popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ee.exe

.NET framework(MSIL) Malicious Library UPX Malicious Packer PE File PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 21, 2024, 2:30 p.m. Oct. 21, 2024, 2:33 p.m.
Size 348.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 ca3793c67c597ad1644a43ede3a94e78
SHA256 76230f6c110b11fc37b99758be26d27d1a4c945b03f0283f15e2be21d8b5879a
CRC32 2C043946
ssdeep 6144:/zNHXf500MVE/ifugcqbaV4mRjfL7qQuPYShsGvq:7d506iFcHV4mRjfCQuPYShsaq
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
freegeoip.net 15.197.148.33
ip-api.com 208.95.112.1
api.ipify.org 104.26.13.205
IP Address Status Action
128.0.1.24 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

domain api.ipify.org
domain ip-api.com
host 128.0.1.24
dead_host 128.0.1.24:1604
Bkav W32.AIDetectMalware.CS
Lionic Trojan.MSIL.Agent.mCnJ
CAT-QuickHeal Trojan.MSIL
Skyhigh BehavesLike.Win32.Generic.fh
ALYac Generic.MSIL.PasswordStealerA.7225B325
Cylance Unsafe
VIPRE Generic.MSIL.PasswordStealerA.7225B325
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Generic.MSIL.PasswordStealerA.7225B325
K7GW Trojan ( 00521dab1 )
K7AntiVirus Trojan ( 00521dab1 )
Arcabit Generic.MSIL.PasswordStealerA.7225B325
VirIT Trojan.Win32.MSIL_Heur.B
Symantec ML.Attribute.HighConfidence
Elastic Windows.Trojan.Quasarrat
ESET-NOD32 MSIL/Spy.Agent.AES
APEX Malicious
Avast MSIL:Rat-B [Trj]
ClamAV Win.Packed.Generic-9829635-0
Kaspersky Trojan.MSIL.Agent.foww
Alibaba Backdoor:MSIL/Quasar.bd5bd09d
NANO-Antivirus Trojan.Win32.FCOI.ksvfzp
SUPERAntiSpyware Trojan.Agent/Gen-PasswordStealer
MicroWorld-eScan Generic.MSIL.PasswordStealerA.7225B325
Rising Backdoor.xRAT!1.D01D (CLASSIC)
Emsisoft Generic.MSIL.PasswordStealerA.7225B325 (B)
F-Secure Trojan:w32/QuasarRAT.A1
DrWeb Trojan.DownLoader27.59888
Zillya Trojan.Agent.Win32.750262
TrendMicro TSPY_TINCLEX.SM1
McAfeeD Real Protect-LS!CA3793C67C59
Trapmine malicious.moderate.ml.score
CTX exe.trojan.msil
Sophos ATK/Zaquar-D
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.ca3793c67c597ad1
Jiangmin Trojan.Generic.ajfvk
Webroot W32.Malware.Gen
Google Detected
Avira HEUR/AGEN.1307329
Antiy-AVL Trojan/MSIL.Agent
Kingsoft malware.kb.c.1000
Gridinsoft Trojan.Win32.Agent.sa
Microsoft Backdoor:MSIL/Quasar.GG!MTB
ViRobot Trojan.Win32.LockBit.356352
ZoneAlarm Trojan.MSIL.Agent.foww
GData MSIL.Backdoor.Quasar.D
Varist W32/MSIL_Mintluks.A.gen!Eldorado
AhnLab-V3 Trojan/Win32.Subti.R285137