Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 2, 2021, 10:16 a.m.	April 2, 2021, 10:16 a.m.

Size	2.0MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`831d4e7f62efecd2fc159074383b965b`
SHA256	`be394c34bc2d5f532f3ddac7e2d692c60401d71858d4ae2f077af559f33ef772`
CRC32	`B1AE6EDF`
ssdeep	`49152:gsWLguiGDw91IzOOZSnwUd6ABCNsTc5jee/o371:gs/GDpiOZSwUd6ABGVYr1`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Zero

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
92.53.96.245	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sdata

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x0011f400', u'virtual_address': u'0x00002000', u'entropy': 7.864922168238561, u'name': u'.text', u'virtual_size': u'0x0011f314'}

entropy

7.86492216824

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000a00', u'virtual_address': u'0x00122000', u'entropy': 7.344584954097322, u'name': u'.sdata', u'virtual_size': u'0x000008e8'}

entropy

7.3445849541

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x000e7e00', u'virtual_address': u'0x00124000', u'entropy': 7.922071100565884, u'name': u'.rsrc', u'virtual_size': u'0x000e7c90'}

entropy

7.92207110057

description

A section with a high entropy has been found

entropy

0.999759557586

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

92.53.96.245

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.831d4e7f62efecd2
Cybereason	malicious.ebf644
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.AAEW
APEX	Malicious
Kaspersky	HEUR:Trojan-PSW.MSIL.Racealer.gen
Sophos	ML/PE-A
Microsoft	Program:Win32/Wacapew.C!ml
Cynet	Malicious (score: 100)
Malwarebytes	Spyware.PasswordStealer
SentinelOne	Static AI - Malicious PE
BitDefenderTheta	Gen:NN.ZemsilF.34662.cs2@a8W9Qjh

VPN_Free.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All