Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 6, 2021, 8:18 a.m.	April 6, 2021, 8:18 a.m.

Size	204.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`3be35148cc6c80994becbcd204d8c33e`
SHA256	`266ddee85dd0eddb85d55bd9eb29f328d3052c8a46b6aa1e9b97232fe83f2c49`
CRC32	`37084BC6`
ssdeep	`3072:tBHfDmTQoHJhc+1aImpJRxSmR7bVsSazalcBfc7Ivu5IMlZ:tBHLSc+wLJRHFVsSaGluUs25Iw`
Yara	Win32_Trojan_Dridex_Gene_Zero - Win32 Trojan Dridex Gene PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasModified_DOS_Message - DOS Message Check HasRichSignature - Rich Signature Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Ste@lth PE 1.01 -> BGCorp

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0001f000', u'virtual_address': u'0x0000c000', u'entropy': 7.829139745316536, u'name': u'.pdata', u'virtual_size': u'0x00020f43'}

entropy

7.82913974532

description

A section with a high entropy has been found

entropy

0.62

description

Overall entropy of this PE file is high

File has been identified by 22 AntiVirus engines on VirusTotal as malicious (22 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
FireEye	Generic.mg.3be35148cc6c8099
Qihoo-360	HEUR/QVM40.1.62DF.Malware.Gen
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
Cyren	W32/Dridex.CF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Evo-gen [Susp]
McAfee-GW-Edition	BehavesLike.Win32.Drixed.dc
Sophos	ML/PE-A
Ikarus	Trojan-Banker.Dridex
Microsoft	Trojan:Win32/Dridex!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!3BE35148CC6C
Rising	Trojan.Dridex!1.D4AE (CLASSIC)
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_71%
BitDefenderTheta	Gen:NN.ZedlaF.34670.mu8@aS1mr0oO
AVG	Win32:Evo-gen [Susp]

ALbaCTlU8DzMcA.php

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All