popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Rils.exe

Gen1 Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check PE32 dll DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 14, 2024, 9:41 a.m. Oct. 14, 2024, 9:50 a.m.
Size 14.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 403728207960ffa961f08191d3ef1430
SHA256 313d9bf77dc4d5de4750786bdda02ea4beecaaceb5284928ad628eb2ea02c6b9
CRC32 98AAA67C
ssdeep 196608:mXD3ZL233edzjHS4I7iehURbp6L6WGV6SUN+z/Gu2cPYYIKfFe5PiP0ZAaGNbmWA:mTV2nedzzdDp6LJj4d2WcBiP0ZA7mWA
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
bitbucket.org
A 104.192.140.24
A 104.192.140.25
A 104.192.140.26
104.192.140.26
pool.hashvault.pro
A 131.153.76.130
A 125.253.92.50
131.153.76.130
IP Address Status Action
104.192.140.24 Active Moloch
131.153.76.130 Active Moloch
164.124.101.2 Active Moloch

pdb_path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
section .didat
resource name PNG
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
1+0x234be @ 0xa134be
0x5

exception.instruction_r: 03 48 3c 89 4d ac c7 85 44 fd ff ff 01 00 00 00
exception.symbol: 1+0x81dc
exception.instruction: add ecx, dword ptr [eax + 0x3c]
exception.module: 1.exe
exception.exception_code: 0xc0000005
exception.offset: 33244
exception.address: 0x9f81dc
registers.esp: 1756384
registers.edi: 0
registers.eax: 0
registers.ebp: 1762912
registers.edx: 6
registers.ebx: 1762920
registers.esi: 1
registers.ecx: 0
1 0 0
file C:\Users\test22\AppData\Roaming\3.exe
file C:\Users\test22\AppData\Roaming\1.exe
file C:\Users\test22\AppData\Roaming\2.exe
file C:\Users\test22\AppData\Roaming\1.exe
file C:\Users\test22\AppData\Roaming\2.exe
file C:\Users\test22\AppData\Roaming\3.exe
file C:\Users\test22\AppData\Roaming\1.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA Share reg_value C:\Users\test22\AppData\Roaming\ServiceAmd\3.exe
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Lumma.i!c
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
CAT-QuickHeal Trojanpws.Lumma
Skyhigh BehavesLike.Win32.Trojan.vc
ALYac Trojan.Generic.36730258
Cylance Unsafe
VIPRE Trojan.Generic.36730258
Sangfor Infostealer.Win32.Kryptik.Vcfv
K7AntiVirus Riskware ( 00584baa1 )
BitDefender Trojan.Generic.36730258
K7GW Riskware ( 00584baa1 )
Arcabit Trojan.Generic.D2307592
Symantec Trojan.Gen.MBT
McAfee Artemis!403728207960
Avast Win32:PWSX-gen [Trj]
ClamAV Win.Packed.Bladabindi-10017056-0
Kaspersky Trojan-PSW.Win32.Lumma.avy
Alibaba TrojanPSW:Win64/Lumma.ee29731c
MicroWorld-eScan Trojan.Generic.36730258
Rising Trojan.Generic!8.C3 (CLOUD)
Emsisoft Trojan.Generic.36730258 (B)
F-Secure Trojan.TR/AVI.Agent.tiwku
DrWeb Trojan.Siggen29.30270
TrendMicro TrojanSpy.Win32.LUMMASTEALER.YXEH1Z
McAfeeD ti!313D9BF77DC4
FireEye Generic.mg.403728207960ffa9
Sophos Mal/Generic-S
Ikarus Trojan.Win64.Bladabindi
Google Detected
Avira TR/AVI.Agent.tiwku
MAX malware (ai score=85)
Antiy-AVL Trojan[Banker]/Win32.ClipBanker
Gridinsoft Trojan.Win32.Agent.sa
Microsoft Trojan:Win32/Vigorf.A
ZoneAlarm Trojan-PSW.Win32.Lumma.avy
GData Trojan.Generic.36730258
Varist W64/Injector.BMR.gen!Eldorado
DeepInstinct MALICIOUS
Malwarebytes Crypt.Trojan.MSIL.DDS
Panda Trj/CI.A
TrendMicro-HouseCall TrojanSpy.Win32.LUMMASTEALER.YXEH1Z
Tencent Win32.Trojan-QQPass.QQRob.Zchl
Yandex Trojan.Miner!gNQyxtA2zTA
MaxSecure Trojan.Malware.276510682.susgen
Fortinet W32/PossibleThreat
AVG Win32:PWSX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_90% (W)