popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

WindowsAutHost.exe

ROMCOM RAT Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 8, 2025, noon March 8, 2025, 12:02 p.m.
Size 15.8MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 dcde423f70ce1bcb0b6cc519c15d7ab6
SHA256 1536725757d5e68235153460c05c97071b990640a60c5ff8d7b07493ddafd480
CRC32 74C8997B
ssdeep 393216:2Ayz8C1FNmzwk5mwFRgxTv8LZBs9z4Fz6zsZ8U5:2NICoL5ngp8LO4R64ZN5
Yara
  • ROMCOM_RAT - Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed.
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .00cfg
section .\'3
section .Qfk
section .wYM
section {u'size_of_data': u'0x00fd5000', u'virtual_address': u'0x00c10000', u'entropy': 7.918857985076612, u'name': u'.wYM', u'virtual_size': u'0x00fd4e90'} entropy 7.91885798508 description A section with a high entropy has been found
entropy 0.999814986124 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.VMProtect.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Agent
Skyhigh BehavesLike.Win64.Kryptik.wc
Cylance Unsafe
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Trojan.GenericKD.75955174
K7GW Trojan ( 005aea641 )
K7AntiVirus Trojan ( 005aea641 )
Arcabit Trojan.Generic.D486FBE6
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.VMProtect.QF
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
Kaspersky Trojan.Win32.Agent.xbwwas
MicroWorld-eScan Trojan.GenericKD.75955174
Rising Trojan.Kryptik@AI.88 (RDML:LaJg31nfqkILRMDXdmGX1Q)
Emsisoft Trojan.GenericKD.75955174 (B)
F-Secure Heuristic.HEUR/AGEN.1374859
DrWeb Trojan.BankBot.663
McAfeeD Real Protect-LS!DCDE423F70CE
CTX exe.trojan.vmprotect
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
FireEye Trojan.GenericKD.75955174
Google Detected
Avira HEUR/AGEN.1374859
Antiy-AVL Trojan[Packed]/Win64.VMProtect
Kingsoft Win32.Trojan.Agent.xbwwas
Gridinsoft Trojan.Heur!.02212023
Microsoft Trojan:Win64/Reflo!rfn
GData Win32.Backdoor.Rozena.D7VA60
Varist W64/ABTrojan.EONJ-2893
AhnLab-V3 Trojan/Win.MalwareX-gen.R693121
McAfee Artemis!DCDE423F70CE
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.2291236743
Ikarus PUA.VMProtect
Panda Trj/Chgt.AD
Tencent Win32.Trojan.Agent.Ljgl
MaxSecure Trojan.Malware.300983.susgen
Fortinet Riskware/Application
AVG Win64:MalwareX-gen [Trj]
Paloalto generic.ml
alibabacloud Trojan:Win/Packed.VMProtect.AW