Flyby11.exe
- Filename:
- Flyby11.exe
- md5:
- 6e1c4c89c0ccdc0e0284a01143187b45
- sha1:
- b02de25fcaaa08c5fc1c4f960e8da7f3ca57745c
- sha256:
- 762dd66a9586c1f804b7f4697c2253bcbb2fa4d10449020e46a6f4d9b5cd4faf
- Filetype:
- PE32+ executable (GUI) x86-64 Mono/.Net assembly, ...
- Size (Bytes):
- 85504
- Classification:
- malicious
- Indexed:
- Fri Jun 13 2025 06:02:34 GMT+0000 (3 months ago)
- Last modified:
- Wed Jul 09 2025 15:00:13 GMT+0000 (2 months ago)
Sample information
0
Antivirus detections0
IDS alerts8
Processes0
Http events0
Contacted hosts0
DNS Requests5.2
Score
Current activity of this Sample
Blacklist timeline
First seen: Fri Jun 13 2025 06:15:05 GMT+0000
Last seen: Wed Jul 09 2025 15:00:12 GMT+0000
Period: a month
Last seen: Wed Jul 09 2025 15:00:12 GMT+0000
Period: a month
Hashes
In depth details
Dates
Developers can check API Specification here:
Request:
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/762dd66a9586c1f804b7f4697c2253bcbb2fa4d10449020e46a6f4d9b5cd4faf
Request:
Alternatively you can use Maltiverse Python3 Library:
import requests
import json
url = 'https://api.maltiverse.com/sample/762dd66a9586c1f804b7f4697c2253bcbb2fa4d10449020e46a6f4d9b5cd4faf'
response = requests.get(url)
print(json.dumps(response.json(), indent=4, sort_keys=True))
Request:
$url = 'https://api.maltiverse.com/sample/762dd66a9586c1f804b7f4697c2253bcbb2fa4d10449020e46a6f4d9b5cd4faf'
$headers = @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response
Response:
{
"blacklist": [
{
"count": 7,
"description": "Generic Malware",
"first_seen": "2025-06-13 06:15:05",
"last_seen": "2025-07-09 15:00:12",
"ref": [
21745
],
"source": "Hybrid-Analysis"
}
],
"classification": "malicious",
"creation_time": "2025-06-13 06:02:34",
"filename": [
"Flyby11.exe"
],
"filetype": "PE32+ executable (GUI) x86-64 Mono/.Net assembly, ...",
"is_alive": false,
"is_cdn": false,
"is_cnc": false,
"is_distributing_malware": false,
"is_hosting": false,
"is_iot_threat": false,
"is_known_attacker": false,
"is_known_scanner": false,
"is_mining_pool": false,
"is_open_proxy": false,
"is_phishing": false,
"is_sinkhole": false,
"is_storing_phishing": false,
"is_tor_node": false,
"is_vpn_node": false,
"md5": "6e1c4c89c0ccdc0e0284a01143187b45",
"modification_time": "2025-07-09 15:00:13",
"process_list": [
{
"name": "Flyby11.exe",
"normalizedpath": "C:\\Flyby11.exe",
"sha256": "762dd66a9586c1f804b7f4697c2253bcbb2fa4d10449020e46a6f4d9b5cd4faf",
"uid": "00000000-00003484"
},
{
"commandline": "-u -p 3484 -s 1276",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
"sha256": "0476d175606aac098363c328166a33f85b7efc2d0be82c0d80ba406113affbfe",
"uid": "00000000-00005240"
},
{
"commandline": "-u -p 3484 -s 1276",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
"sha256": "0476d175606aac098363c328166a33f85b7efc2d0be82c0d80ba406113affbfe",
"uid": "00000000-00006924"
},
{
"commandline": "-pss -s 440 -p 3484 -ip 3484",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
"sha256": "0476d175606aac098363c328166a33f85b7efc2d0be82c0d80ba406113affbfe",
"uid": "00000000-00006712"
},
{
"name": "Flyby11.exe",
"normalizedpath": "C:\\Flyby11.exe",
"sha256": "762dd66a9586c1f804b7f4697c2253bcbb2fa4d10449020e46a6f4d9b5cd4faf",
"uid": "00000000-00004232"
},
{
"commandline": "-u -p 4232 -s 1348",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
"sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
"uid": "00000000-00002116"
},
{
"commandline": "-u -p 4232 -s 1348",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
"sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
"uid": "00000000-00004296"
},
{
"commandline": "-pss -s 444 -p 4232 -ip 4232",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
"sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
"uid": "00000000-00006148"
}
],
"score": 5.2,
"scoring_executed_time": "2025-06-13 06:30:14",
"sha1": "b02de25fcaaa08c5fc1c4f960e8da7f3ca57745c",
"sha256": "762dd66a9586c1f804b7f4697c2253bcbb2fa4d10449020e46a6f4d9b5cd4faf",
"size": 85504,
"type": "sample"
}
Process list
- uid
- 00000000-00003484
- commandline
- name
- Flyby11.exe
- normalizedpath
- C:\Flyby11.exe
- sha256
- 762dd66a9586c1f804b7f4697c2253bcbb2fa4d10449020e46a6f4d9b5cd4faf
- uid
- 00000000-00005240
- commandline
- -u -p 3484 -s 1276
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\system32\WerFault.exe
- sha256
- 0476d175606aac098363c328166a33f85b7efc2d0be82c0d80ba406113affbfe
- uid
- 00000000-00006924
- commandline
- -u -p 3484 -s 1276
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\system32\WerFault.exe
- sha256
- 0476d175606aac098363c328166a33f85b7efc2d0be82c0d80ba406113affbfe
- uid
- 00000000-00006712
- commandline
- -pss -s 440 -p 3484 -ip 3484
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\system32\WerFault.exe
- sha256
- 0476d175606aac098363c328166a33f85b7efc2d0be82c0d80ba406113affbfe
- uid
- 00000000-00004232
- commandline
- name
- Flyby11.exe
- normalizedpath
- C:\Flyby11.exe
- sha256
- 762dd66a9586c1f804b7f4697c2253bcbb2fa4d10449020e46a6f4d9b5cd4faf
- uid
- 00000000-00002116
- commandline
- -u -p 4232 -s 1348
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\system32\WerFault.exe
- sha256
- 0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
- uid
- 00000000-00004296
- commandline
- -u -p 4232 -s 1348
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\system32\WerFault.exe
- sha256
- 0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
- uid
- 00000000-00006148
- commandline
- -pss -s 444 -p 4232 -ip 4232
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\system32\WerFault.exe
- sha256
- 0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2