popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66e014874bec8_w9.exe#kis9

RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 11, 2024, 10:36 a.m. Sept. 11, 2024, 10:45 a.m.
Size 604.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d6c976ddbf72de3a56834b7583f7f7cc
SHA256 aec7e3fb06fb52f6745e311c428031dabd4130aee6e254fe3fc8d42eeccf22aa
CRC32 148A62E5
ssdeep 12288:4h1Lk70TnvjcI2Pn9TUk3UTamKeRp+TPK2zhK38lbgAE4h7kN:kk70TrcI2P9TUk3UTzoZtsN
PDB Path
Yara
  • Malicious_Library_Zero - Malicious_Library
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • PE_Header_Zero - PE File Signature
  • UltraVNC_Zero - UltraVNC
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
89.105.223.249 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49163 -> 89.105.223.249:29986 2054404 ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI) A Network Trojan was detected

Suricata TLS

No Suricata TLS

pdb_path
section {u'size_of_data': u'0x00075200', u'virtual_address': u'0x00026000', u'entropy': 7.569627562416809, u'name': u'.rsrc', u'virtual_size': u'0x000751e8'} entropy 7.56962756242 description A section with a high entropy has been found
entropy 0.776304888152 description Overall entropy of this PE file is high
host 89.105.223.249
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.RedLine.i!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Generic.jc
ALYac IL:Trojan.MSILZilla.85810
Cylance Unsafe
VIPRE IL:Trojan.MSILZilla.85810
Sangfor Spyware.Msil.Redline.Vpna
BitDefender IL:Trojan.MSILZilla.85810
Cybereason malicious.dbf72d
Arcabit IL:Trojan.MSILZilla.D14F32
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of MSIL/Spy.RedLine.A
APEX Malicious
Avast Win32:Malware-gen
Kaspersky Trojan-PSW.MSIL.Reline.xmt
Alibaba Trojan:MSIL/Generic.df28a28b
MicroWorld-eScan IL:Trojan.MSILZilla.85810
Emsisoft IL:Trojan.MSILZilla.85810 (B)
F-Secure Trojan.TR/Spy.RedLine.wojjh
DrWeb Trojan.PWS.RedLineNET.16
TrendMicro Trojan.Win32.PRIVATELOADER.YXEIJZ
McAfeeD Real Protect-LS!D6C976DDBF72
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.d6c976ddbf72de3a
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Webroot W32.Trojan.MSILZilla
Google Detected
Avira TR/Spy.RedLine.wojjh
MAX malware (ai score=80)
Kingsoft malware.kb.a.990
Gridinsoft Ransom.Win32.Wacatac.sa
Microsoft Trojan:MSIL/RedLineStealer.KAF!MTB
ZoneAlarm Trojan-PSW.MSIL.Reline.xmt
GData IL:Trojan.MSILZilla.85810
McAfee Artemis!D6C976DDBF72
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.4219580674
Ikarus Trojan.SuspectCRC
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win32.PRIVATELOADER.YXEIJZ
huorong TrojanSpy/RedLine.q
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/RedLine.A!tr.spy
AVG Win32:Malware-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_60% (D)