popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

wintoolsone64.exe

Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File dll OS Processor Check PE32 DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 30, 2024, 9:26 a.m. Oct. 30, 2024, 9:32 a.m.
Size 11.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3a408188540d593a618c37ff3b9fa378
SHA256 883170fb01d121dd32d3de0c16f987429da0cf1d137e3ce6a92fef44947ae53a
CRC32 6E2FDD54
ssdeep 98304:YTMOT3y46FsiZLgYkQlCOzOwEzN0Rpwro:w6JZLgpQlCsOjNP
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • DllRegisterServer_Zero - execute regsvr32.exe
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
Bkav W32.AIDetectMalware
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of WinGo/TrojanDropper.Agent.ES
Rising Dropper.Agent!1.10426 (CLASSIC)
Trapmine malicious.moderate.ml.score
Sophos Troj/Inject-JQY
Google Detected
Microsoft Trojan:Win32/Sabsik.FL.A!ml
AhnLab-V3 Infostealer/Win.LummaC2.R666374
Malwarebytes Malware.AI.2492468750
Ikarus Trojan.WinGo.Agent