Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 21, 2025, 1:13 p.m.	April 21, 2025, 1:31 p.m.

Size	100.0KB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`ef8cd2d2915fabbe1032fad585172073`
SHA256	`eb8cc7d6a2ac1b048250cbd78d7663f034e5249932a337b1298ccc0d120ef073`
CRC32	`79069DFD`
ssdeep	`1536:lkIoalOYktfCM83vGT4HJVE/kGE5+Kb+LwoMSJZNR5FOINb:dFITtfCMjTOVE/kOXMSJZjPOINb`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware

dwinx64.exe "C:\Users\test22\AppData\Local\Temp\dwinx64.exe"
652

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
196.251.118.210	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49161 -> 196.251.118.210:8088	2056539	ET MALWARE Havoc Demon CnC Request	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses April 21, 2025, 1:06 p.m.	flags: 15 family: 0		111	0

Communicates with host for which no DNS query was performed (1 event)

host

196.251.118.210

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W64.AIDetectMalware
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Demon.S33863801
Skyhigh	BehavesLike.Win64.Agent.cm
ALYac	Generic.Trojan.Havokiz.Marte.D.78339ED4
Cylance	Unsafe
VIPRE	Generic.Trojan.Havokiz.Marte.D.78339ED4
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Generic.Trojan.Havokiz.Marte.D.78339ED4
K7GW	Trojan ( baba064c1 )
K7AntiVirus	Trojan ( 005b19fe1 )
Arcabit	Generic.Trojan.Havokiz.Marte.D.78339ED4
VirIT	Trojan.Win64.Agent.BUS
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Generic.Threat
ESET-NOD32	a variant of Win64/Havoc.L
APEX	Malicious
Avast	Win64:MalwareX-gen [Hack]
ClamAV	Win.Malware.Havoc-10019364-0
Kaspersky	HEUR:Backdoor.Win64.Havoc.pef
MicroWorld-eScan	Generic.Trojan.Havokiz.Marte.D.78339ED4
Rising	Backdoor.Havoc!1.1287A (CLASSIC)
Emsisoft	Generic.Trojan.Havokiz.Marte.D.78339ED4 (B)
F-Secure	Heuristic.HEUR/AGEN.1368308
DrWeb	BackDoor.Havoc.16
Zillya	Trojan.Havoc.Win64.100
TrendMicro	Backdoor.Win64.HAVOC.SMPK
McAfeeD	ti!EB8CC7D6A2AC
CTX	exe.trojan.havokiz
Sophos	ATK/Havoc-G
SentinelOne	Static AI - Malicious PE
Jiangmin	Backdoor.C2.d
Webroot	W32.Trojan.Gen
Google	Detected
Avira	HEUR/AGEN.1368308
Antiy-AVL	Trojan/Win64.Havoc.e
Microsoft	Trojan:Win32/Havokiz.C
ZoneAlarm	ATK/Havoc-G
GData	Generic.Trojan.Havokiz.Marte.D.78339ED4
Varist	W64/Havoc.A.gen!Eldorado
AhnLab-V3	Trojan/Win.Havoc.R673056
McAfee	Agent-FYC!EF8CD2D2915F
Malwarebytes	Trojan.Havoc
Ikarus	Trojan.Win64.Havoc
TrendMicro-HouseCall	Backdoor.Win64.HAVOC.SMPK
Tencent	Trojan.Win64.Havoc.16001250
huorong	Backdoor/W64.Havoc.a
Fortinet	W64/Havoc.L!tr
AVG	Win64:MalwareX-gen [Hack]
alibabacloud	Backdoor:Win/Havoc.f0bdef21

dwinx64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All