Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 10:09
vdfsh12.exe
09.20 10:09
vsg15.exe
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe

Latest News
09.20 10:09
Apple iPhone 16 Reache...
09.20 10:09
에그, '에그제트(eggz) 문빔건메탈'...
09.20 10:09
Meituan’s 63% Stock Su...
09.20 09:09
케이케이소프트, '스타트업 창업 성공 노...
09.20 09:09
한성정보기술, 지능형 CCTV 배회·침입...
09.20 09:09
'Marko Polo' hackers f...
09.20 09:09
Only 1/3 of businesses...
09.20 09:09
한국능률교육평가원, 무료 수강 진행......
09.20 09:09
일본구매대행 사이트 재팬스타일, 스트릿 ...
09.20 09:09
윤솔에프앤씨, 여성UP엑스포서 혁신적인 ...

Summary | ZeroBOX

payload.exe

Metasploit Generic Malware PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 4, 2024, 10:05 a.m.	Sept. 4, 2024, 10:17 a.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`ca6ae34bf2b35aacb25a27f94fb1f7d5`
SHA256	`fc69cdadc5ef79a1ba2b40189ecd6af230b7d9e8076f98f9fbb7a880b2b1b236`
CRC32	`B0AD1B8C`
ssdeep	`24:eFGStrJ9u0/6RPnZdkBQAV2oYjGKLqAgeNDMSCvOXpmB:is0UrkBQvCggSD9C2kB`
Yara	Windows_Trojan_Metasploit_91bc5d7d - (no description) PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware

payload.exe "C:\Users\test22\AppData\Local\Temp\payload.exe"
2632

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
144.34.162.13	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.lhjl

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 4, 2024, 9:58 a.m.	stacktrace: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x76cba404 payload+0x41fe @ 0x1400041fe 0x7fffffdf250 0x12f708 0x12f740 payload+0x41fe @ 0x1400041fe 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65 exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 exception.instruction: push rsp exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 697348 exception.address: 0x76cba404 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 5368726014 registers.rbx: 0 registers.rsp: 1244152 registers.r11: 514 registers.r8: 1242888 registers.r9: 1242944 registers.rdx: 8796092887632 registers.r12: 1244576 registers.rbp: 5368725514 registers.rdi: 88 registers.rax: 1993057284 registers.r13: 1244584	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host

144.34.162.13

File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Metasploit.4!c
Elastic	Windows.Trojan.Metasploit
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Metasploit.S9212471
Skyhigh	BehavesLike.Win64.Infected.zz
ALYac	Trojan.Metasploit.A
Cylance	Unsafe
VIPRE	Trojan.Metasploit.A
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 004fae881 )
BitDefender	Trojan.Metasploit.A
K7GW	Trojan ( 004fae881 )
Cybereason	malicious.bf2b35
Arcabit	Trojan.Metasploit.A
VirIT	Trojan.Win32.Generic.BZPS
Symantec	Meterpreter
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
McAfee	Trojan-FJIN!CA6AE34BF2B3
Avast	Win32:MsfShell-V [Hack]
ClamAV	Win.Malware.Metasploit-10022275-0
Kaspersky	HEUR:Trojan.Win64.Packed.gen
Alibaba	Trojan:Win32/CobaltStrike.5f03
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
MicroWorld-eScan	Trojan.Metasploit.A
Rising	Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft	Trojan.Metasploit.A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
DrWeb	BackDoor.Shell.244
McAfeeD	Real Protect-LS!CA6AE34BF2B3
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.ca6ae34bf2b35aac
Sophos	ATK/Meter-A
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Generic.auyjj
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
MAX	malware (ai score=80)
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	Win64.Trojan.Packed.gen
Gridinsoft	Trojan.Win64.Gen.tr
Microsoft	Trojan:Win64/Metasploit!pz
ViRobot	Trojan.Win.Z.Metasploit.7168.FCN
ZoneAlarm	HEUR:Trojan.Win64.Packed.gen
GData	Win32.Backdoor.Rozena.SGQFVT
Varist	W64/Rozena.IG
AhnLab-V3	Trojan/Win32.RL_Generic.R357794
Acronis	suspicious

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 events)

dead_host	192.168.56.101:49161
dead_host	144.34.162.13:3333