setup%20-%202021-04-09T114140.132.exe

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.xutok
section	.nemuk
section	.new

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

None

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 2088 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 106496 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f21000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 2088 region_size: 184320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03fe0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section	{u'size_of_data': u'0x0003fc00', u'virtual_address': u'0x00001000', u'entropy': 7.450387828272501, u'name': u'.text', u'virtual_size': u'0x0003fb83'}				entropy	7.45038782827				description	A section with a high entropy has been found
entropy	0.779816513761				description	Overall entropy of this PE file is high

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W32.AIDetect.malware1
MicroWorld-eScan	Trojan.GenericKDZ.74062
FireEye	Generic.mg.000e43fe0944da48
McAfee	Trojan-FTKE!000E43FE0944
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKDZ.74062
K7GW	Trojan ( 0057a8a71 )
K7AntiVirus	Trojan ( 00516fdf1 )
BitDefenderTheta	Gen:NN.ZexaF.34670.uGW@ayYF!8ac
ESET-NOD32	a variant of Win32/Kryptik.HKIW
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Bsymem.gen
Alibaba	Trojan:Win32/Ranumbot.8a29e18c
Rising	Trojan.Kryptik!1.D4B0 (CLOUD)
Ad-Aware	Trojan.GenericKDZ.74062
Sophos	Mal/Generic-S
DrWeb	Trojan.DownLoader38.29904
McAfee-GW-Edition	BehavesLike.Win32.Generic.fh
Emsisoft	Trojan.Agent (A)
SentinelOne	Static AI - Malicious PE
Jiangmin	Backdoor.Mokes.dxo
Avira	TR/Crypt.Agent.qtkbj
MAX	malware (ai score=100)
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.oa
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
GData	Trojan.GenericKDZ.74062
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.MalPE.R415606
ALYac	Trojan.GenericKDZ.74062
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
Ikarus	Win32.Outbreak
Fortinet	W32/GenKryptik.FDVZ!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.Bsymem.HwoChz8A