popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

javumarfirst.exe

Generic Malware UPX PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 4, 2024, 11:14 a.m. Oct. 4, 2024, 11:17 a.m.
Size 7.0MB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 506f20dc6d2d9a4bd2725a726679b74e
SHA256 9259b00bb10494cb883a4999ea33ff59452df9e09d2c30beafae09fd980b8baf
CRC32 77569892
ssdeep 49152:o18FBWG6cBjNOL/SoDUVs7dxzg57AEgPQhaYkOr74oBxBRO+uaXHMEUs9N+qaKDJ:RBDBpi/SoDUVshx03wQA
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
sevtvx17ht.top
A 80.66.81.78
80.66.81.78
IP Address Status Action
164.124.101.2 Active Moloch
80.66.81.78 Active Moloch

suspicious_features POST method with no referer header suspicious_request POST http://sevtvx17ht.top/v1/upload.php
request POST http://sevtvx17ht.top/v1/upload.php
request POST http://sevtvx17ht.top/v1/upload.php
domain sevtvx17ht.top description Generic top level domain TLD
file C:\Users\test22\AppData\Local\Temp\service123.exe
file C:\Users\test22\AppData\Local\Temp\LkwWQfCuAuZdmvADjZkd.dll
section {u'size_of_data': u'0x0006ae00', u'virtual_address': u'0x0069c000', u'entropy': 6.80263450437104, u'name': u'.reloc', u'virtual_size': u'0x0006ad40'} entropy 6.80263450437 description A section with a high entropy has been found
Bkav W32.AIDetectMalware
CrowdStrike win/malicious_confidence_90% (D)
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/GenKryptik.HBZR
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
Rising Trojan.Kryptik!8.8 (TFE:5:25KWoxie6RB)
AhnLab-V3 Infostealer/Win.CryptBot.C5677842
Malwarebytes Trojan.MalPack
Tencent Win32.Trojan.Genkryptik.Ckjl
AVG Win32:CrypterX-gen [Trj]