Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 2, 2021, 10:16 a.m.	April 2, 2021, 10:17 a.m.

Size	1.1MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ffe3cce3479bb06607d5056e6dbca530`
SHA256	`079e85bcaa57b334fa9b3debe99c9f0402eb01104c9fdf3811e34e17308d64f0`
CRC32	`3C96C71D`
ssdeep	`24576:tJSOSvjwUkKPw2Xlk6i0IO4oATTEjfRwB5pPuF4hO:tZyPXljIf/uI8F`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Zero screenshot - Take screenshot

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

{u'size_of_data': u'0x000d6600', u'virtual_address': u'0x00002000', u'entropy': 7.841064698102233, u'name': u'.text', u'virtual_size': u'0x000d6574'}

entropy

7.8410646981

description

A section with a high entropy has been found

entropy

0.786697247706

description

Overall entropy of this PE file is high

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.73750
FireEye	Generic.mg.ffe3cce3479bb066
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
McAfee	PWS-FCXK!FFE3CCE3479B
CrowdStrike	win/malicious_confidence_60% (D)
Cyren	W32/MSIL_Agent.BGQ.gen!Eldorado
ESET-NOD32	a variant of MSIL/Kryptik.AAEH
Avast	Win32:PWSX-gen [Trj]
Kaspersky	HEUR:Trojan-Dropper.MSIL.Dapato.gen
BitDefender	Trojan.GenericKDZ.73750
Ad-Aware	Trojan.GenericKDZ.73750
Sophos	ML/PE-A
DrWeb	Trojan.PWS.Siggen2.63513
McAfee-GW-Edition	PWS-FCXK!FFE3CCE3479B
Emsisoft	Trojan.GenericKDZ.73750 (B)
SentinelOne	Static AI - Malicious PE
eGambit	PE.Heur.InvalidSig
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Trojan.GenericKDZ.73750
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZemsilF.34662.fn2@aygePEai
MAX	malware (ai score=85)
Malwarebytes	PUP.Optional.DriverPack
Ikarus	Trojan.MSIL.Inject
Fortinet	MSIL/Kryptik.DMC!tr
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.3479bb
Panda	Trj/GdSda.A

Install_Plugin_x64_x86.exe