Open-source atomic malware analysis

Analyze another

Virus.Sysbot_Trojan.GenericKD.73132233.vir

PE
Verdict: SUSPICIOUS
SHA256: c3f4259dc531ff6942af7f44c666fc2973685465974cbc0c0bad93c82b23b53b
Mal-ecule
KO₈(As₈C₇Er₇DyP₅I₄PrS)H₆(Cm₃F₂Os₄Po₃UDs)Md₅(Bi₅Pa)Th
Size 64.8 KB download
First seen 56 days ago
Analyzed 56 days ago

Objectives

hostile severity, 98% confident.
anti-static/obfuscation Binary contains XOR-encoded critical API table
suspicious severity, 85% confident.
command-and-control/dropper Drop and execute file from Temp directory
suspicious severity, 100% confident.
evasion/kernel-hide/micro Hidden (encoded) memory protection API
notable severity, 75% confident.
command-and-control/infrastructure Direct IP address in URL
notable severity, 90% confident.
discovery/process ToolHelp snapshot enumeration with process access
notable severity, 82% confident.
evasion/self-delete Resolve own path then delete file

Micro-behaviors

suspicious severity, 95% confident.
communications HTTP URL with IP address
suspicious severity, 90% confident.
communications/http WinInet APIs resolved dynamically
notable severity, 92% confident.
communications/socket Winsock client symbol lifecycle
notable severity, 85% confident.
fs/sync Modify file creation/access/write times
notable severity, 80% confident.
fs/temp Temp directory staging primitives
notable severity, 92% confident.
os/registry Firewall authorized apps registry write chain
notable severity, 90% confident.
process/enumerate Create process or module snapshot
notable severity, 90% confident.
process/inject XOR NtWriteVirtualMemory API reference
notable severity, 90% confident.
process/terminate Task Manager process enumeration
notable severity, 85% confident.
ui/window Shutdown/restart system

Metadata

suspicious severity, 85% confident.
binary High complexity but very few functions
notable severity, 90% confident.
encoded-payload Encoded payload detected: xor
notable severity, 100% confident.
unsigned Binary is not digitally signed

Third-party

notable severity, 90% confident.
SigBase/SUSP/Xored/URL/In Detects an XORed URL in an executable

20 of 76 traits shown

Identity

SHA-256 c3f4259dc531ff6942af7f44c666fc2973685465974cbc0c0bad93c82b23b53b
Filename Virus.Sysbot_Trojan.GenericKD.73132233.vir

Timeline

First seen 24 Apr 2026 16:15 UTC
Last analyzed 24 Apr 2026 16:50 UTC