popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

covid.exe

Generic Malware Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 27, 2022, 9:40 a.m. Jan. 27, 2022, 9:43 a.m.
Size 463.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 eaa68b2e411c93506bc233c70032b6f5
SHA256 3424a772843a1d716a3bc275e9cb0db21c8a81981e00282178ca0e2d3a30c49d
CRC32 1CD8043C
ssdeep 12288:CegN0jfYLclGb0bVT6e+MT2MffZS/gSSYo:kNywLclGIeMT2MXZRSSV
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • TESTYARA - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
domain dynasty3.ddns.net
domain dynasty1.ddns.net
domain dynasty2.ddns.net
domain sumag.hopto.org
domain sumav1.hopto.org
domain sumav2.hopto.org
description covid.exe tried to sleep 350 seconds, actually delayed analysis time by 350 seconds
Time & API Arguments Status Return Repeated

SetWindowsHookExA

 thread_identifier: 0
callback_function: 0x004088b1
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x00400000
1 590089 0
dead_host 52.188.19.78:2404
Bkav W32.KakutheminQ.Trojan
Elastic malicious (high confidence)
DrWeb Trojan.Inject4.20378
Cynet Malicious (score: 100)
FireEye Generic.mg.eaa68b2e411c9350
CAT-QuickHeal Trojan.RemcosRI.S25979452
McAfee GenericRXPN-QB!EAA68B2E411C
Malwarebytes Backdoor.Remcos
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0053ac2c1 )
K7GW Trojan ( 0053ac2c1 )
BitDefenderTheta Gen:NN.ZexaF.34182.CCW@aepUCxji
Cyren W32/Trojan.GCT.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Rescoms.B
APEX Malicious
ClamAV Win.Trojan.Remcos-9753190-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender DeepScan:Generic.Remcos.57B9D59C
MicroWorld-eScan DeepScan:Generic.Remcos.57B9D59C
Avast Win32:RATX-gen [Trj]
Tencent Malware.Win32.Gencirc.10cf8dec
Ad-Aware DeepScan:Generic.Remcos.57B9D59C
Emsisoft DeepScan:Generic.Remcos.57B9D59C (B)
Zillya Trojan.Rescoms.Win32.775
McAfee-GW-Edition BehavesLike.Win32.Generic.gh
Sophos Generic ML PUA (PUA)
Ikarus Trojan.Win32.Rescoms
Jiangmin Trojan.Generic.hdubr
Avira HEUR/AGEN.1108444
Antiy-AVL Trojan/Generic.ASMalwS.34D777B
Gridinsoft Backdoor.Win32.Remcos.oa!s1
Microsoft Trojan:Win32/Remcos.SM!MTB
GData Win32.Malware.Bucaspys.B
AhnLab-V3 Trojan/Win.RemcosRAT.R418128
ALYac DeepScan:Generic.Remcos.57B9D59C
MAX malware (ai score=82)
Rising Backdoor.Remcos!1.B6A7 (C64:YzY0OmMqRqixZlOO)
Yandex Trojan.Agent!jHl2uTbxQXY
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_100%
Fortinet W32/Rescoms.M!tr
AVG Win32:RATX-gen [Trj]
Cybereason malicious.e411c9
Panda Trj/GdSda.A