popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

x.exe

Anti_VM ftp PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 6, 2025, 9:29 p.m. May 6, 2025, 9:31 p.m.
Size 2.5MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 0000638ebbfe0d620abe6ca32abb1b58
SHA256 267ec6176c1111d9ffcf32fcfa6aa65917e64d1556dcbbd8989ee6bbebc2e72f
CRC32 542736EB
ssdeep 49152:eYArhqi2aYBhDkVfe1YoJbgwIdg6QYF6CV3QR3SBlXVx+1Fhiu+v:eYqhqi2awBbhQdp36kQRiBz+U3v
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • ftp_command - ftp command
  • anti_vm_detect - Possibly employs anti-virtualization techniques

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.156.72.39 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.156.72.39:5151 -> 192.168.56.103:49162 2400031 ET DROP Spamhaus DROP Listed Traffic Inbound group 32 Misc Attack
TCP 192.168.56.103:49162 -> 185.156.72.39:5151 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation
TCP 192.168.56.103:49162 -> 185.156.72.39:5151 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

section .00cfg
host 185.156.72.39