» blackbox.exe
Overview
Analysis
File Details
Network (2)

blackbox.exe

File name:

blackbox.exe

Version:

0.1.0.0

MD5:

7737d45d5f8013516b2e5aa410fe839f

SHA-1:

c67f8d8a31b6a81140febbeaa26f99bfc400adbe

SHA-256:

d1dda8f03278d77652e633d6fbb8b6f50c32b6dbe78ef95d2d1760da7c72ea51

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/27/2024 5:40:21 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.16125

Bkav FE

HW32.Packed

1.3.0.8455

Malwarebytes

Worm.Obfuscator

v2016.12.05.01

Qihoo 360 Security

HEUR/QVM19.1.0000.Malware.Gen

1.0.0.1120

File size:

3.1 MB (3,288,576 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\blackbox.exe

File PE Metadata

Compilation timestamp:

12/4/2016 5:43:07 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:freXVsSfnILr4ZoR/HhbDuTJZ8Wo0hRWidP8jyz:TeiLr4ZSPhbDuTH8Wo0XWidEj+

Entry address:

0xBCE6A0

Entry point:

EB, 08, 00, EC, 12, 00, 00, 00, 00, 00, 60, E8, 00, 00, 00, 00, 5D, 81, ED, 10, 00, 00, 00, 81, ED, A0, E6, BC, 00, E9, 04, 00, 00, 00, F9, 90, 9A, 47, B8, A0, E6, BC, 00, 03, C5, 81, C0, 4C, 00, 00, 00, B9, 8A, 05, 00, 00, BA, 6F, BC, 69, 67, 30, 10, 40, 49, 0F, 85, F6, FF, FF, FF, E9, 04, 00, 00, 00, 8D, D3, FA, 1F, E4, A2, E4, E6, 53, 6F, 6F, 6F, EE, AE, 97, 6F, 6F, 6F, 6C, A2, D7, 64, 6F, 6F, 6F, D5, 47, 6F, 6F, 6F, 98, 8D, 6C, A7, E4, EE, 63, 6F, 6F, 6F, 6C, AA, 3F, 3F, 07, 9B, 5D, 72, 6F, 07, C5, DC... 
[+]

Code size:

1.9 MB (1,960,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ip-64-90-32-8.dreamhost.com (64.90.32.8:80)

TCP (HTTP):

Connects to a23-4-187-27.deploy.static.akamaitechnologies.com (23.4.187.27:80)

Scan blackbox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.