popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

689uksdffs.exe

Ficker Stealer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 31, 2021, 1:21 p.m. March 31, 2021, 1:23 p.m.
Size 267.0KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 77be0dd6570301acac3634801676b5d7
SHA256 94e60de577c84625da69f785ffe7e24c889bfa6923dc7b017c21e8a313e4e8e1
CRC32 7FC11B0F
ssdeep 6144:VMWdTMYHqhElscw4liVM1LDtG8esyh3hNn+:TdTJqWrEVcDYxN+
Yara
  • PE_Header_Zero - PE File Signature Zero
  • Ficker_Stealer_Zero - Ficker Stealer
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasOverlay - Overlay Check

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

request GET http://api.ipify.org/?format=xml
domain api.ipify.org
section {u'size_of_data': u'0x00003000', u'virtual_address': u'0x00038000', u'entropy': 6.831976809981057, u'name': u'.rdata', u'virtual_size': u'0x00002e68'} entropy 6.83197680998 description A section with a high entropy has been found
dead_host 185.100.65.29:80
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Siggen2.61317
MicroWorld-eScan Trojan.GenericKD.45628116
FireEye Generic.mg.77be0dd6570301ac
ALYac Trojan.Agent.Zudochka
Cylance Unsafe
Zillya Trojan.Agent.Win32.1690805
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0001555e1 )
Alibaba TrojanDownloader:Win32/Stealer.2a8ebd8c
K7GW Trojan ( 0001555e1 )
Cybereason malicious.657030
Arcabit Trojan.Generic.D2B83AD4
BitDefenderTheta Gen:NN.ZexaF.34628.qGX@amUves
Cyren W32/Trojan.PEUM-7292
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/Agent.UKB
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
ClamAV Win.Trojan.FickerStealer-9805476-1
Kaspersky HEUR:Trojan.Win32.Zudochka.vho
BitDefender Trojan.GenericKD.45628116
NANO-Antivirus Trojan.Win32.Zudochka.ijmhtg
Paloalto generic.ml
AegisLab Trojan.Win32.Zudochka.4!c
Tencent Malware.Win32.Gencirc.11bb269d
Ad-Aware Trojan.GenericKD.45628116
Emsisoft Trojan.Agent (A)
Comodo Malware@#30vyhmhgld3p
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.FICKERSTEALER.THBAFBA
McAfee-GW-Edition BehavesLike.Win32.Injector.dh
Sophos Mal/Generic-R + Troj/Delp-GW
Jiangmin Trojan.Zudochka.kd
Webroot W32.Trojan.Gen
Avira TR/Agent.aypeq
MAX malware (ai score=100)
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa
Microsoft TrojanDownloader:Win32/Stealer.CK!MTB
ViRobot Trojan.Win32.C.Agent.273422.A
GData Trojan.GenericKD.45628116
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R352614
McAfee GenericRXNQ-MS!77BE0DD65703
VBA32 BScope.Trojan.Zudochka
Malwarebytes Spyware.FickerStealer
TrendMicro-HouseCall TrojanSpy.Win32.FICKERSTEALER.THBAFBA
Rising Trojan.Agent!8.B1E (CLOUD)
Ikarus Trojan.Win32.Agent