popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

kleiman.exe

AsyncRAT
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 March 17, 2021, 10:56 p.m. March 17, 2021, 10:59 p.m.
Size 96.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f67d50d3ca318b7dc910ea10830f5c39
SHA256 52376f221552bdfdc3619e9c5776b6e53e5819421e5d55de992c86114e8d601b
CRC32 FF01458A
ssdeep 1536:WOVM3EFVBIe2eOm5qn080M0+5eS3ZtlvNIYAEhIuQBRGbDqbJc/PO06sGtUrB:nNTRB5IveWZTvNvNhUB/bJcnO00UrB
Yara
  • PE_Header_Zero - PE File Signature Zero
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check

Name Response Post-Analysis Lookup
coroloboxorozor.com
IP Address Status Action
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x0000e800', u'virtual_address': u'0x0000c000', u'entropy': 7.9690656341391355, u'name': u'.rsrc', u'virtual_size': u'0x0000e7a0'} entropy 7.96906563414 description A section with a high entropy has been found
entropy 0.607329842932 description Overall entropy of this PE file is high
host 172.217.25.14
MicroWorld-eScan Trojan.GenericKD.45800078
FireEye Generic.mg.f67d50d3ca318b7d
CAT-QuickHeal TrojanSpy.MSIL
ALYac Trojan.GenericKD.45800078
Malwarebytes Trojan.Downloader.MSIL
Zillya Trojan.Stealer.Win32.10630
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_80% (W)
Alibaba TrojanSpy:MSIL/Stealer.328bd826
K7GW Trojan-Downloader ( 005788021 )
K7AntiVirus Trojan-Downloader ( 005788021 )
BitDefenderTheta Gen:NN.ZemsilF.34628.gm0@aOchQvj
Cyren W32/Trojan.CDEN-6104
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender Trojan.GenericKD.45800078
NANO-Antivirus Trojan.Win32.Stealer.inwhcl
Avast Win32:KeyloggerX-gen [Trj]
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKD.45800078
Emsisoft Trojan.GenericKD.45800078 (B)
DrWeb Trojan.Siggen12.15229
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0PC321
McAfee-GW-Edition RDN/Generic PWS.y
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Backdoor.MSIL.ehrq
MaxSecure Trojan.Malware.73709669.susgen
Avira TR/Spy.Stealer.tqpzx
MAX malware (ai score=86)
Microsoft Trojan:Win32/Ymacco.AA52
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Generic.D2BADA8E
GData Trojan.GenericKD.45800078
Cynet Malicious (score: 90)
AhnLab-V3 Malware/Win32.RL_Generic.C4361204
McAfee RDN/Generic PWS.y
VBA32 TScope.Trojan.MSIL
Cylance Unsafe
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.HLZ
TrendMicro-HouseCall TROJ_GEN.R002C0PC321
Rising Trojan.Generic!8.C3 (CLOUD)
Yandex Trojan.DL.Agent!dYkmXPP4OHk
Ikarus Trojan-Downloader.MSIL.Agent
eGambit Unsafe.AI_Score_100%
Fortinet PossibleThreat.PALLAS.H
AVG Win32:KeyloggerX-gen [Trj]