popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 20, 2024, 10:25 a.m. Sept. 20, 2024, 10:27 a.m.
Size 74.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 dc3057afa994be72fc9b1dba3c74feb8
SHA256 ea1fbacd9ffda16764f24885e617ef5a7398917aed09bb494e2965ff33999db9
CRC32 576BA288
ssdeep 768:0dzuv4AJ+FtWh6cVR4U573ZNGJlwTcVV6ZTDu9dybeyVta7NQNGg1Hb/:uCv4AJEsRbAJlwTcVV6ZTDpfYNQNGyb/
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
152.136.44.199 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 152.136.44.199:57687 -> 192.168.56.101:49232 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49224 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49244 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49220 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49172 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49176 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49208 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49248 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49168 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49192 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49188 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49184 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49180 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49196 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49204 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49236 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49240 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49200 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49216 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49212 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode
TCP 152.136.44.199:57687 -> 192.168.56.101:49228 2260001 SURICATA Applayer Wrong direction first Data Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2624
region_size: 266240
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000006e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2624
region_size: 323584
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000730000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
host 152.136.44.199
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Androm.m!c
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Agent
Skyhigh Artemis!Trojan
ALYac Trojan.GenericKD.74100128
VIPRE Trojan.GenericKD.74100128
Sangfor Backdoor.Win64.Androm.Vzak
CrowdStrike win/malicious_confidence_90% (D)
BitDefender Trojan.GenericKD.74100128
K7GW Riskware ( 00584baa1 )
K7AntiVirus Riskware ( 00584baa1 )
Arcabit Trojan.Generic.D46AADA0
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
Kaspersky Backdoor.Win32.Androm.vsnu
Alibaba Backdoor:Win32/Androm.bcfd5893
MicroWorld-eScan Trojan.GenericKD.74100128
Rising Backdoor.Androm!8.113 (CLOUD)
Emsisoft Trojan.GenericKD.74100128 (B)
F-Secure Trojan.TR/AVI.Zeus.fyxdz
McAfeeD ti!EA1FBACD9FFD
Trapmine suspicious.low.ml.score
CTX exe.trojan.androm
Sophos Mal/Generic-S
FireEye Trojan.GenericKD.74100128
Jiangmin Backdoor.Androm.bfii
Google Detected
Avira TR/AVI.Zeus.fyxdz
Antiy-AVL Trojan/Win64.Agent
Kingsoft Win32.Hack.Androm.vsnu
Microsoft Trojan:Win64/CobaltStrike.HA!MTB
ZoneAlarm Backdoor.Win32.Androm.vsnu
GData Trojan.GenericKD.74100128
Varist W64/ABTrojan.FDYF-8511
McAfee Artemis!DC3057AFA994
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware/Suspicious
Ikarus Win32.Outbreak
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H0CIH24
MaxSecure Trojan.Malware.280997344.susgen
Fortinet Malicious_Behavior.SB
AVG Win64:MalwareX-gen [Trj]
Paloalto generic.ml