popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

bot.dll

Generic Malware Malicious Library UPX Malicious Packer PE64 PE File DLL OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Feb. 6, 2025, 9:52 a.m. Feb. 6, 2025, 9:54 a.m.
Size 282.5KB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 245749553e7194636b0f78e7dea115ef
SHA256 4b7e4232fec31a80cdccada106516e45a38d97ae18fbba586d4bec41c0bad823
CRC32 01B2EE8F
ssdeep 6144:0c9yCc/g1uuGXU1Np7bmwWeRTPu0ocDEb1YT3dIXtAE:0cUCc/g1zGEvhpqcgbI3dHE
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
18.179.18.153 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
_strcmpi+0xb LdrResFindResourceDirectory-0x49 ntdll+0x3c5f7 @ 0x776fc5f7
LoadLibraryA+0x1f GetVersionExA-0x31 kernel32+0x1708f @ 0x76fd708f
?ReflectiveLoader@@YA_KXZ+0x40c bot+0x9a6c @ 0x7fef3e99a6c
rundll32+0x2f42 @ 0xff0b2f42
rundll32+0x3b7a @ 0xff0b3b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 45 0f b6 01 49 ff c1 41 8d 40 bf 83 f8 19 0f 86
exception.symbol: _strcmpi+0xb LdrResFindResourceDirectory-0x49 ntdll+0x3c5f7
exception.instruction: movzx r8d, byte ptr [r9]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 247287
exception.address: 0x776fc5f7
registers.r14: 0
registers.r15: 0
registers.rcx: 4329504767
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2226576
registers.r11: 518
registers.r8: 0
registers.r9: 4329504767
registers.rdx: 1996876224
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 4294967295
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2124
region_size: 348160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000020f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
host 18.179.18.153
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Tinukebot.4!c
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.NetLoader.dh
ALYac Gen:Variant.Cerbu.235503
Cylance Unsafe
VIPRE Gen:Variant.Cerbu.235503
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Cerbu.235503
K7GW Trojan ( 005b7b321 )
K7AntiVirus Trojan ( 005b7b321 )
Arcabit Trojan.Cerbu.D397EF
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Tinukebot.N
Avast Win64:BankerX-gen [Trj]
ClamAV Win.Malware.Tinukebot-10040717-0
Kaspersky UDS:Trojan.Win32.Generic
Alibaba Trojan:Win64/Tinukebot.25b8555d
MicroWorld-eScan Gen:Variant.Cerbu.235503
Rising Trojan.Tinukebot!8.E873 (TFE:5:LbNvixlb26G)
Emsisoft Gen:Variant.Cerbu.235503 (B)
TrendMicro TROJ_GEN.R002C0XB525
McAfeeD Real Protect-LS!245749553E71
Trapmine malicious.high.ml.score
CTX dll.trojan.generic
Sophos Harmony Loader (PUA)
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.245749553e719463
Google Detected
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win64.Banker.sa
Microsoft Trojan:Win32/Wacatac.B!ml
GData Gen:Variant.Cerbu.235503
AhnLab-V3 Trojan/Win.Inject.R690977
McAfee Artemis!245749553E71
DeepInstinct MALICIOUS
Ikarus Trojan.Win64.Tinukebot
TrendMicro-HouseCall TROJ_GEN.R002C0XB525
Tencent Win32.Trojan.Generic.Kqil
Fortinet W64/Tinukebot.N!tr
AVG Win64:BankerX-gen [Trj]
alibabacloud Trojan:Win/Tinukebot.N