Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 24, 2025, 10:38 a.m.	March 24, 2025, 10:40 a.m.

Size	487.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`98de3c43c37b259a74557f3e6bfbd612`
SHA256	`29574e6d07de8c3a6aa4fcd5ba2d8a452936cd8bc698942203b2c77317db3f5f`
CRC32	`1950F791`
ssdeep	`6144:/IlSCa0RPvRz+n8Qr1D0ZGESuHabmvHOE4mCp6qtydBnP+Y4+3sAORZGFX3Xc6XJ:/200OFp+G0imvHn3Cp6qyBP+YdsvZGN`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature infoStealer_browser_b_Zero - browser info stealer Malicious_Packer_Zero - Malicious Packer Network_Downloader - File Downloader IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

rcpro.exe "C:\Users\test22\AppData\Local\Temp\rcpro.exe"
1156

Name	Response	Post-Analysis Lookup
httpss.myvnc.com	A 178.255.148.203	178.255.148.203

IP Address	Status	Action
164.124.101.2	Active	Moloch
178.255.148.203	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:50800 -> 164.124.101.2:53	2028685	ET POLICY DNS Query to DynDNS Domain *.myvnc .com	Potentially Bad Traffic
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2028685	ET POLICY DNS Query to DynDNS Domain *.myvnc .com	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2028685	ET POLICY DNS Query to DynDNS Domain *.myvnc .com	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Connects to a Dynamic DNS Domain (1 event)

domain

httpss.myvnc.com

A process attempted to delay the analysis task. (1 event)

description

rcpro.exe tried to sleep 122 seconds, actually delayed analysis time by 122 seconds

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

178.255.148.203:2404

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Remcos.m!c
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Remcos.gh
ALYac	Generic.Dacic.A9349469.A.F9E1FD8C
Cylance	Unsafe
VIPRE	Generic.Dacic.A9349469.A.F9E1FD8C
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.Dacic.A9349469.A.F9E1FD8C
K7GW	Trojan ( 0053ac2c1 )
K7AntiVirus	Trojan ( 0053ac2c1 )
Arcabit	Generic.Dacic.A9349469.A.F9E1FD8C
VirIT	Trojan.Win32.Remcos.DFP
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.Remcos
ESET-NOD32	a variant of Win32/Rescoms.B
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
ClamAV	Win.Trojan.Remcos-9841897-0
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
Alibaba	Backdoor:Win32/Remcos.eb0130dc
NANO-Antivirus	Trojan.Win32.Remcos.kvsovm
MicroWorld-eScan	Generic.Dacic.A9349469.A.F9E1FD8C
Rising	Backdoor.Remcos!1.BAC7 (CLASSIC)
Emsisoft	Generic.Dacic.A9349469.A.F9E1FD8C (B)
F-Secure	Backdoor.BDS/Backdoor.Gen
DrWeb	BackDoor.Remcos.491
Zillya	Trojan.Rescoms.Win32.2189
McAfeeD	Real Protect-LS!98DE3C43C37B
CTX	exe.trojan.remcos
Sophos	Mal/Remcos-B
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.98de3c43c37b259a
Webroot	Win.Backdoor.Remcos
Google	Detected
Avira	BDS/Backdoor.Gen
Antiy-AVL	Trojan[Backdoor]/Win32.Remcos
Kingsoft	malware.kb.a.1000
Gridinsoft	Backdoor.Win32.Remcos.sa
Microsoft	Backdoor:Win32/Remcos.GA!MTB
ZoneAlarm	Mal/Remcos-B
GData	Generic.Dacic.A9349469.A.F9E1FD8C
Varist	W32/Agent.JUB.gen!Eldorado
AhnLab-V3	Backdoor/Win.Remcos.R693720
McAfee	Artemis!98DE3C43C37B
DeepInstinct	MALICIOUS
VBA32	Backdoor.RmRAT
Ikarus	Trojan.Win32.Remcos
Panda	Trj/Genetic.gen

rcpro.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All