Summary | ZeroBOX

AD.exe

Browser Login Data Stealer Generic Malware Malicious Library Downloader UPX Malicious Packer PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 24, 2024, 3:03 p.m. Dec. 24, 2024, 3:05 p.m.
Size 481.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 877cefe82dcee5f8e9961f020a636b2b
SHA256 1dbed0d9e6e038241961c9a1b4908b500f555d3b95117dd1b3118d5af46afd1c
CRC32 E1A81EC9
ssdeep 12288:luD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZDSS+DY:I09AfNIEYsunZvZ19ZFs
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Network_Downloader - File Downloader
  • infoStealer_browser_b_Zero - browser info stealer
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
newstaticfreepoint24.ddns-ip.net 181.131.217.244
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

description AD.exe tried to sleep 359 seconds, actually delayed analysis time by 359 seconds
Time & API Arguments Status Return Repeated

SetWindowsHookExA

thread_identifier: 0
callback_function: 0x004099d0
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x00400000
1 1245585 0
Bkav W32.AIDetectMalware
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Remcos.gh
ALYac Generic.Remcos.C65E9454
Cylance Unsafe
VIPRE Generic.Remcos.C65E9454
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (D)
BitDefender Generic.Remcos.C65E9454
K7GW Trojan ( 0053ac2c1 )
K7AntiVirus Trojan ( 0053ac2c1 )
Arcabit Generic.Remcos.C65E9454
VirIT Trojan.Win32.Genus.WXQ
Symantec ML.Attribute.HighConfidence
Elastic Windows.Trojan.Remcos
ESET-NOD32 a variant of Win32/Rescoms.B
APEX Malicious
Avast Win32:RATX-gen [Trj]
ClamAV Win.Trojan.Remcos-9841897-0
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
NANO-Antivirus Trojan.Win32.Remcos.ktfuyr
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
MicroWorld-eScan Generic.Remcos.C65E9454
Rising Backdoor.Remcos!1.BAC7 (CLASSIC)
Emsisoft Generic.Remcos.C65E9454 (B)
F-Secure Backdoor.BDS/Backdoor.Gen
DrWeb BackDoor.Remcos.460
Zillya Trojan.Rescoms.Win32.2053
McAfeeD Real Protect-LS!877CEFE82DCE
CTX exe.unknown.remcos
Sophos Mal/Remcos-B
SentinelOne Static AI - Suspicious PE
FireEye Generic.mg.877cefe82dcee5f8
Webroot W32.Trojan.Remcos
Google Detected
Avira BDS/Backdoor.Gen
Antiy-AVL Trojan[Backdoor]/Win32.Remcos
Kingsoft malware.kb.a.1000
Gridinsoft Backdoor.Win32.Remcos.oa!s1
Microsoft Backdoor:Win32/Remcos.GA!MTB
GData Generic.Remcos.C65E9454
Varist W32/Agent.JUB.gen!Eldorado
AhnLab-V3 Backdoor/Win.Remcos.R679222
DeepInstinct MALICIOUS
VBA32 BScope.Backdoor.Remcos
Malwarebytes Backdoor.Remcos
Ikarus Backdoor.Remcos
Panda Trj/Genetic.gen
Tencent Trojan.Win32.Remcos.16001234
Yandex Trojan.Rescoms!MI4yhsw8j7Q