Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.19 08:04
responsive.bootstrap4.css
04.19 08:04
AdminLTE.css
04.19 08:04
fontawesome-all.min.css
04.19 08:04
daterangepicker.css
04.19 08:04
dataTables.bootstrap4.css
04.19 08:04
jquery-migrate-1.2.1.j...
04.19 08:04
CommonResponsive.js.po...
04.19 08:04
jquery-ui.js.pobrane
04.19 08:04
jquery-3.0.0.js.pobrane
04.19 08:04
jquery.alerts.js.pobrane

Latest News
04.19 09:04
Don’t be so quick to c...
04.19 09:04
NDPC, Health Ministry ...
04.19 08:04
How To Hunt Web And Ne...
04.19 08:04
Will it Run Llama 2? N...
04.19 07:04
ASUS Confirms Critical...
04.19 07:04
Florida Man Enters the...
04.19 05:04
Kooperation für Krisen...
04.19 05:04
Open Source DMR Radio
04.19 05:04
Uncovering Device Acti...
04.19 04:04
[부고] 송재은 NNSP 소장 부친상

Summary | ZeroBOX

meter.exe

Metasploit Generic Malware PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 11, 2025, 1:42 p.m.	April 11, 2025, 1:59 p.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`7af7ac6daa91adc01b0c8d6bc96ab17f`
SHA256	`b9ddbee617f73a6f31b842bfbb0b368c7d829729b2e28eafcc5276f145c7c8fa`
CRC32	`C5273B68`
ssdeep	`24:eFGStrJ9u0/6SApZnZdkBQAVl6WY+gq9KZqteNDMSCvOXpmB:is0nAkBQ4i+39zSD9C2kB`
Yara	PE_Header_Zero - PE File Signature Windows_Trojan_Metasploit_91bc5d7d - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware

meter.exe "C:\Users\test22\AppData\Local\Temp\meter.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
54.169.93.143	Active	Moloch
51.79.145.202	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.itnx

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 11, 2025, 1:42 p.m.	stacktrace: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x76cba404 meter+0x41fe @ 0x1400041fe 0x7fffffdf250 0x12f708 0x12f740 meter+0x41fe @ 0x1400041fe 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65 exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 exception.instruction: push rsp exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 697348 exception.address: 0x76cba404 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 5368726014 registers.rbx: 0 registers.rsp: 1244152 registers.r11: 514 registers.r8: 1242888 registers.r9: 1242944 registers.rdx: 8796092887632 registers.r12: 1244576 registers.rbp: 5368725514 registers.rdi: 88 registers.rax: 1993057284 registers.r13: 1244584	1	0	0

Communicates with host for which no DNS query was performed (2 events)

host	54.169.93.143
host	51.79.145.202

File has been identified by 67 AntiVirus engines on VirusTotal as malicious (50 out of 67 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Metasploit.4!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Metasploit.S9212471
Skyhigh	BehavesLike.Win64.Infected.zz
ALYac	Trojan.Metasploit.A
Cylance	Unsafe
VIPRE	Trojan.Metasploit.A
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.Metasploit.A
K7GW	Trojan ( 004fae881 )
K7AntiVirus	Trojan ( 004fae881 )
Arcabit	Trojan.Metasploit.A
VirIT	Trojan.Win32.Generic.BZPS
Symantec	Trojan Horse
Elastic	Windows.Trojan.Metasploit
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
Avast	Win32:MsfShell-V [Hack]
ClamAV	Win.Malware.Metasploit-10022275-0
Kaspersky	HEUR:Trojan.Win64.Packed.gen
Alibaba	Trojan:Win64/Meterpreter.70c0d644
NANO-Antivirus	Trojan.Win64.Shell.kwqumo
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
MicroWorld-eScan	Trojan.Metasploit.A
Rising	Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft	Trojan.Metasploit.A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
DrWeb	BackDoor.Shell.244
TrendMicro	Trojan.Win64.SWRORT.SM1.msp
McAfeeD	Real Protect-LS!7AF7AC6DAA91
Trapmine	malicious.high.ml.score
CTX	exe.trojan.rozena
Sophos	ATK/Meter-A
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Generic.auyjj
Webroot	W32.Malware.gen
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	malware.kb.b.976
Gridinsoft	Trojan.Win64.Gen.tr
Xcitium	Malware@#mga1kizqtwbc
Microsoft	Trojan:Win64/Meterpreter!pz
ViRobot	Trojan.Win.Z.Rozena.7168.WWP
ZoneAlarm	ATK/Meter-A
GData	Win64.Trojan.Rozena.I
Varist	W64/Rozena.IG
AhnLab-V3	Trojan/Win32.RL_Generic.R357794

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 events)

dead_host	192.168.56.101:49161
dead_host	54.169.93.143:10549