Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 13, 2021, 4:10 p.m.	April 13, 2021, 4:17 p.m.

Size	32.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3cf58ec9de521b32015552ca3024d1cd`
SHA256	`ae3e0639c29e82ba61932616457bae4100c939c281643dacfaa1bd5ba2dc9ace`
CRC32	`ED57687C`
ssdeep	`768:FrqQ7AmV3rjBkyo1b2kP8K9RWTmUAiPatwTxS+IASDO39UYlyaQPZZl:F33kKZTxP3FS3AXDuR`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check ImportTableIsBad - ImportTable Check FASM - http://flatassembler.net

bHrgG.jpg "C:\Users\test22\AppData\Local\Temp\bHrgG.jpg"
5620

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00008000', u'virtual_address': u'0x00001000', u'entropy': 7.702490060083369, u'name': u'.text', u'virtual_size': u'0x00007ebf'}

entropy

7.70249006008

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
ClamAV	Win.Malware.Razy-7588162-0
FireEye	Generic.mg.3cf58ec9de521b32
ALYac	Gen:Variant.Ser.Razy.7042
Malwarebytes	Trojan.Agent
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.9de521
Arcabit	Trojan.Ser.Razy.D1B82
Cyren	W32/Dofoil.H.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Smokeloader.J
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ser.Razy.7042
NANO-Antivirus	Trojan.Win32.Zurgop.fednlb
MicroWorld-eScan	Gen:Variant.Ser.Razy.7042
Ad-Aware	Gen:Variant.Ser.Razy.7042
Emsisoft	Trojan-Downloader.Zurgop (A)
DrWeb	Trojan.PWS.Spy.21017
VIPRE	Trojan.Win32.Winwebsec.m (v)
McAfee-GW-Edition	BehavesLike.Win32.VirRansom.nc
Sophos	Mal/Generic-R + Mal/Behav-204
Ikarus	Trojan-Downloader.Win32.Dofoil
Jiangmin	Trojan.Generic.concg
Webroot	W32.Trojan.Smoakloader
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan[Downloader]/Win32.Dofoil
Microsoft	TrojanDownloader:Win32/Dofoil.AD
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Ser.Razy.7042
TACHYON	Trojan-Downloader/W32.SmokeLoader.33280
AhnLab-V3	Trojan/Win32.Dofoil.R223509
Acronis	suspicious
McAfee	GenericRXGK-YC!3CF58EC9DE52
MAX	malware (ai score=87)
VBA32	TScope.Malware-Cryptor.SB
Cylance	Unsafe
TrendMicro-HouseCall	Trojan.Win32.ZURGOP.SM
Rising	Downloader.Zurgop!8.4BB (CLOUD)
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Zurgop.DA!tr
BitDefenderTheta	AI:Packer.EB5DFF611E
Qihoo-360	HEUR/QVM19.1.8D09.Malware.Gen
CrowdStrike	win/malicious_confidence_100% (W)

bHrgG.jpg

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All