popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

uu.exe

.NET framework(MSIL) Malicious Library UPX Malicious Packer PE File PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 8, 2025, 1:42 p.m. Jan. 8, 2025, 1:45 p.m.
Size 348.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d92b40747b5d7d55af91583f44f23fd9
SHA256 1e68461dbed6cc77c53808defed0071b243a9fbae1bf36576a124d843ebfe0eb
CRC32 AB32FCAC
ssdeep 6144:LzNHXf500MB0fNKIHb7JdilYKYKKtlNFBOwEY+:vd50eKI5YuTlNFByY+
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
api.ipify.org 104.26.13.205
ip-api.com 208.95.112.1
freegeoip.net 3.33.130.190
IP Address Status Action
164.124.101.2 Active Moloch
217.195.197.170 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.101:55146 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.101:55146 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.101:55146 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.101:53004 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.101:53004 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.101:53004 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.101:53004 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.101:59002 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.101:59002 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.101:59002 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.101:59002 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.101:55146 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.101:55146 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.101:55146 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.101:55146 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.101:53004 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.101:53004 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.101:53004 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

domain api.ipify.org
domain ip-api.com
host 217.195.197.170
dead_host 217.195.197.170:1604
Bkav W32.AIDetectMalware.CS
Lionic Trojan.MSIL.Agent.mCnJ
CAT-QuickHeal Trojan.Ghanarava.1736270575f23fd9
Skyhigh BehavesLike.Win32.TrojanAitInject.fh
ALYac Generic.MSIL.PasswordStealerA.F591A1BD
Cylance Unsafe
VIPRE Generic.MSIL.PasswordStealerA.F591A1BD
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Generic.MSIL.PasswordStealerA.F591A1BD
K7GW Trojan ( 00521dab1 )
K7AntiVirus Trojan ( 00521dab1 )
Arcabit Generic.MSIL.PasswordStealerA.F591A1BD
VirIT Trojan.Win32.MSIL_Heur.B
Symantec ML.Attribute.HighConfidence
Elastic Windows.Trojan.Quasarrat
ESET-NOD32 a variant of MSIL/Spy.Agent.AES
APEX Malicious
Avast MSIL:Rat-B [Trj]
ClamAV Win.Packed.Generic-9829635-0
Kaspersky Trojan.MSIL.Agent.foww
Alibaba Backdoor:MSIL/Quasar.793efc8f
SUPERAntiSpyware Trojan.Agent/Gen-PasswordStealer
MicroWorld-eScan Generic.MSIL.PasswordStealerA.F591A1BD
Rising Backdoor.xRAT!1.D01D (CLASSIC)
Emsisoft Generic.MSIL.PasswordStealerA.F591A1BD (B)
F-Secure Trojan:w32/QuasarRAT.A1
DrWeb Trojan.DownLoader27.59888
Zillya Trojan.Agent.Win32.1090568
TrendMicro TSPY_TINCLEX.SM1
McAfeeD Real Protect-LS!D92B40747B5D
Trapmine malicious.moderate.ml.score
CTX exe.trojan.msil
Sophos ATK/Zaquar-D
Ikarus Backdoor.QuasarRat
FireEye Generic.mg.d92b40747b5d7d55
Jiangmin Trojan.Generic.ajfvk
Webroot W32.Malware.Gen
Google Detected
Avira HEUR/AGEN.1307329
Antiy-AVL Trojan[Spy]/Win32.Agent.foqx
Kingsoft malware.kb.c.1000
Gridinsoft Trojan.Win32.Agent.sa
Microsoft Backdoor:MSIL/Quasar.GG!MTB
ViRobot Trojan.Win.Z.Agent.356352.AFR
GData MSIL.Backdoor.Quasar.D
Varist W32/MSIL_Mintluks.A.gen!Eldorado
AhnLab-V3 Trojan/Win32.Subti.R285137
McAfee PWS-FCOI!D92B40747B5D
DeepInstinct MALICIOUS