popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.exe

Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 30, 2024, 11:25 a.m. Sept. 30, 2024, 11:42 a.m.
Size 19.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 5cebc6552eb1d0665391ddbe8a25bfff
SHA256 2d4791c66db346075cc3811dedc19b66cdda13d8deb7ef3c5aa44843e8e61597
CRC32 55524F06
ssdeep 192:wV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2bG2IZB0EaFWF8qa1Dojjgi:SqaCF31cix+Dc4zjsq9aoFF46gi
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
124.222.72.51 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x3f0030
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c

exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed
exception.instruction: lodsb al, byte ptr [rsi]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x3f0030
registers.r14: 1453503984
registers.r15: 0
registers.rcx: 110
registers.rsi: 110
registers.r10: 0
registers.rbx: 4129273
registers.rsp: 9304712
registers.r11: 514
registers.r8: 8791744913672
registers.r9: 0
registers.rdx: 2004821600
registers.r12: 0
registers.rbp: 4128778
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00000000003f0000
process_handle: 0xffffffffffffffff
1 0 0
host 124.222.72.51
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.CobaltStrike.4!c
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Trojan.lm
ALYac Dump:Generic.ShellCode.Marte.2.281E5E21
Cylance Unsafe
VIPRE Dump:Generic.ShellCode.Marte.2.281E5E21
Sangfor Trojan.Win32.CobaltStrike
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Dump:Generic.ShellCode.Marte.2.281E5E21
K7GW Trojan ( 00580b4c1 )
K7AntiVirus Trojan ( 00580b4c1 )
Arcabit Dump:Generic.ShellCode.Marte.2.281E5E21
VirIT Trojan.Win64.Genus.BRF
Symantec Backdoor.Cobalt
Elastic Windows.Trojan.CobaltStrike
ESET-NOD32 a variant of Win64/CobaltStrike.Artifact.A
APEX Malicious
Avast Win64:Evo-gen [Trj]
ClamAV Win.Trojan.CobaltStrike-9044898-1
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Backdoor:Win64/Artifact.eda1b728
MicroWorld-eScan Dump:Generic.ShellCode.Marte.2.281E5E21
Rising Backdoor.CobaltStrike/x64!1.E382 (CLASSIC)
Emsisoft Dump:Generic.ShellCode.Marte.2.281E5E21 (B)
F-Secure Heuristic.HEUR/AGEN.1345031
DrWeb BackDoor.CobaltStrike.46
Zillya Trojan.CobaltStrike.Win64.13786
TrendMicro Backdoor.Win64.COBEACON.SMA
McAfeeD ti!2D4791C66DB3
CTX exe.trojan.cobaltstrike
Sophos ATK/Cobalt-A
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.5cebc6552eb1d066
Jiangmin Trojan.CozyDuke.dk
Webroot W32.Malware.Gen
Google Detected
Avira HEUR/AGEN.1345031
Antiy-AVL RiskWare/Win64.Artifact
Kingsoft malware.kb.a.860
Gridinsoft Trojan.Win64.Kryptik.oa!s1
Xcitium Malware@#1bbb05n8tpb2i
Microsoft Trojan:Win64/Cobaltstrike.RPX!MTB
ZoneAlarm HEUR:Trojan.Win64.CobaltStrike.gen
GData Dump:Generic.ShellCode.Marte.2.281E5E21
Varist W64/Kryptik.GRO
AhnLab-V3 Malware/Win64.RL_Backdoor.R363496
McAfee CobaltStrike-so!5CEBC6552EB1
TACHYON Trojan/W64.CobaltStrike.19456
DeepInstinct MALICIOUS
dead_host 192.168.56.103:49171
dead_host 192.168.56.103:49170
dead_host 192.168.56.103:49163
dead_host 124.222.72.51:4433
dead_host 192.168.56.103:49162
dead_host 192.168.56.103:49172
dead_host 192.168.56.103:49165
dead_host 192.168.56.103:49164
dead_host 192.168.56.103:49169
dead_host 192.168.56.103:49168
dead_host 192.168.56.103:49166