popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

field.php

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 April 6, 2021, 1:29 p.m. April 6, 2021, 1:31 p.m.
Size 419.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f126c14aa3de11c1286fa3bcb76554ac
SHA256 72a446a2759f169735d604ddfb82a30045d86a44987b3636fa2c97f56a06aceb
CRC32 3839AD5B
ssdeep 12288:xtRzoCbKvLVRe7wbCr6tvMllzWgky6RjWwlX:xnkcKTVRiWCeGXzWgk9jrl
Yara
  • win_files_operation - Affect private profile
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
section {u'size_of_data': u'0x00015c00', u'virtual_address': u'0x00042000', u'entropy': 7.470737773837529, u'name': u'.rdata', u'virtual_size': u'0x00015a14'} entropy 7.47073777384 description A section with a high entropy has been found
entropy 0.207885304659 description Overall entropy of this PE file is high
host 172.217.25.14
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.f126c14aa3de11c1
McAfee Artemis!F126C14AA3DE
Cylance Unsafe
APEX Malicious
Kaspersky UDS:Trojan.Win32.Witch.gen
Rising Malware.Heuristic!ET#83% (RDMK:cmRtazp78f0NSWumXDB0d7a+ypY1)
TrendMicro TrojanSpy.Win32.EMOTET.SMC5
McAfee-GW-Edition BehavesLike.Win32.Generic.gh
Sophos ML/PE-A
SentinelOne Static AI - Malicious PE
Microsoft Program:Win32/Wacapew.C!ml
Cynet Malicious (score: 100)
BitDefenderTheta Gen:NN.ZexaF.34670.AyW@aaCWJbfi
Malwarebytes MachineLearning/Anomalous.100%
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMC5
eGambit Unsafe.AI_Score_71%
Paloalto generic.ml
Qihoo-360 HEUR/QVM10.1.62DF.Malware.Gen