popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Reaper%20cfx%20Spoofer%20V2.exe

Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check PE32 .NET EXE CAB
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 8, 2024, 4:54 p.m. Nov. 8, 2024, 5:12 p.m.
Size 566.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 9bbac718d4436ff01b90e3b264a3025b
SHA256 32823127a44b07fb3472b287683a0f1679ae1d727363bbddb2787439e9f3f0ca
CRC32 AB1A81A9
ssdeep 12288:MiO1VQ9tjjG+fZ9H0kJxp++z/L9KImjrmQTu2uE:M/VqtvPhZZDz/7mTTu2p
PDB Path wextract.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Press any key to continue . . .
console_handle: 0x0000000000000007
1 1 0
pdb_path wextract.pdb
resource name AVI
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\cfx.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Loader.exe
cmdline C:\Windows\system32\cmd.exe /c cls
cmdline C:\Windows\system32\cmd.exe /c Pause
section {u'size_of_data': u'0x00082a00', u'virtual_address': u'0x0000f000', u'entropy': 7.944552248016673, u'name': u'.rsrc', u'virtual_size': u'0x000829c6'} entropy 7.94455224802 description A section with a high entropy has been found
entropy 0.923961096375 description Overall entropy of this PE file is high
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Loader.exe
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Quasar.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh RDN/Generic.grp
ALYac Trojan.GenericKD.66333980
Cylance unsafe
VIPRE Trojan.GenericKD.66333980
Sangfor Backdoor.Win32.Agent.V7nr
K7AntiVirus Trojan ( 005915f61 )
BitDefender Trojan.GenericKD.66333980
K7GW Trojan ( 005915f61 )
Cybereason malicious.8d4436
Arcabit Trojan.Generic.D3F42D1C
Symantec ML.Attribute.HighConfidence
ESET-NOD32 multiple detections
APEX Malicious
McAfee Artemis!9BBAC718D443
Avast Win64:Evo-gen [Trj]
ClamAV Win.Trojan.Generic-6898101-0
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba TrojanSpy:MSIL/Quasar.3716ffd3
NANO-Antivirus Trojan.Win32.Quasar.jqcwsf
MicroWorld-eScan Trojan.GenericKD.66333980
Rising Malware.Obfus/MSIL@AI.90 (RDM.MSIL2:L9oc7HygGjW1n1TuCKx9zw)
Emsisoft Trojan.GenericKD.66333980 (B)
F-Secure Trojan.TR/Dropper.Gen
DrWeb Win32.HLLW.Autoruner3.5334
Zillya Trojan.Quasar.Win32.6538
McAfeeD ti!32823127A44B
Trapmine malicious.high.ml.score
FireEye Generic.mg.9bbac718d4436ff0
Sophos Mal/Generic-S
Ikarus Trojan-Spy.MSIL.Agent
Google Detected
Avira TR/Dropper.Gen
MAX malware (ai score=89)
Antiy-AVL Trojan/Win32.TSGeneric
Kingsoft malware.kb.a.886
Xcitium ApplicUnwnt@#hszi1ppa2qsh
Microsoft Backdoor:Win32/QuasarRAT.A
ZoneAlarm HEUR:Trojan-Spy.MSIL.Quasar.gen
GData MSIL.Trojan.PSE.1TI85RD
Varist W64/ABRisk.OHYR-8422
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/CI.A
TrendMicro-HouseCall TROJ_GEN.R002H06A424
Tencent Malware.Win32.Gencirc.115db838
Yandex Riskware.GameTool!vua9fGPaoq8