popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Macro.vbs

Hide_EXE PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 30, 2024, 11:26 a.m. Sept. 30, 2024, 11:38 a.m.
Size 7.2KB
Type ASCII text, with very long lines, with CRLF, LF line terminators
MD5 78bd7c85fd4223850c6ed4c4e98ffa62
SHA256 f58b94ab19df619a698847b81e3c0eec0177f2097f634bbbb1551ecb22cba03c
CRC32 9FB14323
ssdeep 96:VcEW1T5eQzzLjhYiHsE6lH1CHeWO8gjRNtjOYbsRd:aEcTV/5YiRgHaeN8gjvNWd
Yara
  • hide_executable_file - Hide executable file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
89.197.154.116 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

file C:\Users\test22\AppData\Local\Temp\radF2D5C.tmp\veZkNElXSz.exe
file C:\Users\test22\AppData\Local\Temp\radF2D5C.tmp\veZkNElXSz.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\radF2D5C.tmp\veZkNElXSz.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\radF2D5C.tmp\veZkNElXSz.exe
1 1 0
host 89.197.154.116
file C:\Users\test22\AppData\Local\Temp\radF2D5C.tmp\veZkNElXSz.exe
file C:\Users\test22\AppData\Local\Temp\radF2D5C.tmp\veZkNElXSz.exe
parent_process wscript.exe martian_process C:\Users\test22\AppData\Local\Temp\radF2D5C.tmp\veZkNElXSz.exe
parent_process wscript.exe martian_process "C:\Users\test22\AppData\Local\Temp\radF2D5C.tmp\veZkNElXSz.exe"
MicroWorld-eScan VB:Trojan.VBS.Dropper.AG
CTX vba.trojan.generic
CAT-QuickHeal Trojan.VBS.33100
ALYac VB:Trojan.VBS.Dropper.AG
VIPRE VB:Trojan.VBS.Dropper.AG
Arcabit VB:Trojan.VBS.Dropper.AG
Symantec VBS.Heur.SNIC
ESET-NOD32 Win32/Rozena.ED
Cynet Malicious (score: 99)
BitDefender VB:Trojan.VBS.Dropper.AG
NANO-Antivirus Trojan.Script.Agent.fosjzx
Rising Dropper.Ploty!8.EEC8 (TOPIS:E0:JqyfiJ1QMlQ)
Emsisoft VB:Trojan.VBS.Dropper.AG (B)
F-Secure Malware.HTML/ExpKit.Gen2
DrWeb JS.Muldrop.457
TrendMicro HEUR_VBS.O1
Sophos Troj/Swrort-AL
Ikarus Trojan.Win32.Swrort
FireEye VB:Trojan.VBS.Dropper.AG
Google Detected
Avira HTML/ExpKit.Gen2
Kingsoft Win32.Infected.AutoInfector.a
Xcitium TrojWare.VBS.TrojanDropper.Agent.NJA@833icd
Microsoft Trojan:Win32/Meterpreter.RPZ!MTB
GData VB:Trojan.VBS.Dropper.AG
Varist VBS/Agent.AJU!Eldorado
Tencent Win32.Trojan.Expkit.Ncnw
huorong TrojanDropper/Agent.fg
Fortinet VBS/Rozena.ED!tr
file C:\Users\test22\AppData\Local\Temp\radF2D5C.tmp\veZkNElXSz.exe
dead_host 192.168.56.103:49171
dead_host 192.168.56.103:49170
dead_host 192.168.56.103:49173
dead_host 192.168.56.103:49172
dead_host 192.168.56.103:49165
dead_host 192.168.56.103:49174
dead_host 192.168.56.103:49164
dead_host 192.168.56.103:49169
dead_host 89.197.154.116:7810
dead_host 192.168.56.103:49167
dead_host 192.168.56.103:49168