Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 24, 2021, 7:05 p.m.	June 24, 2021, 7:22 p.m.

Size	1.4MB
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 936, Revision Number: {F84B7B8E-B61A-485B-8112-F9106D0D7E23}, Number of Words: 2, Subject: 6AkGp, Author: 6AkGp, Name of Creating Application: Advanced Installer 16.5 build 8df7ad95, Template: ;2052, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5	`808c722e8a8c165b817196f050f70d39`
SHA256	`2371a00ddd8b0a220b818aaed2cfa0a7453a35662579005113445e686ae23216`
CRC32	`C94DE94E`
ssdeep	`24576:iWuDXX4QP04BMeRocDP1NOYRn4nJjgDyk7TS4MclFdBbfYNn+Nnnm6ByMEUT:i7XIfi5ooRqJ8O6FlFdB0N+Nnnm6U4`
Yara	Microsoft_Office_File_Zero - Microsoft Office File

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "rEUnrWhtbNahO" C:\Users\test22\AppData\Local\Temp\3EBCE3A4.Png
2648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

FireEye	Gen:Variant.Bulz.446252
CAT-QuickHeal	Trojan.Agentb
Zillya	Trojan.Convagent.Win32.3606
Sangfor	Trojan.Win32.Save.a
Cyren	W32/Trojan.ESOV-9193
Symantec	Trojan.Gen.2
ESET-NOD32	multiple detections
TrendMicro-HouseCall	TrojanSpy.Win64.NOON.UHBAZCLOC
Avast	Win32:ExploitX-gen [Expl]
ClamAV	Win.Trojan.Bulz-9863763-0
Kaspersky	Trojan.Win32.Agentb.kkyd
BitDefender	Gen:Variant.Bulz.446252
NANO-Antivirus	Trojan.Win32.Black.ivcpha
Tencent	Vbs.Trojan.Agent.Dyqe
Sophos	Mal/VMProtBad-A
DrWeb	Trojan.Packed2.43111
TrendMicro	TROJ_GEN.R002C0PFG21
McAfee-GW-Edition	RDN/Generic.com
Emsisoft	Gen:Variant.Bulz.446252 (B)
Avira	TR/VB.Agent.doytm
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Generic.ASMalwS.32EA3E1
Kingsoft	Win32.Troj.Generic.a.(kcloud)
Microsoft	Trojan:Win32/Tiggre!rfn
AegisLab	Trojan.Win32.Agentb.4!c
GData	Script.Trojan.PurpleFox.D
Cynet	Malicious (score: 99)
McAfee	RDN/Generic.com
VBA32	TScope.Malware-Cryptor.SB
Rising	Trojan.PurpleFox/MSI!1.D10D (CLASSIC)
Ikarus	Trojan.Win32.VMProtect
Fortinet	W32/PossibleThreat
BitDefenderTheta	Gen:NN.ZedlaF.34758.rG4@aWpFvhd
AVG	Win32:ExploitX-gen [Expl]

3EBCE3A4.Png