popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

cbot_debug.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 2, 2025, 9:53 a.m. April 2, 2025, 9:57 a.m.
Size 29.0KB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 55e5364c24cbe9979dbb77e2a6370a8d
SHA256 144f8bf9369a83dd2d778ac51e1b1aaba25e2c25e12ecb9644a76f9bb3c18432
CRC32 BC53107F
ssdeep 384:OZet5YKgVx3kt/3QhCWdhpx902uz7QiAzdxlhcNv2z/zT3/asw8Kl1P25ABSLmkX:EK5Y1vs/+Cqiz8HrcKLh2S170seE
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
cbot.galaxias.cc
A 176.65.142.252
176.65.142.252
IP Address Status Action
164.124.101.2 Active Moloch
176.65.142.252 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2027758 ET DNS Query for .cc TLD Potentially Bad Traffic

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x00006c00', u'virtual_address': u'0x00012000', u'entropy': 7.8976048651794715, u'name': u'UPX1', u'virtual_size': u'0x00007000'} entropy 7.89760486518 description A section with a high entropy has been found
entropy 0.947368421053 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_70% (D)
ESET-NOD32 a variant of Win64/Agent.AEK
Kaspersky HEUR:Trojan.Win64.Generic
Rising Trojan.Reconyc!8.153 (TFE:5:yWTlHXg2EDG)
McAfeeD ti!144F8BF9369A
Trapmine suspicious.low.ml.score
Google Detected
Microsoft Program:Win32/Wacapew.C!ml
AhnLab-V3 Trojan/Win.Barys.C5743789
DeepInstinct MALICIOUS
Malwarebytes Trojan.Dropper
Ikarus Trojan.Win32.Agent
Tencent Win64.Trojan.Generic.Kjgl
dead_host 192.168.56.101:49162