Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 8, 2021, 10:11 a.m.	June 8, 2021, 10:19 a.m.

Size	3.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4024e3a79b01981ce7e8c42c8c815d30`
SHA256	`c4856ddecc01169640f9ea92e6d66e84db1b654edf04dc1556bd6fa527178760`
CRC32	`2657D2E9`
ssdeep	`49152:Ieobme+pQ+E8IaHwEEUw2jdf2BEwoeedYRveenS37ndasTXT4YZV9TGYRW21bx2x:48w7UTjdOBE3D37dVNZVQYEE`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)

excel.exe "C:\Users\test22\AppData\Local\Temp\excel.exe"
4356

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
104.21.19.200	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x000b7200', u'virtual_address': u'0x00313000', u'entropy': 7.9703343189417195, u'name': u'.rdata', u'virtual_size': u'0x000b71bc'}

entropy

7.97033431894

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00018800', u'virtual_address': u'0x003ce000', u'entropy': 6.837582626495938, u'name': u'.reloc', u'virtual_size': u'0x000187e8'}

entropy

6.8375826265

description

A section with a high entropy has been found

entropy

0.208747015207

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (2 events)

host	104.21.19.200
host	172.217.25.14

File has been identified by 31 AntiVirus engines on VirusTotal as malicious (31 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.46430082
ALYac	Trojan.GenericKD.46430082
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0057c26b1 )
Alibaba	Trojan:Win32/TrojanX.3be8413c
K7GW	Trojan ( 0057c26b1 )
Cybereason	malicious.24731d
Arcabit	Trojan.Generic.D2C47782
ESET-NOD32	a variant of Win32/Agent.ADBL
APEX	Malicious
BitDefender	Trojan.GenericKD.46430082
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Trojan.GenericKD.46430082
McAfee-GW-Edition	BehavesLike.Win32.MultiPlug.wh
FireEye	Generic.mg.4024e3a79b01981c
Emsisoft	Trojan.GenericKD.46430082 (B)
Ikarus	Trojan.Win32.Agent
Avira	TR/Agent.qjpkp
Microsoft	Trojan:Win32/Wacatac.B!ml
AegisLab	Trojan.Win32.Generic.4!c
GData	Trojan.GenericKD.46430082
Cynet	Malicious (score: 100)
McAfee	GenericRXOK-GM!4024E3A79B01
MAX	malware (ai score=85)
TrendMicro-HouseCall	TROJ_GEN.R002H06F521
Fortinet	W32/Agent.ADBL!tr
BitDefenderTheta	Gen:NN.ZexaF.34722.4xW@aqTl7mbi
AVG	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_60% (W)

excel

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All