popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Service.exe

Generic Malware Malicious Library Antivirus UPX PE64 OS Processor Check PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 13, 2025, 9:44 a.m. March 13, 2025, 9:53 a.m.
Size 281.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 c6063e70d5165d1186696d84a18576b2
SHA256 31bbfded45a9815b54db6f95ea71498dc8c18eede71a3a6810bdf5b37ab5f56b
CRC32 2E18F42B
ssdeep 3072:bjTaw17mBiuYusL/ZWNLgAlkVQFFpeC/e6PTFsNpN8LCAlSFtkSmjJ53u8mWPowV:Sifus7QniVQFFAC/PFSAGf3mNJ/
PDB Path C:\Users\danar\OneDrive\Рабочий стол\LoaderV2\ClientLoader\x64\Release\ClientLoader.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
api.ipify.org
A 104.26.13.205
A 172.67.74.152
A 104.26.12.205
172.67.74.152
IP Address Status Action
162.55.60.2 Active Moloch
104.26.12.205 Active Moloch
164.124.101.2 Active Moloch
89.208.104.175 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
TCP 192.168.56.101:49163 -> 104.26.12.205:80 2021997 ET POLICY External IP Lookup api.ipify.org Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
pdb_path C:\Users\danar\OneDrive\Рабочий стол\LoaderV2\ClientLoader\x64\Release\ClientLoader.pdb
request GET http://api.ipify.org/
domain api.ipify.org
host 162.55.60.2
host 89.208.104.175
Lionic Trojan.Win32.Generic.4!c
Cynet Malicious (score: 100)
Cylance Unsafe
VIPRE Trojan.GenericKD.76000871
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.76000871
Arcabit Trojan.Generic.D487AE67
VirIT Trojan.Win64.Agent.HWH
Symantec Trojan.Coinminer
Elastic malicious (high confidence)
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
MicroWorld-eScan Trojan.GenericKD.76000871
Emsisoft Trojan.GenericKD.76000871 (B)
F-Secure Heuristic.HEUR/AGEN.1375080
McAfeeD ti!31BBFDED45A9
CTX exe.trojan.agen
SentinelOne Static AI - Suspicious PE
FireEye Generic.mg.c6063e70d5165d11
Google Detected
Avira HEUR/AGEN.1375080
Antiy-AVL GrayWare/Win32.Cayunamer
Microsoft Program:Win32/Cayunamer.A!ml
GData Win64.Trojan.Agent.C8ILZ9
Varist W64/ABTrojan.KYZC-9258
AhnLab-V3 Malware/Win.Generic.C5739647
McAfee Artemis!C6063E70D516
DeepInstinct MALICIOUS
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9V
Fortinet W32/PossibleThreat
AVG Win64:MalwareX-gen [Trj]
alibabacloud Trojan:Win/Cayunamer.A9nj