popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

AAservices.exe

RedlineStealer Gen1 RedLine stealer Generic Malware UPX Malicious Packer .NET framework(MSIL) Malicious Library ftp OS Name Check PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 30, 2025, 7:03 p.m. March 30, 2025, 7:06 p.m.
Size 8.5MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 a5afaac697fab2c766051607ae273134
SHA256 291977390ed9da8791a2395429c6040ba437de103c6215d80052d583221db9d2
CRC32 55EE0B05
ssdeep 196608:LVWcUXnQ6xnIswB3ys2uypSZ4JCaqcwB3ys2uypSZ4JC7q:LVWcUXnQ6xnIp9zyS4JCaqZ9zyS4JC7q
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • IsPE64 - (no description)
  • ftp_command - ftp command
  • RedLine_Stealer_b_Zero - RedLine stealer
  • Malicious_Packer_Zero - Malicious Packer
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • OS_Name_Check_Zero - OS Name Check Signature
  • UPX_Zero - UPX packed file
  • detect_Redline_Stealer_V2 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x0075ae00', u'virtual_address': u'0x000e6000', u'entropy': 7.689998500978965, u'name': u'.data', u'virtual_size': u'0x0075b8b8'} entropy 7.68999850098 description A section with a high entropy has been found
entropy 0.868434707408 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Cynet Malicious (score: 99)
Skyhigh BehavesLike.Win64.TrojanAitInject.rc
Cylance Unsafe
Sangfor Virus.Win32.Save.a
CrowdStrike win/malicious_confidence_70% (D)
Symantec ML.Attribute.HighConfidence
Elastic Windows.Generic.Threat
ESET-NOD32 a variant of Win64/GenKryptik.HCUG
APEX Malicious
Avast Win32:PWSX-gen [Trj]
ClamAV Win.Packed.Generic-9805849-0
Rising Stealer.Phemedrone!1.F3D5 (CLASSIC)
F-Secure Heuristic.HEUR/AGEN.1372085
DrWeb Trojan.PWS.Stealer.41994
McAfeeD ti!291977390ED9
SentinelOne Static AI - Suspicious PE
Google Detected
Avira HEUR/AGEN.1372085
Antiy-AVL Trojan[Spy]/Win32.Agent.foqx
Microsoft Program:Win32/Wacapew.C!ml
AhnLab-V3 Trojan/Win.Generic.R689226
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware.AI.DDS
Ikarus Trojan.Win64.Krypt
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9V
huorong TrojanSpy/MSIL.Orcus.b
MaxSecure Trojan.Malware.121218.susgen
AVG Win32:PWSX-gen [Trj]
alibabacloud Trojan[downloader]:Win/Agent_AGen.BU