popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

samat.exe

Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 22, 2024, 3:02 p.m. Nov. 22, 2024, 3:07 p.m.
Size 13.3MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 f74588fc6a3342296cbb881d87c17300
SHA256 8d9631d40e85203e942106de4530e9ae857849d6a5e38126f338a816b37d461c
CRC32 7EE48B07
ssdeep 393216:w9YiZ+XMCHWUjccuICvR/P0vKfXmsg8YiZdo:w9YiZ+XMb8JE/svKOudo
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI25762\VCRUNTIME140_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25762\python313.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25762\libffi-8.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25762\pywin32_system32\pywintypes313.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25762\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25762\libcrypto-3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25762\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25762\libssl-3.dll
cmdline "C:\Users\test22\AppData\Local\Temp\samat.exe"
Bkav W64.AIDetectMalware
Skyhigh BehavesLike.Win64.Suspicioustrojan.tc
Cylance Unsafe
CrowdStrike win/malicious_confidence_100% (D)
Symantec Trojan.Gen.9
Elastic malicious (moderate confidence)
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba TrojanPSW:Win32/Almi_Stealer.c
Rising Stealer.Agent/PYC!1.10567 (CLASSIC)
TrendMicro Trojan.Win64.AMADEY.YXEKVZ
McAfeeD ti!8D9631D40E85
CTX exe.trojan.stealer
Sophos Mal/Generic-S
Kingsoft Win32.Troj.Unknown.a
Microsoft Trojan:Script/Phonzy.B!ml
GData Win32.Malware.Antis.KEZ5YV
McAfee Artemis!F74588FC6A33
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3383042003
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXEKVZ
huorong TrojanSpy/Python.Stealer.ae
Fortinet W32/PossibleThreat
Paloalto generic.ml