popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

CPDB.exe

AsyncRAT .NET framework(MSIL) UPX Malicious Library Malicious Packer .NET EXE PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Feb. 5, 2025, 11:02 a.m. Feb. 5, 2025, 11:17 a.m.
Size 65.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 daf531be28ca056a8e9a40966ab83cf0
SHA256 8b96d4f6ddfcb00b4921f876fea0420b9bab29c3d572da3e95335e978c2f94e5
CRC32 C50B1D1A
ssdeep 1536:f4eepw4Di76CS4rhWXjbAQqb4H1apEgQ68rSfqq3Wwx:f4eepw4Di72OWXjbyb4UBfF3tx
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • AsyncRat - AsyncRat Payload
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
otrodia8912.gleeze.com
A 45.157.233.241
45.157.233.241
IP Address Status Action
164.124.101.2 Active Moloch
45.157.233.241 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2045991 ET INFO DYNAMIC_DNS Query to a *.gleeze .com Domain Potentially Bad Traffic

Suricata TLS

No Suricata TLS

dead_host 45.157.233.241:3333
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.AsyncRAT.7!c
Skyhigh BehavesLike.Win32.Fareit.km
ALYac Gen:Trojan.Mardom.MN.14
Cylance Unsafe
VIPRE Gen:Trojan.Mardom.MN.14
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Trojan.Mardom.MN.14
K7GW Trojan ( 005b09e11 )
K7AntiVirus Trojan ( 005b09e11 )
Arcabit Trojan.Mardom.MN.14
VirIT Trojan.Win32.MSIL_Heur.B
Symantec MSIL.Trojan!gen7
Elastic Windows.Trojan.Asyncrat
ESET-NOD32 a variant of MSIL/AsyncRAT.A
APEX Malicious
Avast Win32:DropperX-gen [Drp]
ClamAV Win.Packed.Razy-9625918-0
Kaspersky HEUR:Trojan-Banker.MSIL.ClipBanker.gen
Alibaba Backdoor:MSIL/AsyncRat.02892736
MicroWorld-eScan Gen:Trojan.Mardom.MN.14
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Emsisoft Gen:Trojan.Mardom.MN.14 (B)
F-Secure Trojan.TR/Dropper.Gen
DrWeb BackDoor.AsyncRATNET.2
McAfeeD ti!8B96D4F6DDFC
CTX exe.trojan.msil
Sophos Troj/Clip-D
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.daf531be28ca056a
Jiangmin Trojan.Banker.MSIL.htq
Webroot W32.Trojan.Gen
Google Detected
Avira TR/Dropper.Gen
Kingsoft malware.kb.c.1000
Gridinsoft Trojan.Win32.Banker.sa
Microsoft Backdoor:MSIL/AsyncRat.AD!MTB
GData Gen:Trojan.Mardom.MN.14
Varist W32/Samas.B.gen!Eldorado
AhnLab-V3 Malware/Win.Generic.C5272268
McAfee Trojan-FVQO!DAF531BE28CA
DeepInstinct MALICIOUS
VBA32 OScope.Backdoor.MSIL.Crysan
Malwarebytes Backdoor.AsyncRAT
Ikarus Trojan.MSIL.AsyncRAT
Panda Trj/GdSda.A
Tencent Msil.Trojan-Banker.Clipbanker.Udkl
huorong Backdoor/Crysan.a
MaxSecure Trojan.Malware.73489558.susgen
Fortinet MSIL/Agent.CFQ!tr