Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 8, 2024, 4:56 p.m.	Nov. 8, 2024, 5:15 p.m.

Size	24.1MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`7a3c5b70ffdb7399dc9386ea6511c0a9`
SHA256	`f7ee8fdcb8a064a192aa58b6ec2d80879bd71b5995b06352ee360cfb38cd4732`
CRC32	`2FFE5CF8`
ssdeep	`98304:YgHZQOMGQEI+erErQUZP0NzOgfH6Y3mWlEaj3IS9F9x0jjvwbLEUl+ITzZSmr0at:7k+frQUZm6fojb79FcPvvU/lzDB`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.symtab

Time & API	Arguments	Status	Return	Repeated
__exception__ Nov. 8, 2024, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 29044096 registers.r15: 0 registers.rcx: -1 registers.rsi: 2292481 registers.r10: 0 registers.rbx: -10000 registers.rsp: 2292760 registers.r11: 582 registers.r8: 2292800 registers.r9: 2292544 registers.rdx: 0 registers.r12: 2293328 registers.rbp: 2292824 registers.rdi: 4464128 registers.rax: 0 registers.r13: 0	1	0	0

Lionic	Riskware.Win32.Ngrok.1!c
Cylance	Unsafe
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of WinGo/Ngrok.B potentially unsafe
Kaspersky	not-a-virus:HEUR:NetTool.Multi.Ngrok.a
NANO-Antivirus	Riskware.Win64.Ngrok.kkogxh
DrWeb	Tool.Ngrok.1
Zillya	Trojan.Ngrok.Win32.4
McAfeeD	ti!F7EE8FDCB8A0
CTX	exe.trojan.ngrok
Google	Detected
Antiy-AVL	Trojan/Win32.Ngrok
Kingsoft	Win32.Troj.Generic.v
Gridinsoft	Virtool.Win64.NetTool.cl
ZoneAlarm	not-a-virus:HEUR:NetTool.Multi.Ngrok.a
GData	Win64.Application.Agent.AQL617
Varist	W64/Ngrok.EIST-4337
Malwarebytes	RiskWare.Ngrok
Ikarus	PUA.Ngrok
MaxSecure	Trojan.Malware.234992274.susgen

ngrok.exe