Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 24, 2021, 10:49 p.m.	June 24, 2021, 10:56 p.m.

Size	7.5MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`9615ab661d92bbc4b3fda0fe3739ade7`
SHA256	`94f593a07ee9a5168450fd8a67825cca582cfcb890cc758cc651550e46894e92`
CRC32	`7DEE7B53`
ssdeep	`196608:v1oLBo8ywTbUGxa19aD0sSegGl31O301+:eB9xUfaDyGlF`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

.symtab

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses June 24, 2021, 10:42 p.m.	flags: 16 family: 0	1	0	0

host	172.217.25.14
host	185.250.150.20

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress June 24, 2021, 10:42 p.m.	ordinal: 0 function_address: 0x000007feff017a50 function_name: wine_get_version module: ntdll module_address: 0x00000000771c0000		-1073741511	0

MicroWorld-eScan	Gen:Variant.Bulz.518743
ALYac	Gen:Variant.Bulz.518743
Cylance	Unsafe
Sangfor	Riskware.Win32.Wacapew.C
Cybereason	malicious.e10a86
Arcabit	Trojan.Bulz.D7EA57
Symantec	Trojan.Gen.MBT
APEX	Malicious
Avast	FileRepMalware
BitDefender	Gen:Variant.Bulz.518743
AegisLab	Trojan.Win32.Bulz.4!c
Ad-Aware	Gen:Variant.Bulz.518743
McAfee-GW-Edition	BehavesLike.Win64.TrojanVeil.wm
FireEye	Gen:Variant.Bulz.518743
Emsisoft	Gen:Variant.Bulz.518743 (B)
Avira	HEUR/AGEN.1138547
Microsoft	Program:Win32/Wacapew.C!ml
GData	Gen:Variant.Bulz.518743
Cynet	Malicious (score: 100)
McAfee	Artemis!9615AB661D92
MAX	malware (ai score=86)
TrendMicro-HouseCall	TROJ_GEN.R002H09FI21
Fortinet	W32/PossibleThreat
AVG	FileRepMalware

dead_host

185.250.150.20:80

1234.exe