popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

k4q.exe

Malicious Packer UPX Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 24, 2024, 9:55 a.m. Oct. 24, 2024, 9:59 a.m.
Size 18.4MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 30871d0e0185fcffd2d9452ffdd456f6
SHA256 579b87f1aee0d4dcddb5d3cc69ab2eb61af07a9f41da8a1a5c12453c219f85ba
CRC32 5A8BFF28
ssdeep 98304:oV5mfT7ZBbST4IzqTur8eXWuQrad5yd/ZBC6Ep/EqMLEIJMY:oV5mxBb3TreXWO5yd/ZBCTpcRb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
143.198.137.110 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .symtab
host 143.198.137.110
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Dump.4!c
Cynet Malicious (score: 99)
ALYac Dump:Generic.Trojan.Tango.Marte.I.EC675907
Cylance Unsafe
VIPRE Dump:Generic.Trojan.Tango.Marte.I.EC675907
Sangfor Hacktool.Win32.Sliver.Vr0c
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Dump:Generic.Trojan.Tango.Marte.I.EC675907
Arcabit Dump:Generic.Trojan.Tango.Marte.I.ECDA5043
VirIT Trojan.Win64.Sliver.AA
Symantec ML.Attribute.HighConfidence
Elastic Multi.Trojan.Sliver
ESET-NOD32 a variant of WinGo/HackTool.Sliver.M
Avast MalwareX-gen [Trj]
ClamAV Win.File.Sliver-9942542-0
Kaspersky HEUR:Trojan.Multi.MalGO.gen
MicroWorld-eScan Dump:Generic.Trojan.Tango.Marte.I.EC675907
Rising Backdoor.Sliver!1.FCA0 (CLASSIC)
Emsisoft Dump:Generic.Trojan.Tango.Marte.I.EC675907 (B)
F-Secure Heuristic.HEUR/AGEN.1366847
CTX exe.trojan.dump
Sophos ATK/Sliver-B
SentinelOne Static AI - Malicious PE
FireEye Dump:Generic.Trojan.Tango.Marte.I.EC675907
Google Detected
Avira HEUR/AGEN.1366847
Microsoft Trojan:Win32/SuspGolang.AG
ZoneAlarm HEUR:Trojan.Multi.MalGO.gen
GData Dump:Generic.Trojan.Tango.Marte.I.EC675907
AhnLab-V3 Trojan/Win.Sliver.R588019
DeepInstinct MALICIOUS
Malwarebytes HackTool.Sliver
Ikarus Trojan.WinGo.Shellcoderunner
Tencent Win32.Trojan.Malgo.Xwhl
huorong HackTool/Sliver.a
MaxSecure Trojan.Malware.300983.susgen
AVG MalwareX-gen [Trj]
alibabacloud Trojan:Multi/Sliver.D!MTB