Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 4, 2021, 10:47 p.m.	June 4, 2021, 10:49 p.m.

Size	78.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`5b3ed99a5ef7ee49436e38a6fc7bf50d`
SHA256	`e774b7f932285699d9694b975994d5bc9de742d16ae5b3e9ea5ef90516b17191`
CRC32	`8BE8B577`
ssdeep	`1536:04dWMRqsQZ15VggWGDbnBLKDZzrN6hF3UkdyXjR16EfYbeZx2+RO9yKMB:dQGqs4qgWGDTBLMZV0UN16EQiRO9I`
Yara	PE_Header_Zero - PE File Signature VMProtect_Zero - VMProtect packed file IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return
WriteConsoleA June 4, 2021, 10:47 p.m.	buffer: ======================== HUC Packet Transmit Tool V1.00 ======================= console_handle: 0x00000007	1	1
WriteConsoleA June 4, 2021, 10:47 p.m.	buffer: =========== Code by lion & bkbll, Welcome to [url]http://www.cnhonker.com[/url] ========== console_handle: 0x00000007	1	1
WriteConsoleA June 4, 2021, 10:47 p.m.	buffer: [Usage of Packet Transmit:] console_handle: 0x00000007	1	1
WriteConsoleA June 4, 2021, 10:47 p.m.	buffer: C:\Users\test22\AppData\Local\Temp\ll.exe -<listen\|tran\|slave> <option> [-log logfile] console_handle: 0x00000007	1	1
WriteConsoleA June 4, 2021, 10:47 p.m.	buffer: [option:] console_handle: 0x00000007	1	1
WriteConsoleA June 4, 2021, 10:47 p.m.	buffer: -listen <ConnectPort> <TransmitPort> console_handle: 0x00000007	1	1
WriteConsoleA June 4, 2021, 10:47 p.m.	buffer: -tran <ConnectPort> <TransmitHost> <TransmitPort> console_handle: 0x00000007	1	1
WriteConsoleA June 4, 2021, 10:47 p.m.	buffer: -slave <ConnectHost> <ConnectPort> <TransmitHost> <TransmitPort> console_handle: 0x00000007	1	1

section

{u'size_of_data': u'0x00012c00', u'virtual_address': u'0x00025000', u'entropy': 7.809146496846528, u'name': u'.vmp2', u'virtual_size': u'0x00012b3a'}

entropy

7.80914649685

description

A section with a high entropy has been found

entropy

0.974025974026

description

Overall entropy of this PE file is high

section	.vmp0	description	Section name indicates VMProtect
section	.vmp1	description	Section name indicates VMProtect
section	.vmp2	description	Section name indicates VMProtect

host

172.217.25.14

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Trojan.GenericKD.36986948
FireEye	Generic.mg.5b3ed99a5ef7ee49
McAfee	Artemis!5B3ED99A5EF7
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Riskware.Win32.Agent.ky
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.36986948
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.96dbff
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/HackTool.Hucline.K
APEX	Malicious
Alibaba	HackTool:Win32/Hucline.4d5e3571
AegisLab	Trojan.Win32.Generic.4!c
Rising	Trojan.Win32.Generic.190BBA9E (C64:YzY0OjRX0sf5hpHa)
Ad-Aware	Trojan.GenericKD.36986948
Emsisoft	Trojan.GenericKD.36986948 (B)
Comodo	Malware@#kjcnbwyvnow
F-Secure	Heuristic.HEUR/AGEN.1114955
McAfee-GW-Edition	BehavesLike.Win32.Generic.lc
Sophos	Mal/Generic-R
Avira	HEUR/AGEN.1114955
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Generic.ASMalwS.15BD499
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	HackTool:Win32/Htran
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.GenericKD.36986948
Cynet	Malicious (score: 100)
AhnLab-V3	HackTool/Win.Htran.C4449715
BitDefenderTheta	Gen:NN.ZexaF.34692.eG0@aWxzAbbi
Panda	Generic Suspicious
TrendMicro-HouseCall	TROJ_GEN.R002H0CES21
Tencent	Win32.Trojan.Heur.Swbm
SentinelOne	Static AI - Malicious PE
Fortinet	W32/PUP.Z
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_90% (W)

ll.exe