popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

build.exe

Generic Malware Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 30, 2025, 2:01 p.m. March 30, 2025, 2:04 p.m.
Size 2.3MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 bcca205d6c8b5fa229dac59542122a0d
SHA256 68d0b02b31f5a6b51f8fdb02037242b4a6d754b3a258b18513159f5bb1be9352
CRC32 432877F2
ssdeep 49152:TzTGffNVFmJpUBEjCchyV62n+xarDmBNdgMUXjZOQEuxbACd84wxfjrQiG0TW6lP:KsOvHZGgo
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
tenacious-axiom-8.cfd
A 172.67.161.102
A 104.21.15.41
172.67.161.102
gakaroli.online
IP Address Status Action
104.21.15.41 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49161 -> 104.21.15.41:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49161
104.21.15.41:443 		C=US, O=Google Trust Services, CN=WE1 CN=tenacious-axiom-8.cfd c1:3b:cc:6f:0b:17:68:33:b7:d4:2b:c3:c3:3e:d4:c5:4b:d7:c4:3d

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
suspicious_features POST method with no referer header suspicious_request POST https://tenacious-axiom-8.cfd/Akashic_Brotherhood?ogjmzhalm1ln=5usQDMyBQv%2FJG3lCSDzp1XNzohlx7%2F8qYsKlde8zl%2FO7a%2FvodvFyvfk4bWrgDplZkzFHB3rP8zMMDp2LQ3%2FrMg%3D%3D
request POST https://tenacious-axiom-8.cfd/Akashic_Brotherhood?ogjmzhalm1ln=5usQDMyBQv%2FJG3lCSDzp1XNzohlx7%2F8qYsKlde8zl%2FO7a%2FvodvFyvfk4bWrgDplZkzFHB3rP8zMMDp2LQ3%2FrMg%3D%3D
request POST https://tenacious-axiom-8.cfd/Akashic_Brotherhood?ogjmzhalm1ln=5usQDMyBQv%2FJG3lCSDzp1XNzohlx7%2F8qYsKlde8zl%2FO7a%2FvodvFyvfk4bWrgDplZkzFHB3rP8zMMDp2LQ3%2FrMg%3D%3D
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 2125824
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000013f981000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 872
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000009520000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 872
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000009660000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 872
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000009662000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x0000c200', u'virtual_address': u'0x00208000', u'entropy': 7.858867327738764, u'name': u'.data', u'virtual_size': u'0x0000c090'} entropy 7.85886732774 description A section with a high entropy has been found
section {u'size_of_data': u'0x00038800', u'virtual_address': u'0x00215000', u'entropy': 7.85588078103277, u'name': u'.rdata', u'virtual_size': u'0x00038768'} entropy 7.85588078103 description A section with a high entropy has been found
registry HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 Override
registry HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Lionic Trojan.Win32.GenericML.4!c
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Genericml
Skyhigh BehavesLike.Win64.Generic.vh
ALYac Gen:Variant.Lazy.601049
Cylance Unsafe
VIPRE Gen:Variant.Lazy.601049
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Lazy.601049
K7GW Trojan ( 005bf9161 )
K7AntiVirus Trojan ( 005bf9161 )
Arcabit Trojan.Lazy.D92BD9
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Kryptik.EUP
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:Win64/Kryptik.3e299366
MicroWorld-eScan Gen:Variant.Lazy.601049
Rising Trojan.Kryptik!8.8 (CLOUD)
Emsisoft Gen:Variant.Lazy.601049 (B)
F-Secure Trojan.TR/AVI.Agent.bqrtq
McAfeeD ti!68D0B02B31F5
Trapmine malicious.moderate.ml.score
CTX exe.trojan.genericml
Sophos Mal/Generic-S
FireEye Generic.mg.bcca205d6c8b5fa2
Google Detected
Avira TR/AVI.Agent.bqrtq
Antiy-AVL Trojan/Win32.GenericML
Kingsoft malware.kb.a.894
Gridinsoft Trojan.Win64.Packed.sa
Microsoft Trojan:Win32/Wacatac.B!ml
GData Gen:Variant.Lazy.601049
Varist W64/ABTrojan.EIUQ-0082
AhnLab-V3 Trojan/Win.Generic.R687895
McAfee Artemis!BCCA205D6C8B
Malwarebytes Trojan.MalPack
Ikarus Trojan.Win64.Crypt
TrendMicro-HouseCall TROJ_GEN.R002H09CN25
Tencent Malware.Win32.Gencirc.145e3905
MaxSecure Trojan.Malware.8426628.susgen
Fortinet W64/Kryptik.EUP!tr
AVG Win64:MalwareX-gen [Trj]
alibabacloud Trojan:Win/GenericML.xlgf