Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 12, 2021, 12:05 p.m.	May 12, 2021, 12:14 p.m.

Size	3.7MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`b3d1b93214e413218bcbbb3102719de5`
SHA256	`7796f4cdc9a9b09800b1561656b9af12a3b73e97bf75dc63db7bd3895fe1dc26`
CRC32	`58B4E2B7`
ssdeep	`98304:8rwQbVj1QWKCxpNwVc6FCOd7xmWyJhtaar+ahYERPc6aq4F:80gyWKIOVVCOd7xertt+ERPo`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

vladislave.txt "C:\Users\test22\AppData\Local\Temp\vladislave.txt"
1016
- AntTool.exe C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\AntTool.exe
  1160

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 12, 2021, 12:06 p.m.			0	0
IsDebuggerPresent May 12, 2021, 12:06 p.m.			0	0
IsDebuggerPresent May 12, 2021, 12:06 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 12, 2021, 12:05 p.m.		1	1	0

section

.ndata

Time & API	Arguments	Status	Return	Repeated
__exception__ May 12, 2021, 12:06 p.m.	stacktrace: exception.instruction_r: 2b 02 e8 1f 40 72 f9 40 a6 cd 22 80 7f c6 d4 2b exception.symbol: anttool+0x1a6e exception.instruction: sub eax, dword ptr [edx] exception.module: AntTool.exe exception.exception_code: 0xc0000005 exception.offset: 6766 exception.address: 0x401a6e registers.esp: 1634532 registers.edi: 1943478779 registers.eax: 450521819 registers.ebp: 10 registers.edx: 2147483648 registers.ebx: 3848283178 registers.esi: 0 registers.ecx: 3848283178	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 12, 2021, 12:05 p.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x728d2000 process_handle: 0xffffffff	1	0	0

file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\AntTool.exe
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libgomp-1.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libfx4.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libatomic_64-1.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libatomic-1.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libwinpthread_64-1.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libwinpthread-1.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libgraph23.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libgomp_64-1.dll

file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\AntTool.exe
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libatomic-1.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libgomp-1.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libwinpthread-1.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libgraph23.dll
file	C:\Users\test22\AppData\Roaming\Programs\AntDownloadManager\libfx4.dll

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36741827
FireEye	Trojan.GenericKD.36741827
CAT-QuickHeal	Trojan.Hynamer
ALYac	Trojan.GenericKD.36741827
Cylance	Unsafe
Sangfor	Riskware.Win32.Wacapew.C
K7AntiVirus	Trojan ( 0057ac811 )
BitDefender	Trojan.GenericKD.36741827
K7GW	Trojan ( 0057ac811 )
Arcabit	Trojan.Generic.D230A2C3
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Agent.ACYJ
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
Alibaba	Trojan:Win32/Redcap.1c42f774
Rising	Trojan.Generic!8.C3 (CLOUD)
Ad-Aware	Trojan.GenericKD.36741827
Emsisoft	Trojan.GenericKD.36741827 (B)
Comodo	Malware@#sma2h99kawn
DrWeb	Trojan.Inject4.10834
VIPRE	Trojan.Win32.Generic!BT
Avira	TR/Redcap.tmjfv
Gridinsoft	Trojan.Win32.Agent.oa
Microsoft	Program:Win32/Wacapew.C!ml
GData	Trojan.GenericKD.36741827
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4430181
McAfee	Artemis!B3D1B93214E4
Malwarebytes	Malware.AI.4287672864
Ikarus	Trojan.Win32.Agent
Fortinet	W32/Agent.ACYJ!tr
BitDefenderTheta	Gen:NN.ZedlaF.34684.eu4@aKxyY6pi
AVG	Win32:TrojanX-gen [Trj]

vladislave.txt