popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

6gdwwv.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 March 19, 2021, 8:16 a.m. March 19, 2021, 8:19 a.m.
Size 267.0KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 77be0dd6570301acac3634801676b5d7
SHA256 94e60de577c84625da69f785ffe7e24c889bfa6923dc7b017c21e8a313e4e8e1
CRC32 7FC11B0F
ssdeep 6144:VMWdTMYHqhElscw4liVM1LDtG8esyh3hNn+:TdTJqWrEVcDYxN+
Yara
  • PE_Header_Zero - PE File Signature Zero
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasOverlay - Overlay Check

Name Response Post-Analysis Lookup
sweyblidian.com
A 185.100.65.29
185.100.65.29
api.ipify.org
A 23.21.252.4
A 50.19.242.215
CNAME nagano-19599.herokussl.com
A 50.19.252.36
A 23.21.48.44
A 54.225.155.255
A 107.22.233.72
CNAME elb097307-934924932.us-east-1.elb.amazonaws.com
A 23.21.76.253
A 54.243.164.148
107.22.233.72
IP Address Status Action
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch
185.100.65.29 Active Moloch
50.19.252.36 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49806 -> 50.19.252.36:80 2029622 ET POLICY External IP Lookup (ipify .org) Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

request GET http://api.ipify.org/?format=xml
domain api.ipify.org
section {u'size_of_data': u'0x00003000', u'virtual_address': u'0x00038000', u'entropy': 6.831976809981057, u'name': u'.rdata', u'virtual_size': u'0x00002e68'} entropy 6.83197680998 description A section with a high entropy has been found
host 172.217.25.14
dead_host 185.100.65.29:80
Elastic malicious (high confidence)
ClamAV Win.Trojan.FickerStealer-9805476-1
CAT-QuickHeal Trojan.Zudochka
McAfee GenericRXNQ-MS!77BE0DD65703
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0001555e1 )
Alibaba TrojanDownloader:Win32/Stealer.2a8ebd8c
K7GW Trojan ( 0001555e1 )
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/Trojan.PEUM-7292
ESET-NOD32 a variant of Win32/Agent.UKB
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Zudochka.vho
BitDefender Trojan.GenericKD.45628116
NANO-Antivirus Trojan.Win32.Zudochka.ijmhtg
ViRobot Trojan.Win32.C.Agent.273422.A
MicroWorld-eScan Trojan.GenericKD.45628116
Avast Win32:TrojanX-gen [Trj]
Rising Trojan.Agent!8.B1E (CLOUD)
Ad-Aware Trojan.GenericKD.45628116
Emsisoft Trojan.Agent (A)
Comodo Malware@#30vyhmhgld3p
F-Secure Trojan.TR/Agent.aypeq
DrWeb Trojan.PWS.Siggen2.61317
Zillya Trojan.Agent.Win32.1690805
TrendMicro TrojanSpy.Win32.FICKERSTEALER.THBAFBA
McAfee-GW-Edition BehavesLike.Win32.Injector.dh
FireEye Generic.mg.77be0dd6570301ac
Sophos Mal/Generic-R + Troj/Delp-GW
Ikarus Trojan.Win32.Agent
GData Trojan.GenericKD.45628116
Webroot W32.Trojan.Gen
Avira TR/Agent.aypeq
Antiy-AVL Trojan/Win32.Agent
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa
Arcabit Trojan.Generic.D2B83AD4
AegisLab Trojan.Win32.Zudochka.4!c
ZoneAlarm HEUR:Trojan.Win32.Zudochka.vho
Microsoft TrojanDownloader:Win32/Stealer.CK!MTB
AhnLab-V3 Malware/Win32.RL_Generic.R352614
VBA32 BScope.Trojan.Zudochka
ALYac Trojan.Agent.Zudochka
MAX malware (ai score=100)
Malwarebytes Spyware.FickerStealer
TrendMicro-HouseCall TrojanSpy.Win32.FICKERSTEALER.THBAFBA