Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 30, 2024, 11:18 a.m.	Sept. 30, 2024, 11:20 a.m.

Size	366.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`bc9fd6c5621c3fa5a16489db19746112`
SHA256	`13feaa32e4b03ede8799e5bee6f8d54c3af715a6488ad32f6287d8f504c7078b`
CRC32	`072F274A`
ssdeep	`6144:Vsj5MHZ/yacp9dK/WT8W/WUuLdrX64ajx0HLC1UsrTAhwwU8qc2kPoV0jp7:VW5Mwacp9dKeIdezlMCusJzV0`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\winvnc.x64.dll,?ReflectiveLoader@@YA_KPEAX@Z
1700
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\winvnc.x64.dll,?ReflectiveLoader@@YA_KPEAX@Z
  2212
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\winvnc.x64.dll,
2148

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 events)

Bkav	W64.AIDetectMalware
Lionic	Hacktool.Win32.Meterpreter.3!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.NetLoader.fh
ALYac	Misc.HackTool.Meterpreter
Cylance	Unsafe
VIPRE	Gen:Variant.Tedy.394289
Sangfor	Riskware.Win32.Inject.Vijo
CrowdStrike	win/grayware_confidence_100% (W)
BitDefender	Gen:Variant.Tedy.394289
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Arcabit	Trojan.Tedy.D60431
Symantec	Trojan Horse
Elastic	Windows.Generic.Threat
ESET-NOD32	a variant of Win64/Riskware.Meterpreter.H
Avast	Win64:Malware-gen
Kaspersky	HEUR:HackTool.Win32.Inject.heur
Alibaba	HackTool:Win32/Inject.e59970a2
MicroWorld-eScan	Gen:Variant.Tedy.394289
Rising	Trojan.CobaltStrike!8.EDF2 (TFE:5:iw1lVS3f5fU)
Emsisoft	Gen:Variant.Tedy.394289 (B)
F-Secure	PrivacyRisk.SPR/Injector.agw
DrWeb	Tool.Inject.79
Zillya	Tool.Meterpreter.Win64.462
TrendMicro	PUA.Win64.WINVNC.A
McAfeeD	ti!13FEAA32E4B0
CTX	dll.hacktool.inject
Sophos	Harmony Loader (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Gen:Variant.Tedy.394289
Jiangmin	HackTool.Inject.ciu
Webroot	W32.Malware.Gen
Google	Detected
Avira	SPR/Injector.agw
Antiy-AVL	HackTool/Win32.Inject
Kingsoft	Win32.HackTool.Inject.heur
Gridinsoft	Trojan.Win64.Agent.dg
Xcitium	Malware@#262v94zt9ji48
Microsoft	Trojan:Win32/CobaltStrike!MTB
ZoneAlarm	HEUR:HackTool.Win32.Inject.heur
GData	Gen:Variant.Tedy.394289
Varist	W64/ABApplication.QKNU-2496
AhnLab-V3	Malware/Win.Inject.R635405
McAfee	RDN/Generic PUP.z
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.2936209353
Ikarus	PUA.RiskWare.Meterpreter
Panda	Trj/CI.A
TrendMicro-HouseCall	PUA.Win64.WINVNC.A

winvnc.x64.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All