popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66ebf725efe38_lyla.exe

Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File DLL PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 20, 2024, 10:32 a.m. Sept. 20, 2024, 10:48 a.m.
Size 6.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 117cd56896073eaa680d408fe7fb51c8
SHA256 9b985f2af040a18f231b1c4851365e8f10a5ef394f455306fdc8f395b374f01e
CRC32 B0FC9867
ssdeep 49152:KfuaMm44Xnz/IYkmjVcIhGWczrYfRX9Iu14k85M7xgc6jbb36ST9llys58JLNQuC:WzRkmELkpX9RFXEb36Y9l9201LcDS
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
tventyvd20vt.top
A 5.53.124.195
5.53.124.195
IP Address Status Action
164.124.101.2 Active Moloch
5.53.124.195 Active Moloch

suspicious_features POST method with no referer header suspicious_request POST http://tventyvd20vt.top/v1/upload.php
request POST http://tventyvd20vt.top/v1/upload.php
request POST http://tventyvd20vt.top/v1/upload.php
file C:\Users\test22\AppData\Local\Temp\service123.exe
file C:\Users\test22\AppData\Local\Temp\uQfmSSsJtzuLZuoqwBDR.dll
section {u'size_of_data': u'0x000e2400', u'virtual_address': u'0x00b37000', u'entropy': 6.841548012813156, u'name': u'.reloc', u'virtual_size': u'0x000e22e4'} entropy 6.84154801281 description A section with a high entropy has been found
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.CryptBot.4!c
CAT-QuickHeal Trojan.Cryptbot
Skyhigh BehavesLike.Win32.Dropper.vh
ALYac Generic.Dacic.3683.321E13A6
Cylance Unsafe
VIPRE Generic.Dacic.3683.321E13A6
Sangfor Infostealer.Win32.Cryptbot.Veua
CrowdStrike win/malicious_confidence_60% (D)
BitDefender Generic.Dacic.3683.321E13A6
K7GW Password-Stealer ( 0054cf561 )
K7AntiVirus Password-Stealer ( 0054cf561 )
Arcabit Generic.Dacic.3683.321E13A6
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/PSW.Agent.OGR
APEX Malicious
Avast Win32:Evo-gen [Trj]
ClamAV Win.Malware.Barys-10032866-0
Alibaba TrojanPSW:Win32/CryptBot.ea1bcb38
MicroWorld-eScan Generic.Dacic.3683.321E13A6
Rising Trojan.CryptBot!8.19865 (TFE:5:du8Y4XG1zuF)
Emsisoft Generic.Dacic.3683.321E13A6 (B)
F-Secure Trojan.TR/PSW.Agent.owqqw
TrendMicro Trojan.Win32.PRIVATELOADER.YXEIRZ
McAfeeD ti!9B985F2AF040
CTX exe.trojan.generic
Sophos Mal/Generic-S
FireEye Generic.Dacic.3683.321E13A6
Webroot W32.PRIVATELOADER.YXEIRZ
Google Detected
Avira TR/PSW.Agent.owqqw
Antiy-AVL Trojan/Win32.Cryptbot
Kingsoft Win32.Trojan-PSW.Cryptnot.ddq
Gridinsoft Trojan.Win32.CryptBot.tr
Xcitium Malware@#n6odze40f4ds
Microsoft Trojan:Win32/CryptBot.CCJD!MTB
ViRobot Trojan.Win.Z.Agent.6630801
GData Win32.Trojan-Spy.Agent.BQV
Varist W32/Agent.JHH.gen!Eldorado
AhnLab-V3 Trojan/Win.CryptBot.C5659071
McAfee Artemis!117CD5689607
DeepInstinct MALICIOUS
VBA32 TrojanRansom.Stop
Malwarebytes Spyware.Stealer
Ikarus Trojan-PSW.Agent
Panda Trj/GdSda.A
TrendMicro-HouseCall Trojan.Win32.PRIVATELOADER.YXEIRZ
Tencent Trojan.Win32.Agent.16001366
Fortinet W32/Agent.OGR!tr