popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

boilfdsefSQ.exe

Browser Login Data Stealer Generic Malware Malicious Library Downloader UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 12, 2025, 11:25 a.m. March 12, 2025, 11:36 a.m.
Size 431.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e5a997dcd4d6fc4d01ba75c6acfdc098
SHA256 f41eafd14e60035082f6313e0f7cbbff3a6e90defe48aa3e000793b94b007e87
CRC32 428B68F0
ssdeep 6144:JIdUXq44bq4LrqMUz2y6cdjJ4nCb0KhEekcdK5xAO2XjXapGc3Fou:JIdU6tdyDJZQKhEe7WAXWp7ou
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • infoStealer_browser_b_Zero - browser info stealer
  • Malicious_Packer_Zero - Malicious Packer
  • Network_Downloader - File Downloader
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
angel182394.ru
angel32423.ru
IP Address Status Action
164.124.101.2 Active Moloch
91.135.156.200 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
domain angel182394.ru description Russian Federation domain TLD
domain angel32423.ru description Russian Federation domain TLD
description boilfdsefSQ.exe tried to sleep 121 seconds, actually delayed analysis time by 121 seconds
host 91.135.156.200
dead_host 91.135.156.200:8109
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Remcos.m!c
Cynet Malicious (score: 100)
CTX exe.trojan.remcos
CAT-QuickHeal Trojan.RemcosRAT.S31331583
ALYac Dump:Generic.Dacic.A9349469.A.02C5EA08
Cylance Unsafe
VIPRE Dump:Generic.Dacic.A9349469.A.02C5EA08
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
K7GW Trojan ( 0057919d1 )
K7AntiVirus Trojan ( 0057919d1 )
Arcabit Dump:Generic.Dacic.A9349469.A.02C5EA08
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
APEX Malicious
ClamAV Win.Trojan.Remcos-9841897-0
Alibaba Backdoor:Win32/Remcos.7752029f
MicroWorld-eScan Dump:Generic.Dacic.A9349469.A.02C5EA08
Emsisoft Dump:Generic.Dacic.A9349469.A.02C5EA08 (B)
F-Secure Backdoor.BDS/Backdoor.Gen
Zillya Trojan.Rescoms.Win32.2190
McAfeeD Real Protect-LS!E5A997DCD4D6
Trapmine suspicious.low.ml.score
Sophos Mal/Remcos-B
SentinelOne Static AI - Malicious PE
Avira BDS/Backdoor.Gen
Kingsoft malware.kb.a.1000
Gridinsoft Trojan.Win32.Remcos.tr
Microsoft Trojan:Win32/Remcos!MTB
ZoneAlarm Mal/Remcos-B
GData Win32.Backdoor.Remcos.YMF452
Varist W32/Agent.JUB.gen!Eldorado
AhnLab-V3 Trojan/Win.RemcosRAT.R693547
McAfee GenericRXVH-QA!E5A997DCD4D6
VBA32 BScope.Backdoor.Remcos
Malwarebytes Generic.Malware.AI.DDS
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9V
Tencent Trojan.Win32.Remcos.16001234
huorong HEUR:Backdoor/Remcos.ae
Fortinet W32/Remcos.M!tr
Panda Trj/Genetic.gen
alibabacloud Backdoor:Win/Remcos