popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

System.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 March 22, 2021, 10:17 a.m. March 22, 2021, 10:25 a.m.
Size 101.5KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a85190837b16f6251a85a30b9d4f5c14
SHA256 9b427557d6451afadb6903868c4410c94ed58a703a3ef95323d44b4b0b32de53
CRC32 DD6BDF76
ssdeep 1536:mGdAI9xCWJWALUvu3e1LInTd5WaMtBZS5zXGa4YBF:mKxoOCu3e1knTd5KOX4YBF
PDB Path C:\Users\Admin\Desktop\vb\WindowsApp1\WindowsApp1\obj\Debug\System.pdb
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check

Name Response Post-Analysis Lookup
lschina.kro.kr
A 125.139.38.34
125.139.38.34
IP Address Status Action
125.139.38.34 Active Moloch
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488 .
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Ok.
console_handle: 0x00000007
1 1 0
pdb_path C:\Users\Admin\Desktop\vb\WindowsApp1\WindowsApp1\obj\Debug\System.pdb
host 172.217.25.14
dead_host 125.139.38.34:1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.449329
FireEye Generic.mg.a85190837b16f625
McAfee Packed-MR!A85190837B16
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 700000121 )
Alibaba Trojan:MSIL/Kryptik.46535221
K7GW Trojan ( 700000121 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Razy.D6DB31
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan.MSIL.RRAT.gen
BitDefender Gen:Variant.Razy.449329
AegisLab Trojan.MSIL.RRAT.4!c
Rising Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware Gen:Variant.Razy.449329
Sophos Mal/Generic-S
DrWeb Trojan.PackedNET.114
TrendMicro TROJ_GEN.R002C0PCJ21
McAfee-GW-Edition Packed-MR!A85190837B16
Emsisoft Gen:Variant.Razy.449329 (B)
eGambit Unsafe.AI_Score_96%
Avira HEUR/AGEN.1101150
MAX malware (ai score=86)
Microsoft Backdoor:MSIL/Bladabindi
ZoneAlarm HEUR:Trojan.MSIL.RRAT.gen
GData Gen:Variant.Razy.449329
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/MSILKrypt15.Exp
BitDefenderTheta Gen:NN.ZemsilF.34628.gm0@aKlsVJi
ALYac Gen:Variant.Razy.449329
Malwarebytes Backdoor.Bladabindi
ESET-NOD32 a variant of MSIL/Kryptik.EMQ
TrendMicro-HouseCall TROJ_GEN.R002C0PCJ21
SentinelOne Static AI - Malicious PE
Fortinet MSIL/Kryptik.EMQ!tr
AVG Win32:Trojan-gen
Cybereason malicious.37b16f
Panda Trj/GdSda.A
Qihoo-360 Win32/Backdoor.RRAT.HgIASRIA