popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

41a1111.hta

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 16, 2024, 6:12 p.m. Dec. 16, 2024, 6:41 p.m.
Size 61.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 8d3008b1b51e600b464f1458142a3f0f
SHA256 d73f5eddae8d37b97c5844576ab4c78b49b222a174714f819be479913a6dfec5
CRC32 E3C8A515
ssdeep 1536:F2kY17omXGwaA82rOGJQV0RIyauLAkBIR0x:F2kY6wGL2rO+Y0RIyFGqx
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
122.114.69.29 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
resource name None
description 41a1111.hta tried to sleep 154 seconds, actually delayed analysis time by 108 seconds
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00032200 size 0x000004e8
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00032200 size 0x000004e8
name RT_ACCELERATOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000326ec size 0x00000008
name None language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000326f8 size 0x0000000a
section {u'size_of_data': u'0x0000e600', u'virtual_address': u'0x00023000', u'entropy': 7.904778944176964, u'name': u'UPX1', u'virtual_size': u'0x0000f000'} entropy 7.90477894418 description A section with a high entropy has been found
entropy 0.958333333333 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
host 122.114.69.29
Lionic Trojan.Win32.Farfli.4!c
MicroWorld-eScan Dump:Generic.Dacic.D657E169.A.74E34CF9
CAT-QuickHeal Trojan.Mauvaise.SL1
Skyhigh BehavesLike.Win32.Generic.kc
ALYac Dump:Generic.Dacic.D657E169.A.74E34CF9
Cylance Unsafe
VIPRE Dump:Generic.Dacic.D657E169.A.74E34CF9
Sangfor Trojan.Win32.Farfli.Vokz
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Dump:Generic.Dacic.D657E169.A.74E34CF9
K7GW Trojan ( 0053af701 )
K7AntiVirus Trojan ( 0053af701 )
Arcabit Dump:Generic.Dacic.D657E169.A.74E34CF9
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win32/Farfli.ATE
APEX Malicious
Avast Win32:Evo-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Backdoor:Win32/Farfli.1e953133
NANO-Antivirus Trojan.Win32.Dwn.dxihqn
Rising Trojan.Farfli!8.FF (TFE:5:CQejOpL0yUV)
Emsisoft Dump:Generic.Dacic.D657E169.A.74E34CF9 (B)
F-Secure Trojan.TR/AVI.Gh0stCringe.rrfda
DrWeb Trojan.DownLoader16.26781
Zillya Trojan.Farfli.Win32.91373
TrendMicro BKDR_ZEGOST.SM44
McAfeeD ti!D73F5EDDAE8D
Trapmine malicious.moderate.ml.score
CTX exe.trojan.farfli
Sophos Mal/Generic-R
Ikarus Trojan-PWS.Win32.Bjlog
FireEye Generic.mg.8d3008b1b51e600b
Jiangmin Backdoor.Generic.bqnp
Webroot W32.Trojan.Gen
Google Detected
Avira TR/AVI.Gh0stCringe.rrfda
Antiy-AVL Trojan/Win32.Farfli
Kingsoft Win32.Hack.Generic.a
Xcitium TrojWare.Win32.AntiAV.~D@fny3h
Microsoft Trojan:Win32/Farfli.ASDI!MTB
ViRobot Trojan.Win32.Agent.192512.FD[UPX]
GData Dump:Generic.Dacic.D657E169.A.74E34CF9
Varist W32/ABTrojan.CBQH-1580
AhnLab-V3 Trojan/Win32.Agent.R97143
McAfee GenericRXAA-FA!8D3008B1B51E
DeepInstinct MALICIOUS
Malwarebytes MachineLearning/Anomalous.100%
Panda Trj/Genetic.gen
dead_host 192.168.56.101:49161
dead_host 122.114.69.29:56541