popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Payload.exe

PhysicalDrive Malicious Packer PE32 PE File .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 15, 2024, 2:17 p.m. Oct. 15, 2024, 2:42 p.m.
Size 543.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 aa9e75e91b3ac6ad8868e9906beccf54
SHA256 fddd2c104500971da3ec56f930dcd53da181c0c45e47f5a25a57028afb642e29
CRC32 AF06CFBD
ssdeep 12288:GVRmalyw9qfcaF52WgAIsAxOfqV42Rqol0M0pMsRNQSJGmENwMp3:ARigAm3lTaK
Yara
  • PhysicalDrive_20181001 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
167.71.14.135 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

host 167.71.14.135
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Bladabindi.4!c
CTX exe.trojan.msil
Skyhigh BehavesLike.Win32.Generic.ht
ALYac Generic.KillMBR.B.406241DA
Cylance Unsafe
VIPRE Generic.KillMBR.B.406241DA
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
K7GW Trojan ( 700000121 )
K7AntiVirus Trojan ( 700000121 )
VirIT Trojan.Win32.MSIL_Heur.B
Symantec Backdoor.Ratenjay
Elastic Windows.Trojan.Njrat
ESET-NOD32 a variant of MSIL/Bladabindi.BB
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Ursu-9784017-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Generic.KillMBR.B.406241DA
MicroWorld-eScan Generic.KillMBR.B.406241DA
Rising Backdoor.njRAT!1.9E49 (CLASSIC)
Emsisoft Generic.KillMBR.B.406241DA (B)
F-Secure Trojan.TR/Dropper.Gen2
DrWeb BackDoor.BladabindiNET.27
McAfeeD Real Protect-LS!AA9E75E91B3A
Trapmine malicious.moderate.ml.score
Sophos Mal/Agent-ATK
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.aa9e75e91b3ac6ad
Jiangmin TrojanDropper.Autoit.dce
Webroot W32.Malware.Gen
Google Detected
Avira TR/Dropper.Gen2
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win32.NjRat.tr
Arcabit Generic.KillMBR.B.D632E1DA
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Backdoor:MSIL/Bladabindi!atmn
Varist W32/MSIL_Kryptik.JOV.gen!Eldorado
AhnLab-V3 Trojan/Win32.RL_Generic.C4309000
VBA32 Dropper.MSIL.gen
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware.AI.DDS
Ikarus Trojan.MSIL.Bladabindi
Tencent Trojan.Win32.Bladabindi.16000442
huorong Backdoor/Bladabindi.e
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Bladabindi.BA!tr
Panda Trj/GdSda.A
dead_host 192.168.56.101:49191
dead_host 192.168.56.101:49171
dead_host 192.168.56.101:49192
dead_host 167.71.14.135:963
dead_host 192.168.56.101:49165
dead_host 192.168.56.101:49175
dead_host 192.168.56.101:49176
dead_host 192.168.56.101:49184
dead_host 192.168.56.101:49193
dead_host 192.168.56.101:49188
dead_host 192.168.56.101:49166
dead_host 192.168.56.101:49168
dead_host 192.168.56.101:49177
dead_host 192.168.56.101:49172
dead_host 192.168.56.101:49163
dead_host 192.168.56.101:49181
dead_host 192.168.56.101:49194
dead_host 192.168.56.101:49189
dead_host 192.168.56.101:49167
dead_host 192.168.56.101:49169
dead_host 192.168.56.101:49173
dead_host 192.168.56.101:49186
dead_host 192.168.56.101:49182
dead_host 192.168.56.101:49190
dead_host 192.168.56.101:49170
dead_host 192.168.56.101:49179
dead_host 192.168.56.101:49164
dead_host 192.168.56.101:49174
dead_host 192.168.56.101:49187