popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

cbot.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 2, 2025, 9:53 a.m. April 2, 2025, 9:55 a.m.
Size 29.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 cbb0a9271f42274b0455094768ca416d
SHA256 3651de48c64d4481ac5d7f1da072d4f9c29b2e9a691acfa7205061543c355633
CRC32 55C88821
ssdeep 384:fZet5YKgVx3kt/3QhCWdhpx902uz7QiAzdxlhcNv2z/zT3/asw8Kl1P25ABSLmki:xK5Y1vs/+Cqiz8HrcKLh2S17qsel
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
cbot.galaxias.cc
A 176.65.142.252
176.65.142.252
IP Address Status Action
164.124.101.2 Active Moloch
176.65.142.252 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2027758 ET DNS Query for .cc TLD Potentially Bad Traffic

Suricata TLS

No Suricata TLS

domain cbot.galaxias.cc description Cocos Islands domain TLD
section {u'size_of_data': u'0x00006c00', u'virtual_address': u'0x00012000', u'entropy': 7.897799044742857, u'name': u'UPX1', u'virtual_size': u'0x00007000'} entropy 7.89779904474 description A section with a high entropy has been found
entropy 0.947368421053 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W64.AIDetectMalware
ALYac Gen:Variant.Barys.431553
Cylance Unsafe
VIPRE Gen:Variant.Barys.431553
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_70% (D)
BitDefender Gen:Variant.Barys.431553
Arcabit Trojan.Barys.D695C1
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win64/Agent.AEK
Kaspersky HEUR:Trojan.Win64.Generic
MicroWorld-eScan Gen:Variant.Barys.431553
Rising Trojan.Reconyc!8.153 (TFE:5:yWTlHXg2EDG)
Emsisoft Gen:Variant.Barys.431553 (B)
Trapmine suspicious.low.ml.score
CTX exe.unknown.barys
FireEye Gen:Variant.Barys.431553
Google Detected
Kingsoft malware.kb.b.795
Microsoft Program:Win32/Wacapew.C!ml
GData Gen:Variant.Barys.431553
AhnLab-V3 Trojan/Win.Barys.C5743789
DeepInstinct MALICIOUS
Malwarebytes Trojan.Dropper
Ikarus Trojan.Win32.Agent
Tencent Win64.Trojan.Generic.Edhl
dead_host 192.168.56.103:49162