popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

raw_cbot_debug.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 2, 2025, 9:53 a.m. April 2, 2025, 9:57 a.m.
Size 29.0KB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 db907401fe1676d0e67b655799c4dcd9
SHA256 32684a05df5cbe2f509784382f8a428c2dbb22d65625d5fee56102425d01ac4d
CRC32 42C785A6
ssdeep 384:AZet5YKgVx3kt/3QhCWdhpx902uz7QiAzdxlhcNv2z/zT3/asw8Kl1P25ABSLmkS:uK5Y1vs/+Cqiz8HrcKLh2S17i9s+F
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
cbot.galaxias.cc
A 176.65.142.252
176.65.142.252
IP Address Status Action
176.65.142.252 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2027758 ET DNS Query for .cc TLD Potentially Bad Traffic

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x00006c00', u'virtual_address': u'0x00012000', u'entropy': 7.898077946319266, u'name': u'UPX1', u'virtual_size': u'0x00007000'} entropy 7.89807794632 description A section with a high entropy has been found
entropy 0.947368421053 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W64.AIDetectMalware
Skyhigh BehavesLike.Win64.Fake.mc
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
K7GW Trojan ( 005707a41 )
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win64/Agent.AEK
Avast FileRepMalware [Trj]
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:Win64/Generic.b7b1e4b0
Rising Trojan.Reconyc!8.153 (TFE:5:yWTlHXg2EDG)
McAfeeD ti!32684A05DF5C
Trapmine malicious.high.ml.score
CTX exe.trojan.generic
Sophos Mal/Generic-S
Google Detected
Microsoft Trojan:Win32/Wacatac.B!ml
GData Win64.Trojan.Agent.KZZ9HD
AhnLab-V3 Trojan/Win.Barys.C5743789
McAfee Artemis!DB907401FE16
DeepInstinct MALICIOUS
Malwarebytes Trojan.Dropper
Ikarus Trojan.Win32.Agent
Tencent Win64.Trojan.Generic.Adhl
Fortinet W64/Agent.AEK!tr
AVG FileRepMalware [Trj]
alibabacloud Trojan:Win/Wacapew.C9nj
dead_host 192.168.56.103:49162