Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 13, 2021, 4:10 p.m.	April 13, 2021, 4:12 p.m.

Size	32.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0d1334075336455a13a36fd909417556`
SHA256	`33d7fa2a8936cc5064b63592b77f87c02fcdc1396395ae2316e3a7c783523ad9`
CRC32	`4E695692`
ssdeep	`768:FrqQ7AmV3rjBkyo1b2kP8K9RWZmUAiPatwTxS+IASDO39UYlyaQtZZl:F33kKZZxP3FS3AXDuT`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check ImportTableIsBad - ImportTable Check FASM - http://flatassembler.net

28oLW.jpg "C:\Users\test22\AppData\Local\Temp\28oLW.jpg"
2212

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00008000', u'virtual_address': u'0x00001000', u'entropy': 7.702469008677582, u'name': u'.text', u'virtual_size': u'0x00007ebf'}

entropy

7.70246900868

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Spy.21017
MicroWorld-eScan	Gen:Variant.Ser.Razy.7042
FireEye	Generic.mg.0d1334075336455a
McAfee	GenericRXGK-YC!0D1334075336
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.753364
BitDefenderTheta	AI:Packer.EB5DFF611E
Cyren	W32/Dofoil.H.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Smokeloader.J
APEX	Malicious
ClamAV	Win.Malware.Razy-7588162-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ser.Razy.7042
NANO-Antivirus	Trojan.Win32.Zurgop.fednlb
Avast	Win32:Malware-gen
Ad-Aware	Gen:Variant.Ser.Razy.7042
TACHYON	Trojan-Downloader/W32.SmokeLoader.33280
Emsisoft	Trojan-Downloader.Zurgop (A)
VIPRE	Trojan.Win32.Winwebsec.m (v)
TrendMicro	Trojan.Win32.ZURGOP.SM
McAfee-GW-Edition	BehavesLike.Win32.VirRansom.nc
Sophos	ML/PE-A + Mal/Behav-204
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Generic.concg
Webroot	W32.Trojan.Smoakloader
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan[Downloader]/Win32.Dofoil
Microsoft	TrojanDownloader:Win32/Dofoil.AD
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Ser.Razy.7042
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Dofoil.R223509
Acronis	suspicious
VBA32	TScope.Malware-Cryptor.SB
ALYac	Gen:Variant.Ser.Razy.7042
MAX	malware (ai score=85)
Malwarebytes	Trojan.Agent
TrendMicro-HouseCall	Trojan.Win32.ZURGOP.SM
Rising	Downloader.Zurgop!8.4BB (CLOUD)
Ikarus	Trojan-Downloader.Win32.Dofoil
Fortinet	W32/Zurgop.DA!tr
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	HEUR/QVM19.1.8D97.Malware.Gen

28oLW.jpg

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All