Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 2, 2025, 10:42 a.m.	March 2, 2025, 10:45 a.m.

Size	486.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`16010d959e14338201481f8fb25f881c`
SHA256	`75fed14fd61067a1c0c2a10d0eefcc349308e1f4a1993a075a9f0c768affab13`
CRC32	`E3D56A91`
ssdeep	`6144:ZIlSCa0RPvRz+n8Qr1D0ZGESuHabmvHOE4mCp6qtydBnP+Y4+3sAORZGFX3Xc6RJ:Z200OFp+G0imvHn3Cp6qyBP+YdsvZGz`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature infoStealer_browser_b_Zero - browser info stealer Malicious_Packer_Zero - Malicious Packer Network_Downloader - File Downloader IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

sena.exe "C:\Users\test22\AppData\Local\Temp\sena.exe"
2564

Name	Response	Post-Analysis Lookup
21ene.ip-ddns.com

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

A process attempted to delay the analysis task. (1 event)

description

sena.exe tried to sleep 467 seconds, actually delayed analysis time by 467 seconds

Creates a windows hook that monitors keyboard input (keylogger) (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExA March 2, 2025, 10:42 a.m.	thread_identifier: 0 callback_function: 0x00409d0a hook_identifier: 13 (WH_KEYBOARD_LL) module_address: 0x00400000	1	4194727	0

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Remcos.m!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Backdoor.Remcos
Skyhigh	BehavesLike.Win32.Remcos.gh
ALYac	Generic.Dacic.A9349469.A.9CCDDA16
Cylance	Unsafe
VIPRE	Generic.Dacic.A9349469.A.9CCDDA16
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.Dacic.A9349469.A.9CCDDA16
K7GW	Trojan ( 0053ac2c1 )
K7AntiVirus	Trojan ( 0053ac2c1 )
Arcabit	Generic.Dacic.A9349469.A.9CCDDA16
VirIT	Trojan.Win32.Remcos.DFP
Symantec	Trojan Horse
Elastic	Windows.Trojan.Remcos
ESET-NOD32	a variant of Win32/Rescoms.B
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
ClamAV	Win.Trojan.Remcos-9841897-0
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
Alibaba	Backdoor:Win32/Remcos.9c3fd8d9
NANO-Antivirus	Trojan.Win32.Remcos.kvsovm
MicroWorld-eScan	Generic.Dacic.A9349469.A.9CCDDA16
Rising	Backdoor.Remcos!1.BAC7 (CLASSIC)
Emsisoft	Generic.Dacic.A9349469.A.9CCDDA16 (B)
F-Secure	Backdoor.BDS/Backdoor.Gen
DrWeb	BackDoor.Remcos.491
McAfeeD	Real Protect-LS!16010D959E14
CTX	exe.trojan.remcos
Sophos	Mal/Remcos-B
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.16010d959e143382
Google	Detected
Avira	BDS/Backdoor.Gen
Antiy-AVL	Trojan[Backdoor]/Win32.Remcos
Kingsoft	Win32.Hack.Remcos.gen
Gridinsoft	Backdoor.Win32.Remcos.sa
Xcitium	Malware@#2u9ok0tp82fch
Microsoft	Backdoor:Win32/Remcos.GA!MTB
ViRobot	Trojan.Win.Z.Remcos.498176.D
GData	Generic.Dacic.A9349469.A.9CCDDA16
Varist	W32/Agent.JUB.gen!Eldorado
AhnLab-V3	Backdoor/Win.Remcos.R693720
McAfee	Artemis!16010D959E14
DeepInstinct	MALICIOUS
VBA32	BScope.Backdoor.Remcos
Malwarebytes	Backdoor.Remcos
Ikarus	Trojan.Win32.Remcos

sena.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All