popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

script.exe

PE32 PE File .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 20, 2024, 9:12 a.m. Oct. 20, 2024, 9:32 a.m.
Size 6.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 308d9beab0eccfd8f218a89456b9b7d4
SHA256 3570eab57ac55e89ce4467d665502896790881a21e93a25aabb738fa368e9e02
CRC32 B76CB895
ssdeep 96:L5W7Du0Tn+eUqyzKrW6I2Amy0KFhm1IoqD0b:LmDLn+eUqMKrtIjN9y1pd
Yara
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section .sdata
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 720896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00580000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74021000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0052a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74022000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00522000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00532000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00533000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0056b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00567000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0053c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ac0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0055a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Marte.4!c
Skyhigh Trojan-Veil-FLRI!308D9BEAB0EC
ALYac Generic.ShellCode.Marte.H.131E2AA9
Cylance Unsafe
Sangfor HackTool.Win32.Reverse_Bin_v2_5_through_v4_x.uwccg
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Generic.ShellCode.Marte.H.131E2AA9
K7GW Trojan ( 004d65ce1 )
K7AntiVirus Trojan ( 004d65ce1 )
Arcabit Generic.ShellCode.Marte.H.131E2AA9
Symantec Meterpreter
Elastic Windows.Trojan.Metasploit
ESET-NOD32 a variant of MSIL/Rozena.T
APEX Malicious
Avast Win32:Swrort-S [Trj]
ClamAV Win.Trojan.MSShellcode-7
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba VirTool:MSIL/Meterpreter.7bf47c98
NANO-Antivirus Trojan.Win32.Kryptik.entlde
MicroWorld-eScan Generic.ShellCode.Marte.H.131E2AA9
Rising HackTool.Swrort!1.6477 (CLASSIC)
Emsisoft Generic.ShellCode.Marte.H.131E2AA9 (B)
F-Secure Heuristic.HEUR/AGEN.1308546
VIPRE Generic.ShellCode.Marte.H.131E2AA9
TrendMicro Backdoor.Win32.COBEACON.SMD
McAfeeD ti!3570EAB57AC5
Trapmine suspicious.low.ml.score
CTX exe.trojan.meterpreter
Sophos Troj/Rozena-D
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.308d9beab0eccfd8
Webroot W32.Trojan.Gen
Google Detected
Avira HEUR/AGEN.1308546
Antiy-AVL Trojan/Win32.Rozena.ed
Kingsoft malware.kb.c.1000
Xcitium Malware@#1553555a3jiqc
Microsoft VirTool:MSIL/Meterpreter.G!MTB
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Generic.ShellCode.Marte.H.131E2AA9
Varist W32/ABTrojan.AVHM-1542
AhnLab-V3 Malware/Win32.RL_Generic.C4286713
McAfee Trojan-Veil-FLRI!308D9BEAB0EC
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3817415780
Ikarus Trojan.MSIL.Crypt
Panda Trj/CI.A
Tencent Win32.Trojan.Generic.Ddhl
huorong Backdoor/Meterpreter.ak