popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

window.exe

Gen1 Emotet Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX Malicious Packer PE File MZP Format OS Processor Check CAPTCHA PE32 CAB DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 4, 2025, 12:46 p.m. May 4, 2025, 12:57 p.m.
Size 7.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2a07e14457fd80f2d337498b5a91c0a2
SHA256 1a4a1fc4c3ddccb8efcaaab7fa0ba3965e2244fa0733100e56122354e7bb721a
CRC32 CE5B1D3F
ssdeep 196608:cfUBeDIHXhU2KZgEI2ti+SIRXD913J+xDApk78nQsfZYR5aVUG2a:sbYu2KZgFSlBnsxApkXsfZHVb2a
PDB Path C:\agent\_work\8\s\build\ship\x86\burn.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
45.227.253.10 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 45.227.253.10:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
pdb_path C:\agent\_work\8\s\build\ship\x86\burn.pdb
section .wixburn
file C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\Biogeny.dll
file C:\Windows\Temp\{B1041C16-8CED-4E0B-8387-15A7C1F728EC}\.cr\window.exe
file C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\sqlite3.dll
file C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\datastate.dll
file C:\Windows\Temp\{91326443-F9B9-4ED5-B556-F81C51E3FD89}\.ba\IRelay.exe
file C:\Windows\Temp\{B1041C16-8CED-4E0B-8387-15A7C1F728EC}\.cr\window.exe
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57171003-02bf-4a8f-b8b3-80103caaae99}
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57171003-02bf-4a8f-b8b3-80103caaae99}
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57171003-02bf-4a8f-b8b3-80103caaae99}.RebootRequired
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57171003-02bf-4a8f-b8b3-80103caaae99}.RebootRequired
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57171003-02bf-4a8f-b8b3-80103caaae99}
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57171003-02bf-4a8f-b8b3-80103caaae99}
2 0
host 45.227.253.10
Bkav W32.AIDetectMalware
CAT-QuickHeal cld.trojan.agent
ALYac Gen:Variant.Zusy.590455
Cylance Unsafe
VIPRE Gen:Variant.Zusy.590455
Sangfor Trojan.Win32.Zusy.Vqe4
BitDefender Gen:Variant.Zusy.590455
Arcabit Trojan.Zusy.D90277
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 multiple detections
Avast Win32:Malware-gen
Kaspersky Trojan.Win32.Penguish.emj
Alibaba TrojanDownloader:Win32/Rugmi.cdd961ca
NANO-Antivirus Virus.Win32.Gen.ccmw
MicroWorld-eScan Gen:Variant.Zusy.590455
Emsisoft Gen:Variant.Zusy.590455 (B)
F-Secure Trojan.TR/AVI.Agent.ycywm
DrWeb Program.Unwanted.5384
McAfeeD ti!1A4A1FC4C3DD
CTX exe.trojan.rugmi
Sophos Mal/Generic-S
Jiangmin Trojan.DLLhijack.tl
Avira TR/AVI.Agent.khqmd
Antiy-AVL GrayWare/Win32.Wacapew
Microsoft Trojan:Win32/Wacatac.B!ml
GData Gen:Variant.Zusy.590455
Varist W32/ABRisk.LVRC-1325
McAfee Artemis!2A07E14457FD
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.4113655487
Ikarus Trojan-Downloader.Win32.Rugmi
Fortinet Riskware/NDAoF
AVG Win32:Malware-gen
alibabacloud Trojan[downloader]:Win/Rugmi.AVE