Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 24, 2021, 9:02 a.m.	June 24, 2021, 9:51 a.m.

Size	1.4MB
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 936, Revision Number: {6DEA2D23-0F41-40EC-8ABE-DB484B9A6647}, Number of Words: 2, Subject: VKBjD, Author: VKBjD, Name of Creating Application: Advanced Installer 16.5 build 8df7ad95, Template: ;2052, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5	`b53accbf466304e55d3abdda94c1fe5d`
SHA256	`0e723f0f68b2800366b5abea9fa863ae89fc327c795bb8c60cf8fe087ebcf8b3`
CRC32	`77318F71`
ssdeep	`24576:L6uDXXNLj04BMeRocDP1NadWsvF4e1LpDhkPTG4Mcgiwkew8vroUQGDXDNSnf6Bv:L/Xdci5ooOWyLpFeBRSw8vlQIzNSnf6l`
Yara	Microsoft_Office_File_Zero - Microsoft Office File

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "vKSOyrBnaWr" C:\Users\test22\AppData\Local\Temp\08388E25.Png
4944

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

No Suricata Alerts

No Suricata TLS

host

172.217.25.14

DrWeb	Trojan.Packed2.43111
ClamAV	Win.Trojan.Bulz-9863763-0
FireEye	Gen:Variant.Bulz.446252
CAT-QuickHeal	Trojan.Agentb
McAfee	RDN/Generic.com
Zillya	Trojan.Convagent.Win32.3606
Sangfor	Trojan.Win32.Save.a
BitDefenderTheta	Gen:NN.ZedlaF.34758.rG4@aWpFvhd
Cyren	W32/Trojan.ESOV-9193
Symantec	Trojan.Gen.MBT
ESET-NOD32	multiple detections
TrendMicro-HouseCall	TrojanSpy.Win64.NOON.UHBAZCLOC
Avast	Other:Malware-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Agentb.kkyd
BitDefender	Gen:Variant.Bulz.446252
NANO-Antivirus	Trojan.Win32.Black.ivcpha
Rising	Trojan.PurpleFox/MSI!1.D10D (CLASSIC)
Sophos	Mal/Generic-R
TrendMicro	TROJ_GEN.R002C0PFG21
McAfee-GW-Edition	RDN/Generic.com
Emsisoft	Gen:Variant.Bulz.446252 (B)
Avira	TR/VB.Agent.rdoco
Antiy-AVL	Trojan/Generic.ASMalwS.32EA3E1
Kingsoft	Win32.Troj.Generic.a.(kcloud)
Microsoft	Trojan:Win32/Tiggre!rfn
AegisLab	Trojan.Win32.Agentb.4!c
GData	Script.Trojan.PurpleFox.D
VBA32	TScope.Malware-Cryptor.SB
MAX	malware (ai score=81)
Tencent	Win32.Trojan.Agentb.Pdly
Ikarus	Trojan.Win32.VMProtect
Fortinet	W32/PossibleThreat
AVG	Other:Malware-gen [Trj]

08388E25.Png