popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

raw_cbot.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 2, 2025, 9:53 a.m. April 2, 2025, 10 a.m.
Size 29.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 ac00294c21bca514a06403c4853fd4c9
SHA256 058ae6f35de80b39b0199767b87e83be9c4f98bb9c2d11e2fca178b115dec078
CRC32 D8787E3A
ssdeep 384:lZet5YKgVx3kt/3QhCWdhpx902uz7QiAzdxlhcNv2z/zT3/asw8Kl1P25ABSLmkw:nK5Y1vs/+Cqiz8HrcKLh2S17PEs+l
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
cbot.galaxias.cc
A 176.65.142.252
176.65.142.252
IP Address Status Action
176.65.142.252 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2027758 ET DNS Query for .cc TLD Potentially Bad Traffic

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x00006c00', u'virtual_address': u'0x00012000', u'entropy': 7.8980719917682976, u'name': u'UPX1', u'virtual_size': u'0x00007000'} entropy 7.89807199177 description A section with a high entropy has been found
entropy 0.947368421053 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W64.AIDetectMalware
MicroWorld-eScan Gen:Variant.Barys.431553
ALYac Gen:Variant.Barys.431553
Cylance Unsafe
VIPRE Gen:Variant.Barys.431553
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_70% (D)
BitDefender Gen:Variant.Barys.431553
Arcabit Trojan.Barys.D695C1
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win64/Agent.AEK
APEX Malicious
Kaspersky HEUR:Trojan.Win64.Generic
Rising Trojan.Reconyc!8.153 (TFE:5:yWTlHXg2EDG)
Emsisoft Gen:Variant.Barys.431553 (B)
Trapmine malicious.high.ml.score
CTX exe.unknown.barys
FireEye Gen:Variant.Barys.431553
Google Detected
Microsoft Program:Win32/Wacapew.C!ml
GData Gen:Variant.Barys.431553
AhnLab-V3 Trojan/Win.Barys.C5743789
DeepInstinct MALICIOUS
Malwarebytes Trojan.Dropper
Ikarus Trojan.Win32.Agent
Tencent Win64.Trojan.Generic.Pzfl
dead_host 192.168.56.103:49161