Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 31, 2021, 6:01 p.m.	May 31, 2021, 6:04 p.m.

Size	2.1MB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`10aad0ae040c9fbde27793e1cb213d73`
SHA256	`8d9f22721855c9e21f757e9df32292087eefca115e14f773d8b30b155bedf844`
CRC32	`CE766577`
ssdeep	`49152:Z7cNuGXqqcjPLk+SZYI7iWxqwrYZuNiVrypilYf20iGn7NZ29Zks6Z:Z7cN9DcjjknZPxqDrsuYfHiGz2qs`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

dllhost.exe "C:\Users\test22\AppData\Local\Temp\dllhost.exe"
4564
- cmd.exe cmd /Q /C C:\Users\test22\AppData\Local\Temp/s.bat
  7144

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch
194.26.29.184	Active	Moloch

No Suricata Alerts

No Suricata TLS

file	C:\Users\test22\AppData\Local\Temp\s.bat

section

{u'size_of_data': u'0x0020f400', u'virtual_address': u'0x004d4000', u'entropy': 7.999870674555452, u'name': u'1', u'virtual_size': u'0x00210000'}

entropy

7.99987067456

description

A section with a high entropy has been found

entropy

0.999762977009

description

Overall entropy of this PE file is high

host	172.217.25.14
host	194.26.29.184

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress May 31, 2021, 6:01 p.m.	ordinal: 0 function_address: 0x0018fd88 function_name: wine_get_version module: ntdll module_address: 0x773a0000		3221225785	0

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.doGfXbJ8L7k
FireEye	Generic.mg.10aad0ae040c9fbd
ALYac	Gen:Trojan.Heur.doGfXbJ8L7k
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	Trojan:Win32/Marut.6434e156
Cybereason	malicious.e040c9
BitDefenderTheta	AI:Packer.2A864B171B
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/Agent.F
APEX	Malicious
Avast	FileRepMalware
Kaspersky	HEUR:Trojan.Win32.Marut.vho
BitDefender	Gen:Trojan.Heur.doGfXbJ8L7k
Paloalto	generic.ml
AegisLab	Trojan.Win32.Dogfxbj.4!c
Tencent	Malware.Win32.Gencirc.11bb5ab8
Ad-Aware	Gen:Trojan.Heur.doGfXbJ8L7k
Sophos	Mal/Generic-S
TrendMicro	Mal_MLWR-24
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Emsisoft	Gen:Trojan.Heur.doGfXbJ8L7k (B)
Jiangmin	TrojanDropper.Scrop.yb
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Trojan.Heur.doGfXbJ8L7k
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.C4262207
McAfee	GenericRXLJ-KG!10AAD0AE040C
MAX	malware (ai score=89)
TrendMicro-HouseCall	Mal_MLWR-24
Rising	Trojan.Marut!8.10BB1 (CLOUD)
Fortinet	W32/Agent.F!tr
AVG	FileRepMalware
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_70% (W)

dllhost.exe