Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 13, 2025, 9:46 a.m.	March 13, 2025, 9:55 a.m.

Size	487.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4455502bde72ac40acc6d0460e760a56`
SHA256	`e45dd6b21ab21fe3d2faac0d81d5e1e7df8d877facc297255b4ac25450efa70f`
CRC32	`6178C9BB`
ssdeep	`6144:PIlSCa0RPvRz+n8Qr1D0ZGESuHabmvHOE4mCp6qtydBnP+Y4+3sAORZGFX3Xc6iJ:P200OFp+G0imvHn3Cp6qyBP+YdsvZGM`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature infoStealer_browser_b_Zero - browser info stealer Malicious_Packer_Zero - Malicious Packer Network_Downloader - File Downloader IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

kent.exe "C:\Users\test22\AppData\Local\Temp\kent.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
196.251.83.183	Active	Moloch
89.208.104.175	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

A process attempted to delay the analysis task. (1 event)

description

kent.exe tried to sleep 122 seconds, actually delayed analysis time by 122 seconds

Communicates with host for which no DNS query was performed (2 events)

host	196.251.83.183
host	89.208.104.175

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

196.251.83.183:2721

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Remcos.m!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Ghanarava.1741771869760a56
Skyhigh	BehavesLike.Win32.Remcos.gh
ALYac	Generic.Dacic.A9349469.A.405FA406
Cylance	Unsafe
VIPRE	Generic.Dacic.A9349469.A.405FA406
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.Dacic.A9349469.A.405FA406
K7GW	Trojan ( 0053ac2c1 )
K7AntiVirus	Trojan ( 0053ac2c1 )
Arcabit	Generic.Dacic.A9349469.A.405FA406
VirIT	Trojan.Win32.Remcos.DFP
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.Remcos
ESET-NOD32	a variant of Win32/Rescoms.B
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
ClamAV	Win.Trojan.Remcos-9841897-0
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
Alibaba	Backdoor:Win32/Remcos.ad070ee6
NANO-Antivirus	Trojan.Win32.Remcos.kvsovm
MicroWorld-eScan	Generic.Dacic.A9349469.A.405FA406
Rising	Backdoor.Remcos!1.BAC7 (CLASSIC)
Emsisoft	Generic.Dacic.A9349469.A.405FA406 (B)
F-Secure	Backdoor.BDS/Backdoor.Gen
DrWeb	BackDoor.Remcos.491
Zillya	Trojan.Rescoms.Win32.2189
McAfeeD	Real Protect-LS!4455502BDE72
CTX	exe.trojan.remcos
Sophos	Mal/Remcos-B
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.4455502bde72ac40
Webroot	Win.Backdoor.Remcos
Google	Detected
Avira	BDS/Backdoor.Gen
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	malware.kb.a.1000
Microsoft	Backdoor:Win32/Remcos.GA!MTB
ZoneAlarm	Mal/Remcos-B
GData	Generic.Dacic.A9349469.A.405FA406
Varist	W32/Agent.JUB.gen!Eldorado
AhnLab-V3	Backdoor/Win.Remcos.R693720
McAfee	Artemis!4455502BDE72
DeepInstinct	MALICIOUS
VBA32	BScope.Backdoor.Remcos
Malwarebytes	Backdoor.Remcos
Ikarus	Trojan.Win32.Remcos

kent.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All