popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

client.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 28, 2025, 8:59 a.m. April 28, 2025, 9:14 a.m.
Size 499.1KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 acbde00860cedeafa0aaf1c643e5da34
SHA256 bc61c830ae2cc7faa375185646f70ea601ca3cd014b6ec514483c18bf3233022
CRC32 4BDF1A7D
ssdeep 6144:hz/cn7HxEIHcPUToEUUw0ZEO1xaD0bgIJYk4JxLRJcWmz/tiTwC:hzUn7RErUToXG1x5ALRJcWuUTwC
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Microsoft Windows [Version 6.1.7601]
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved.
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x0000000000000007
1 1 0
cmdline C:\Windows\System32\cmd.exe
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2628
thread_handle: 0x0000000000000060
process_identifier: 2624
current_directory:
filepath:
track: 1
command_line: C:\Windows\System32\cmd.exe
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
inherit_handles: 0
process_handle: 0x0000000000000064
1 1 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.C2.m!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Ghanarava.1745570070e5da34
Skyhigh BehavesLike.Win64.Generic.gh
ALYac Trojan.Generic.37731484
Cylance Unsafe
VIPRE Trojan.Generic.37731484
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Trojan.Generic.37731484
K7GW Trojan ( 005bc3c51 )
K7AntiVirus Trojan ( 005bc3c51 )
Arcabit Trojan.Generic.D23FBC9C
VirIT Trojan.Win64.Genus.HWY
Symantec Trojan.Gen.MBT
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/GenKryptik.HAWI
APEX Malicious
Avast Win64:Evo-gen [Trj]
Kaspersky Backdoor.Win64.C2.jn
Alibaba Backdoor:Win64/GenKryptik.939179e5
MicroWorld-eScan Trojan.Generic.37731484
Rising Trojan.Kryptik!8.8 (CLOUD)
Emsisoft Trojan.Generic.37731484 (B)
F-Secure Trojan.TR/Crypt.Agent.wnvzv
DrWeb BackDoor.Havoc.16
Zillya Trojan.GenKryptik.Win64.49856
McAfeeD ti!BC61C830AE2C
CTX exe.trojan.generic
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Google Detected
Avira TR/Crypt.Agent.wnvzv
Antiy-AVL Trojan[Backdoor]/Win64.C2
Gridinsoft Susp.U.XOREncoded.sd!yf
Microsoft Trojan:Win32/Etset!rfn
GData Trojan.Generic.37731484
Varist W64/ABApplication.FMAG-2750
AhnLab-V3 Trojan/Win.Evo-gen.C5746294
McAfee Artemis!ACBDE00860CE
DeepInstinct MALICIOUS
VBA32 Backdoor.Win64.C
Malwarebytes Trojan.Crypt
Ikarus Trojan.Win64.Reverseshell
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H09D125
Tencent Malware.Win32.Gencirc.10c35e7c
huorong Trojan/Generic!260ABA5D5C6E9414
MaxSecure Trojan.Malware.338743124.susgen