Open-source atomic malware analysis

Analyze another

Virus.Sysbot_Dump.Generic.Dialer.F020CCE3_5.vir

PE
Verdict: SUSPICIOUS
SHA256: be433db7519a7cc2df1c0c1936672b265bdd9bf89f1dd226f9b0d421a542b573
Mal-ecule
KO₈(As₈C₇Er₇DyP₅I₄PrS)H₆(Cm₃F₂Os₄Po₃UDs)Md₅(Bi₅Pa)Th
Size 65.0 KB download
First seen 58 days ago
Analyzed 58 days ago

Objectives

hostile severity, 98% confident.
anti-static/obfuscation Binary contains XOR-encoded critical API table
suspicious severity, 85% confident.
command-and-control/dropper Drop and execute file from Temp directory
suspicious severity, 100% confident.
evasion/kernel-hide/micro Hidden (encoded) memory protection API
notable severity, 75% confident.
command-and-control/infrastructure Direct IP address in URL
notable severity, 90% confident.
discovery/process ToolHelp snapshot enumeration with process access
notable severity, 82% confident.
evasion/self-delete Resolve own path then delete file

Micro-behaviors

suspicious severity, 95% confident.
communications HTTP URL with IP address
suspicious severity, 90% confident.
communications/http WinInet APIs resolved dynamically
notable severity, 92% confident.
communications/socket Winsock client symbol lifecycle
notable severity, 85% confident.
fs/sync Modify file creation/access/write times
notable severity, 80% confident.
fs/temp Temp directory staging primitives
notable severity, 92% confident.
os/registry Firewall authorized apps registry write chain
notable severity, 90% confident.
process/enumerate Create process or module snapshot
notable severity, 90% confident.
process/inject XOR NtWriteVirtualMemory API reference
notable severity, 90% confident.
process/terminate Task Manager process enumeration
notable severity, 85% confident.
ui/window Shutdown/restart system

Metadata

suspicious severity, 85% confident.
binary High complexity but very few functions
notable severity, 90% confident.
encoded-payload Encoded payload detected: xor
notable severity, 100% confident.
unsigned Binary is not digitally signed

Third-party

notable severity, 90% confident.
SigBase/SUSP/Xored/URL/In Detects an XORed URL in an executable

20 of 76 traits shown

Identity

SHA-256 be433db7519a7cc2df1c0c1936672b265bdd9bf89f1dd226f9b0d421a542b573
Filename Virus.Sysbot_Dump.Generic.Dialer.F020CCE3_5.vir

Timeline

First seen 24 Apr 2026 16:15 UTC
Last analyzed 24 Apr 2026 18:49 UTC