Summary | ZeroBOX

sn1.exe

Category Machine Started Completed
FILE s1_win7_x6402 March 22, 2021, 8:59 a.m. March 22, 2021, 9 a.m.
Size 65.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 4e228802bcb649751855c0bd9a35ab0d
SHA256 6c7386b07716fccd51108a9182a71c6855d6c0504e4fb62004ef004de1bb3bb1
CRC32 4079F5B5
ssdeep 1536:5hLVmgU/ruRYJurNs3YgcP2DX4w4PYf5aND:56zuWurNCYV26wf5aZ
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE64 - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

stacktrace:
sn1+0x5019 @ 0x13f245019
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346
0x346

exception.instruction_r: 48 8d 65 10 5d 3a d2 74 00 c3 48 89 45 00 48 8b
exception.symbol: sn1+0x5019
exception.instruction: lea rsp, qword ptr [rbp + 0x10]
exception.module: sn1.exe
exception.exception_code: 0x80000004
exception.offset: 20505
exception.address: 0x13f245019
registers.r14: 0
registers.r15: 0
registers.rcx: 48
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1308856
registers.r11: 514
registers.r8: 1307640
registers.r9: 1307696
registers.rdx: 8796092887632
registers.r12: 0
registers.rbp: 1308848
registers.rdi: 0
registers.rax: 838
registers.r13: 0
1 0 0
url http://code.jquery.com/
url http://c
description Code injection with CreateRemoteThread in a remote process rule inject_thread
description Create a windows service rule create_service
description Communications over UDP network rule network_udp_sock
description Listen for incoming communication rule network_tcp_listen
description Communications over P2P network rule network_p2p_win
description Communications over HTTP rule network_http
description File downloader/dropper rule network_dropper
description Communications over FTP rule network_ftp
description Communications over RAW socket rule network_tcp_socket
description Communications use DNS rule network_dns
description Communication using dga rule network_dga
description Escalade priviledges rule escalate_priv
description Take screenshot rule screenshot
description Run a keylogger rule keylogger
description Steal credential rule cred_local
description Record Audio rule sniff_audio
description APC queue tasks migration rule migrate_apc
description Malware can spread east-west file rule spreading_file
description Malware can spread east-west using share drive rule spreading_share
description Create or check mutex rule win_mutex
description Affect system registries rule win_registry
description Affect system token rule win_token
description Affect private profile rule win_private_profile
description Affect private profile rule win_files_operation
description Match Winsock 2 API library declaration rule Str_Win32_Winsock2_Library
description Match Windows Inet API library declaration rule Str_Win32_Wininet_Library
description Match Windows Inet API call rule Str_Win32_Internet_API
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description (no description) rule Check_Dlls
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
MicroWorld-eScan Trojan.GenericKD.36541943
McAfee Artemis!4E228802BCB6
CrowdStrike win/malicious_confidence_90% (W)
Alibaba Trojan:Win32/Cometer.0aae09e9
Arcabit Trojan.Generic.D22D95F7
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win64:Malware-gen
Kaspersky Trojan.Win32.Cometer.fex
BitDefender Trojan.GenericKD.36541943
ViRobot Trojan.Win32.Z.Agent.66560.AIB
Ad-Aware Trojan.GenericKD.36541943
Emsisoft Trojan.GenericKD.36541943 (B)
DrWeb Trojan.Siggen12.48116
McAfee-GW-Edition BehavesLike.Win64.VTFlooder.km
FireEye Trojan.GenericKD.36541943
Sophos Mal/Generic-S
Avira TR/AD.Swrort.krmop
Kingsoft Win32.Troj.Cometer.f.(kcloud)
Microsoft Trojan:Win32/Ymacco.AA6C
AegisLab Trojan.Win32.Cometer.4!c
ZoneAlarm Trojan.Win32.Cometer.fex
GData Trojan.GenericKD.36541943
Cynet Malicious (score: 85)
ALYac Trojan.GenericKD.36541943
MAX malware (ai score=100)
Malwarebytes Trojan.Cometer
Rising Trojan.Fuerboos!8.EFC8 (CLOUD)
Ikarus Trojan.Swrort
Fortinet W32/Cometer.FEX!tr
AVG Win64:Malware-gen
Panda Trj/CI.A
Qihoo-360 Win32/Adware.Cometer.HgEASRIA