Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 11, 2024, 10:12 a.m.	Sept. 11, 2024, 10:19 a.m.

Size	15.2MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`ceec513e6f815b3a047e2922a642af77`
SHA256	`07dada9c2301b4684f361eef4d94e7e5f573eae13d65e06043ff1fa1b995aa86`
CRC32	`2B0495F9`
ssdeep	`98304:yd3tJjlWzvw7ULa+rJYGwT5FPi7NgRorWC61vAElaLAVG:yVt5lCivdFPixgCrWC61v5lG`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file

x.exe "C:\Users\test22\AppData\Local\Temp\x.exe"
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
82.153.138.39	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.101:49161 82.153.138.39:8888	None	None	None

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 11, 2024, 10:10 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Sept. 11, 2024, 10:10 a.m.	flags: 16 family: 0	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host

82.153.138.39

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Sept. 11, 2024, 10:10 a.m.	ordinal: 0 function_address: 0x000007fefd6b7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000076d30000		-1073741511	0

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Sliver.4!c
Elastic	Multi.Trojan.Sliver
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Multi
Skyhigh	BehavesLike.Win64.Sliver.wh
ALYac	Dump:Generic.Trojan.Sliver.Marte.F.0F353565
Cylance	Unsafe
VIPRE	Dump:Generic.Trojan.Sliver.Marte.F.0F353565
Sangfor	HackTool.Win32.Sliver_Implant_64bit.uwccg
BitDefender	Dump:Generic.Trojan.Sliver.Marte.F.0F353565
Cybereason	malicious.e6f815
Arcabit	Dump:Generic.Trojan.Sliver.Marte.F.0F353565
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/Agent.LO
APEX	Malicious
Avast	Win64:MalwareX-gen [Trj]
ClamAV	Win.File.Sliver-9942542-0
Kaspersky	HEUR:Trojan.Multi.MalGO.gen
Alibaba	Trojan:Win32/SuspGolang.d7d8daf5
MicroWorld-eScan	Dump:Generic.Trojan.Sliver.Marte.F.0F353565
Rising	Backdoor.Sliver!1.FCA0 (CLASSIC)
Emsisoft	Dump:Generic.Trojan.Sliver.Marte.F.0F353565 (B)
F-Secure	Hack-Tool:W32/SBeacon.A
TrendMicro	Backdoor.Win64.SILVER.SMYXCFWAZ
McAfeeD	ti!07DADA9C2301
FireEye	Dump:Generic.Trojan.Sliver.Marte.F.0F353565
Sophos	ATK/Sliver-B
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.Sliver.Marte.F.0F353
Google	Detected
Avira	HEUR/AGEN.1366847
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Multi.MalGO
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Malware.Win64.Gen.tr
Microsoft	Trojan:Win32/SuspGolang.AG
ZoneAlarm	HEUR:Trojan.Multi.MalGO.gen
GData	Win64.Malware.Sliver.4OPL1Y
Varist	W64/ABApplication.ONSB-7264
AhnLab-V3	Trojan/Win.Sliver.R598949
McAfee	PUP-INQ
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.2108965018
Ikarus	Trojan.WinGo.Shellcoderunner
Panda	Trj/CI.A
Tencent	Win32.Trojan.Malgo.Rzfl
huorong	HEUR:HackTool/Sliver.a
Fortinet	Adware/Agent
AVG	Win64:MalwareX-gen [Trj]

x.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All