Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.05 04:11
VST32License.exe
11.05 03:11
VST32License.exe
11.03 01:11
DocTromTinNhan.exe
11.01 06:11
MPDW-constraints.vbs
11.01 06:11
87f3f2.exe
11.01 06:11
Client-built.exe
11.01 06:11
norm.exe
11.01 06:11
chrome_131.exe
11.01 06:11
kjrhjijawdkrjhh.exe
11.01 09:11
Calibre_Installer.exe

Latest News
11.05 01:11
메가존클라우드-파이오링크, 클라우드 보안...
11.05 01:11
프로페셔널 헤어케어 브랜드 레삐, ‘20...
11.05 01:11
Chinese Group Accused ...
11.05 01:11
25년 정보보호 전자공시시스템 고도화 및...
11.05 01:11
KISA, 민원 응대 보호시스템 전사 확대
11.05 01:11
아늑샵, 2024년 4분기 '한국소비자인...
11.05 01:11
크라운슬립, 프리미엄 구스 이불 론칭 기...
11.05 01:11
Google Warns of Active...
11.05 12:11
안랩, 2024년 3분기 매출 685억,...
11.05 12:11
Southeast Asia’s Digit...

Summary | ZeroBOX

reverse.exe

Metasploit Meterpreter Generic Malware PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 21, 2024, 2:03 p.m.	Oct. 21, 2024, 2:07 p.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`2a18a597200994af2b1eaa57d789f979`
SHA256	`43c13796f343898e53317703cd4178e7e00efcf8b1aa20ce6a5d349ddca5949e`
CRC32	`93E72CDB`
ssdeep	`24:eFGStrJ9u0/6PEnZdkBQAVoakfwKLqFeNDMSCvOXpmB:is0CokBQVxolSD9C2kB`
Yara	Windows_Trojan_Metasploit_91bc5d7d - (no description) PE_Header_Zero - PE File Signature IsPE64 - (no description) MALWARE_Win_MeterpreterStager - Detects Meterpreter stager payload Generic_Malware_Zero - Generic Malware

reverse.exe "C:\Users\test22\AppData\Local\Temp\reverse.exe"
1948

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
188.166.177.132	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ewti

Communicates with host for which no DNS query was performed (1 event)

host

188.166.177.132

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

188.166.177.132:443

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 events)

Bkav	W64.AIDetectMalware
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Metasploit.S9212471
Skyhigh	BehavesLike.Win64.Infected.zz
ALYac	Trojan.Metasploit.A
Cylance	Unsafe
VIPRE	Trojan.Metasploit.A
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Trojan.Metasploit.A
K7GW	Trojan ( 004fae881 )
K7AntiVirus	Trojan ( 004fae881 )
Arcabit	Trojan.Metasploit.A
VirIT	Trojan.Win32.Generic.BZPS
Symantec	Meterpreter
Elastic	Windows.Trojan.Metasploit
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
Avast	Win32:MsfShell-V [Hack]
ClamAV	Win.Malware.Metasploit-10022275-0
Kaspersky	Trojan.Win64.Shelma.b
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
MicroWorld-eScan	Trojan.Metasploit.A
Rising	Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft	Trojan.Metasploit.A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
DrWeb	BackDoor.Shell.244
TrendMicro	Trojan.Win64.SHELMA.SMB1
McAfeeD	Real Protect-LS!2A18A5972009
Trapmine	malicious.high.ml.score
CTX	exe.trojan.metasploit
Sophos	ATK/Meter-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.2a18a597200994af
Jiangmin	Trojan.Generic.auyjj
Webroot	W32.Malware.Gen
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	malware.kb.b.980
Gridinsoft	Trojan.Win64.ShellCode.sd!s1
Microsoft	Trojan:Win64/Meterpreter!pz
ZoneAlarm	Trojan.Win64.Shelma.b
GData	Win64.Trojan.Rozena.A
Varist	W64/Rozena.IG
AhnLab-V3	Trojan/Win64.Shelma.R274246
Acronis	suspicious
McAfee	Trojan-FJIN!2A18A5972009
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Dropper.Generic