Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 30, 2024, 9:46 a.m.	Oct. 30, 2024, 9:48 a.m.

Size	64.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`99e291c244c7c4bc5d0f90840170813e`
SHA256	`d202ed020ed8e36bd8a0f5b571a19d386c12abecb2a28c989d50bbf92c78f54e`
CRC32	`0D7ADDCF`
ssdeep	`1536:MXDGJEBFKfMAL6TlPNYw3mdsTJlchZbr:wGIYfMrPNYvWJlchlr`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Antivirus - Contains references to security software IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

server.exe "C:\Users\test22\AppData\Local\Temp\server.exe"
660

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
121.196.49.217	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Armadillo v1.71

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0000f060

size

0x000003ec

Communicates with host for which no DNS query was performed (1 event)

host

121.196.49.217

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

121.196.49.217:12358

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Lionic	Trojan.Win32.Zegost.4!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Backdoor.Farfli.20223
Skyhigh	BehavesLike.Win32.Infected.km
ALYac	Gen:Trojan.Redosdru.!o!.1
Cylance	Unsafe
VIPRE	Gen:Trojan.Redosdru.!o!.1
Sangfor	Trojan.Win32.Dialer.NEH
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Trojan.Redosdru.!o!.1
K7GW	Dialer ( 000096541 )
K7AntiVirus	Dialer ( 000096541 )
Arcabit	Trojan.Redosdru.!o!.1
Baidu	Win32.Trojan.Farfli.ai
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Dialer.NEH
Avast	Win32:Agent-BADD [Trj]
ClamAV	Win.Trojan.Farfli-9822376-0
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Backdoor:Win32/Zegost.45627b24
NANO-Antivirus	Trojan.Win32.Zegost.hjskth
SUPERAntiSpyware	Trojan.Agent/Gen-WebGame
MicroWorld-eScan	Gen:Trojan.Redosdru.!o!.1
Rising	Backdoor.Farfli!1.6531 (CLASSIC)
Emsisoft	Gen:Trojan.Redosdru.!o!.1 (B)
F-Secure	Backdoor.BDS/Zegost.ukva
DrWeb	BackDoor.Siggen.52105
Zillya	Dialer.NEH.Win32.338
TrendMicro	BKDR_FARFLI.SMQ
McAfeeD	Real Protect-LS!99E291C244C7
Trapmine	suspicious.low.ml.score
CTX	exe.trojan.zegost
Sophos	Mal/Behav-170
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.99e291c244c7c4bc
Jiangmin	Heur:Trojan/AntiAV
Google	Detected
Avira	BDS/Zegost.ukva
Kingsoft	malware.kb.a.1000
Gridinsoft	Trojan.Win32.Gen.tr
Xcitium	TrojWare.Win32.Magania.~AAD@f80tc
Microsoft	Backdoor:Win32/Zegost.AD
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Trojan.Redosdru.!o!.1
Varist	W32/OnlineGames.BX.gen!Eldorado
AhnLab-V3	Trojan/Win32.OnlineGameHack.R13673
McAfee	GenericRXEN-QM!99E291C244C7
DeepInstinct	MALICIOUS
VBA32	BScope.Backdoor.Zegost
Ikarus	Backdoor.Win32.Zegost

server.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All