Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 4, 2024, 10:05 a.m.	Sept. 4, 2024, 10:09 a.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`6c098287139a5808d04237dd4cdaec3f`
SHA256	`53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787`
CRC32	`D1E5942E`
ssdeep	`24:eFGStrJ9u0/68nRnZdEBQAVr5ZuqknPzS2QUNSwlZpcnUpmB:is0lnhEBQcynu2QUPlZpcn3B`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

1_encoded.exe "C:\Users\test22\AppData\Local\Temp\1_encoded.exe"
2592

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.uqso

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 4, 2024, 9:58 a.m.	stacktrace: 1_encoded+0x4013 @ 0x140004013 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 0xffff000000000000 exception.instruction_r: 31 43 13 03 80 07 91 80 dd f1 8c 1f c5 f5 71 d3 exception.symbol: 1_encoded+0x4013 exception.instruction: xor dword ptr [rbx + 0x13], eax exception.module: 1_encoded.exe exception.exception_code: 0xc0000005 exception.offset: 16403 exception.address: 0x140004013 registers.r14: 0 registers.r15: 0 registers.rcx: 142 registers.rsi: 0 registers.r10: 0 registers.rbx: 1073758212 registers.rsp: 1245032 registers.r11: 0 registers.r8: 8796092870656 registers.r9: 5368725504 registers.rdx: 5368725504 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1970476227 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Sept. 4, 2024, 9:58 a.m.

stacktrace:

1_encoded+0x4013 @ 0x140004013
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000
0xffff000000000000

exception.instruction_r: 31 43 13 03 80 07 91 80 dd f1 8c 1f c5 f5 71 d3
exception.symbol: 1_encoded+0x4013
exception.instruction: xor dword ptr [rbx + 0x13], eax
exception.module: 1_encoded.exe
exception.exception_code: 0xc0000005
exception.offset: 16403
exception.address: 0x140004013
registers.r14: 0
registers.r15: 0
registers.rcx: 142
registers.rsi: 0
registers.r10: 0
registers.rbx: 1073758212
registers.rsp: 1245032
registers.r11: 0
registers.r8: 8796092870656
registers.r9: 5368725504
registers.rdx: 5368725504
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1970476227
registers.r13: 0

File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Metasploit.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Metasploit.S9212471
Skyhigh	BehavesLike.Win64.Infected.zz
ALYac	Trojan.Metasploit.A
Cylance	Unsafe
VIPRE	Trojan.Metasploit.A
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 004fae881 )
BitDefender	Trojan.Metasploit.A
K7GW	Trojan ( 004fae881 )
Cybereason	malicious.7139a5
Arcabit	Trojan.Metasploit.A
VirIT	Trojan.Win32.Generic.BZPS
Symantec	Meterpreter
ESET-NOD32	a variant of Win64/Rozena.J
APEX	Malicious
McAfee	Trojan-FJIN!6C098287139A
Avast	Win32:ShikataGaNai-B [Trj]
ClamAV	Win.Trojan.MSShellcode-6360728-0
Kaspersky	HEUR:Trojan.Win64.Packed.gen
Alibaba	Trojan:Win64/Meterpreter.8620dc8e
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
MicroWorld-eScan	Trojan.Metasploit.A
Rising	Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft	Trojan.Metasploit.A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
DrWeb	BackDoor.Shell.244
McAfeeD	Real Protect-LS!6C098287139A
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.6c098287139a5808
Sophos	ATK/Swrort-J
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.Metasploit
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
MAX	malware (ai score=88)
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	Win64.Trojan.Packed.gen
Gridinsoft	Trojan.Win64.Gen.tr
Microsoft	Trojan:Win64/Meterpreter!pz
ViRobot	Trojan.Win.Z.Rozena.7168.PZW
ZoneAlarm	HEUR:Trojan.Win64.Packed.gen
GData	Trojan.Metasploit.A
Varist	W64/Rozena.IG
AhnLab-V3	Trojan/Win64.Agent.C2724331
Acronis	suspicious
DeepInstinct	MALICIOUS

1_encoded.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All