popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

help.exe

Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 25, 2024, 6:42 p.m. Aug. 25, 2024, 7:06 p.m.
Size 19.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 d0ad1150a2e7c9699e00e265bf46d236
SHA256 31eb20b5c7a48b125b80229b085e19088463e388f8a76e948e37b8c40aad1ecd
CRC32 463D07F8
ssdeep 192:KV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/21RlxEWF8qa1Dojjgi:kqaCF31cix+Dc4zjcxFF46gi
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
106.15.67.102 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x560030
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c

exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed
exception.instruction: lodsb al, byte ptr [rsi]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x560030
registers.r14: 1453503984
registers.r15: 0
registers.rcx: 110
registers.rsi: 110
registers.r10: 0
registers.rbx: 5636566
registers.rsp: 9436264
registers.r11: 514
registers.r8: 8791734886664
registers.r9: 0
registers.rdx: 1994794592
registers.r12: 0
registers.rbp: 5636106
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x0000000000560000
process_handle: 0xffffffffffffffff
1 0 0
host 106.15.67.102
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.CobaltStrike.4!c
Elastic Windows.Trojan.CobaltStrike
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.lm
ALYac Dump:Generic.ShellCode.Marte.2.5309A305
Cylance Unsafe
VIPRE Dump:Generic.ShellCode.Marte.2.5309A305
Sangfor Trojan.Win32.CobaltStrike
K7AntiVirus Trojan ( 0058fadf1 )
BitDefender Dump:Generic.ShellCode.Marte.2.5309A305
K7GW Riskware ( abcd70071 )
Cybereason malicious.0a2e7c
Arcabit Dump:Generic.ShellCode.Marte.2.5309A305
VirIT Trojan.Win64.Genus.BRF
Symantec Backdoor.Cobalt
ESET-NOD32 a variant of Win64/CobaltStrike.Artifact.A
APEX Malicious
McAfee CobaltStrike-so!D0AD1150A2E7
Avast Win64:Evo-gen [Trj]
ClamAV Win.Trojan.CobaltStrike-9044898-1
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Backdoor:Win64/Artifact.dd5ae807
MicroWorld-eScan Dump:Generic.ShellCode.Marte.2.5309A305
Rising Backdoor.CobaltStrike/x64!1.E382 (CLASSIC)
Emsisoft Dump:Generic.ShellCode.Marte.2.5309A305 (B)
F-Secure Heuristic.HEUR/AGEN.1345031
DrWeb BackDoor.CobaltStrike.46
TrendMicro Backdoor.Win64.COBEACON.SMA
McAfeeD ti!31EB20B5C7A4
FireEye Generic.mg.d0ad1150a2e7c969
Sophos ATK/Cobalt-A
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.CozyDuke.dk
Google Detected
Avira HEUR/AGEN.1345031
MAX malware (ai score=82)
Antiy-AVL RiskWare/Win64.Artifact
Kingsoft malware.kb.a.849
Gridinsoft Trojan.Win64.CobaltStrike.tr
Microsoft Backdoor:Win64/CobaltStrike!pz
ZoneAlarm HEUR:Trojan.Win64.CobaltStrike.gen
GData MSIL.Backdoor.Rozena.7EPPI8
Varist W64/Kryptik.GRO
AhnLab-V3 Malware/Win64.RL_Backdoor.R363496
TACHYON Trojan/W64.CobaltStrike.19456
DeepInstinct MALICIOUS
VBA32 Backdoor.Win64.CobaltStrike
Malwarebytes Generic.Malware.AI.DDS
Ikarus Trojan.Win64.Cobaltstrike
dead_host 192.168.56.101:49171
dead_host 192.168.56.101:49170
dead_host 192.168.56.101:49167
dead_host 192.168.56.101:49169
dead_host 192.168.56.101:49166
dead_host 192.168.56.101:49165
dead_host 192.168.56.101:49164
dead_host 106.15.67.102:80
dead_host 192.168.56.101:49173
dead_host 192.168.56.101:49172