    
                                


                            

                        

                            

                                

                                    Fortinet
                                    W64/Agent.VY!tr
                                    
                                


                            

                        

                            

                                

                                    AVG
                                    Win64:Malware-gen
                                    
                                


                            

                        

                            

                                

                                    alibabacloud
                                    Trojan:MSIL/Sabsik.RF