popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

jmkykhjksefkyt.exe

Generic Malware Malicious Library Antivirus UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 23, 2025, 6:26 a.m. Jan. 23, 2025, 6:48 a.m.
Size 119.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 65cc23e7237f3cff2d206a269793772e
SHA256 a57a8a3c3c073632337bb870db56538ef3d3cebd1ada4c3ed2397ea73a6923fb
CRC32 22AE3454
ssdeep 3072:8Ho0VvS7fw67XojiwHjwlntccGGLz9VkYFP+WR9pLhbtnhSe2e2e2nw:41VvSM6ziiw0cMLzDj9VBne
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
t.me
A 149.154.167.99
149.154.167.99
steamcommunity.com
A 202.43.50.213
23.49.154.73
IP Address Status Action
149.154.167.99 Active Moloch
164.124.101.2 Active Moloch
202.43.50.213 Active Moloch
95.217.240.67 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
section .00cfg
suspicious_features GET method with no useragent header suspicious_request GET https://steamcommunity.com/profiles/76561199819539662
request GET https://steamcommunity.com/profiles/76561199819539662
host 95.217.240.67
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
process jmkykhjksefkyt.exe useragent
process jmkykhjksefkyt.exe useragent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0