popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

beacon.exe

Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 27, 2024, 1:36 p.m. Sept. 27, 2024, 1:39 p.m.
Size 7.1MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 698977a5b343ea381c62f76b91fd54d5
SHA256 d15e35dcb836d038d70b217709261b6a29c1d871c16304368b18ece21b989878
CRC32 BEE8E25D
ssdeep 98304:tNF2FJzAANYqEeuDdoVcd9eCjsqok/YOvclynAnib2I:tqrzAAoelidsesEvTnAQn
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
section {u'size_of_data': u'0x00063c00', u'virtual_address': u'0x00553000', u'entropy': 7.996182619594343, u'name': u'/19', u'virtual_size': u'0x00063b9a'} entropy 7.99618261959 description A section with a high entropy has been found
section {u'size_of_data': u'0x00015200', u'virtual_address': u'0x005b7000', u'entropy': 7.943001203897662, u'name': u'/32', u'virtual_size': u'0x0001502b'} entropy 7.9430012039 description A section with a high entropy has been found
section {u'size_of_data': u'0x000d1c00', u'virtual_address': u'0x005ce000', u'entropy': 7.998409121787395, u'name': u'/65', u'virtual_size': u'0x000d1a18'} entropy 7.99840912179 description A section with a high entropy has been found
section {u'size_of_data': u'0x0007ec00', u'virtual_address': u'0x006a0000', u'entropy': 7.995464355223593, u'name': u'/78', u'virtual_size': u'0x0007ea34'} entropy 7.99546435522 description A section with a high entropy has been found
section {u'size_of_data': u'0x00025600', u'virtual_address': u'0x0071f000', u'entropy': 7.805484181154835, u'name': u'/90', u'virtual_size': u'0x0002547d'} entropy 7.80548418115 description A section with a high entropy has been found
entropy 0.274080742331 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win64.Goshell.tsCV
Cynet Malicious (score: 99)
Skyhigh BehavesLike.Win64.TrojanRansom.wh
ALYac Trojan.Generic.36694433
Cylance Unsafe
VIPRE Trojan.Generic.36694433
Sangfor Trojan.Win64.Goshell.V1a7
CrowdStrike win/malicious_confidence_60% (D)
BitDefender Trojan.Generic.36694433
K7GW Trojan ( 005aee7d1 )
K7AntiVirus Trojan ( 005aee7d1 )
Arcabit Trojan.Generic.D22FE9A1
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of WinGo/ShellcodeRunner.OC
Avast Win64:Malware-gen
Kaspersky HEUR:Trojan.Win64.Goshell.gen
Alibaba Trojan:Win64/Goshell.4255c828
MicroWorld-eScan Trojan.Generic.36694433
Emsisoft Trojan.Generic.36694433 (B)
F-Secure Trojan.TR/AVI.Agent.romti
Zillya Trojan.ShellcodeRunner.Win32.5109
TrendMicro TROJ_GEN.R03BC0WHD24
McAfeeD ti!D15E35DCB836
CTX exe.trojan.goshell
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
FireEye Trojan.Generic.36694433
Google Detected
Avira TR/AVI.Agent.romti
Antiy-AVL Trojan/Win64.GoShell
Kingsoft Win64.Trojan.Goshell.gen
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm HEUR:Trojan.Win64.Goshell.gen
GData Trojan.Generic.36694433
Varist W64/ABTrojan.WXXM-3963
McAfee Artemis!698977A5B343
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.1110130440
Ikarus Trojan.WinGo.Rozena
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R03BC0WHD24
Tencent Win64.Trojan.Goshell.Rimw
huorong Backdoor/W64.CobaltStrike.bp
MaxSecure Trojan.Malware.207061521.susgen
Fortinet W64/Agent.TL!tr
AVG Win64:Malware-gen
Paloalto generic.ml
alibabacloud Trojan:Multi/ShellcodeRunner.OW