Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 21, 2024, 2:07 p.m.	Oct. 21, 2024, 2:11 p.m.

Size	8.4MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`7d2eb1b2a364d686f6d4f17cdf626810`
SHA256	`034f883e7dad9b363bdaf1db5d5802da7296196a10dc9e29fd1027b769443ee8`
CRC32	`B6D56EDF`
ssdeep	`196608:CqoFg26BXh0UOjCpu/07qcwru7fr/tapj:KF/+w/CwrQ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file

program.exe "C:\Users\test22\AppData\Local\Temp\program.exe"
2064

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Oct. 21, 2024, 2:07 p.m.	buffer: Usage: chisel [command] [--help] Version: 1.7.3 (go1.15.5) Commands: server - runs chisel in server mode client - runs chisel in client mode Read more: https://github.com/jpillora/chisel console_handle: 0x0000000000000007	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Oct. 21, 2024, 2:07 p.m.	ordinal: 0 function_address: 0x000007fefe467a50 function_name: wine_get_version module: ntdll module_address: 0x00000000776c0000		-1073741511	0

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Bkav	W64.AIDetectMalware
Lionic	Hacktool.Win32.Chisel.3!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Suspiciouspws.rm
ALYac	Gen:Variant.Application.Bulz.244681
Cylance	Unsafe
VIPRE	Gen:Variant.Application.Bulz.244681
Sangfor	Hacktool.Win32.Chisel.Vdj1
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Application.Bulz.244681
K7GW	Trojan ( 0056f6ae1 )
K7AntiVirus	Trojan ( 0056f6ae1 )
Arcabit	Trojan.Application.Bulz.D3BBC9
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of WinGo/HackTool.Chisel.A
Avast	Win32:SharpChisel-B [PUP]
Kaspersky	HEUR:HackTool.Win32.Chisel.b
Alibaba	HackTool:Win32/Chisel.4016d717
MicroWorld-eScan	Gen:Variant.Application.Bulz.244681
Emsisoft	Gen:Variant.Application.Bulz.244681 (B)
F-Secure	Heuristic.HEUR/AGEN.1318189
Zillya	Tool.Agent.Win64.202
TrendMicro	HackTool.Win64.Chisel.SM.go
McAfeeD	ti!034F883E7DAD
CTX	exe.hacktool.chisel
Sophos	ATK/Chisel-A
FireEye	Generic.mg.7d2eb1b2a364d686
Webroot	W32.Hacktool.Chisel
Google	Detected
Avira	HEUR/AGEN.1318189
Antiy-AVL	HackTool/Win64.Agent
Kingsoft	Win32.HackTool.Agent.gen
Microsoft	HackTool:Win32/Chisel.A
ZoneAlarm	HEUR:HackTool.Win32.Agent.gen
GData	Gen:Variant.Application.Bulz.244681
Varist	W64/Chisel.A.gen!Eldorado
AhnLab-V3	Malware/Win64.RL_Generic.R368091
McAfee	Artemis!7D2EB1B2A364
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3772152651
Ikarus	Trojan.WinGo.Hacktool
Tencent	Win32.Hacktool.Chisel.Nzfl
Yandex	Trojan.Igent.bUTRIA.29
huorong	HackTool/Chisel.a
MaxSecure	Trojan.Malware.108811382.susgen
Fortinet	Riskware/Chisel.A!tr
AVG	Win32:SharpChisel-B [PUP]
Paloalto	generic.ml
alibabacloud	Hacktool:Multi/Win64_HackTool_Agent_AG

program.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All