popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

3.exe

Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX Malicious Packer PE File dll OS Processor Check PE32 DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 29, 2024, 5:08 p.m. Oct. 29, 2024, 5:17 p.m.
Size 16.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2dc8cdf825e23ff1df1ad11b3a6f1973
SHA256 5d215747817125559e1a2d934c301ab466cbc956a6839c8a45f8b02b84b184d0
CRC32 94934DA3
ssdeep 98304:dKulY9+o0L82IacWOEF8xbADr/xLCqjqdYCDBvYuSHFCxMg:DZVyj8/tCGiBdSHF7g
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • DllRegisterServer_Zero - execute regsvr32.exe
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
Bkav W32.AIDetectMalware
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of WinGo/TrojanDropper.Agent.EK
Rising Dropper.Agent!1.104A8 (CLASSIC)
Trapmine suspicious.low.ml.score
Sophos Troj/Inject-JQY
Google Detected
Kingsoft malware.kb.a.809
Microsoft Trojan:Win32/LummaStealer.RPA!MTB
Malwarebytes Trojan.Dropper
Ikarus Trojan-Dropper.WinGo.Agent
huorong Trojan/Injector.bxj