popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66e2d83e11e31_lyla3.exe

Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File DLL PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 13, 2024, 9:33 a.m. Sept. 13, 2024, 9:47 a.m.
Size 6.4MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 71d70566c254e26ed24562820527d5a9
SHA256 d023e36b94854155912beea0b7120983c0584c476404d3cef87f5dfcd4899439
CRC32 C31A4811
ssdeep 98304:SCJCPBqQ56D35j1ZFrJtFZwVlm5HlxozWEORiDTUNrc3qlR:SfPB556D3JyCHl26IDTUNdlR
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
tventyvd20ht.top
A 194.87.248.136
194.87.248.136
IP Address Status Action
164.124.101.2 Active Moloch
194.87.248.136 Active Moloch

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: WARNING: Task may not run because /ST is earlier than current time.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: SUCCESS: The scheduled task "ServiceData4" has successfully been created.
console_handle: 0x00000007
1 1 0
suspicious_features POST method with no referer header suspicious_request POST http://tventyvd20ht.top/v1/upload.php
request POST http://tventyvd20ht.top/v1/upload.php
request POST http://tventyvd20ht.top/v1/upload.php
file C:\Users\test22\AppData\Local\Temp\service123.exe
file C:\Users\test22\AppData\Local\Temp\YucxOllQDqxHqbsZWekA.dll
section {u'size_of_data': u'0x000e2c00', u'virtual_address': u'0x00b39000', u'entropy': 6.841597148781801, u'name': u'.reloc', u'virtual_size': u'0x000e2ad0'} entropy 6.84159714878 description A section with a high entropy has been found
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
ALYac Generic.Dacic.3704.A572C03C
Cylance Unsafe
VIPRE Generic.Dacic.3704.A572C03C
Sangfor Infostealer.Win32.Cryptbot.Vjio
K7AntiVirus Password-Stealer ( 0054cf561 )
BitDefender Generic.Dacic.3704.A572C03C
K7GW Password-Stealer ( 0054cf561 )
Arcabit Generic.Dacic.3704.A572C03C
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/PSW.Agent.OGR
APEX Malicious
Avast Win32:Evo-gen [Trj]
ClamAV Win.Malware.Barys-10032866-0
Kaspersky Trojan-PSW.Win32.Cryptnot.cyj
Alibaba TrojanPSW:Win32/CryptBot.0b139dae
MicroWorld-eScan Generic.Dacic.3704.A572C03C
Rising Trojan.CryptBot!8.19865 (TFE:5:du8Y4XG1zuF)
Emsisoft Generic.Dacic.3704.A572C03C (B)
DrWeb Trojan.PWS.Stealer.39980
McAfeeD ti!D023E36B9485
CTX exe.trojan.stealer
Sophos Mal/Generic-S
FireEye Generic.Dacic.3704.A572C03C
Webroot W32.ChePro
Google Detected
Avira TR/PSW.Agent.xuseq
Antiy-AVL Trojan/Win32.Cryptbot
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Trojan.Win32.CryptBot.tr
Microsoft Trojan:Win32/CryptBot.CCJD!MTB
ZoneAlarm Trojan-PSW.Win32.Cryptnot.cyj
GData Win32.Trojan.PSE.1BPFXUZ
Varist W32/Agent.JHG.gen!Eldorado
AhnLab-V3 Infostealer/Win.CryptBot.R661185
McAfee Artemis!71D70566C254
DeepInstinct MALICIOUS
Malwarebytes Spyware.Stealer
Ikarus Trojan-PSW.Agent
Panda Trj/Genetic.gen
TrendMicro-HouseCall Trojan.Win32.PRIVATELOADER.YXEILZ
Tencent Trojan.Win32.Agent.16001366
huorong TrojanSpy/Stealer.lt
Fortinet W32/Agent.OGR!tr
AVG Win32:Evo-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_60% (D)
alibabacloud Trojan[stealer]:Win/CryptBot.CWU!3DGW