Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 1, 2021, 8:06 a.m.	July 1, 2021, 8:10 a.m.

Size	514.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f72c2ec4d30ac2255660c50ad4f3cb5f`
SHA256	`005cdcb32ac1705413e9dd2049e791a6eb2fb22274ce4fece226f9010b6cff02`
CRC32	`F7868BC9`
ssdeep	`12288:yyNiVYDIIYMfVL5Mhej1sMkNvdl+BcO2T6dVc:qSI9wp5MhepAVl+Sx+dC`
Yara	OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0006b200', u'virtual_address': u'0x00012000', u'entropy': 7.674340095903105, u'name': u'.data', u'virtual_size': u'0x0006ce58'}

entropy

7.6743400959

description

A section with a high entropy has been found

entropy

0.835282651072

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.386633
FireEye	Generic.mg.f72c2ec4d30ac225
ALYac	Gen:Variant.Zusy.386633
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.3274770
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 003c36381 )
Alibaba	Trojan:Win32/DelfInject.2ff0296e
K7GW	Trojan ( 003c36381 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZexaE.34770.GuW@aeWRoqci
Cyren	W32/Noon.W.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HLGP
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Injects.gen
BitDefender	Gen:Variant.Zusy.386633
NANO-Antivirus	Trojan.Win32.Injects.iwfzfc
Paloalto	generic.ml
AegisLab	Trojan.Win32.Injects.4!c
Tencent	Malware.Win32.Gencirc.11c23603
Ad-Aware	Gen:Variant.Zusy.386633
Emsisoft	Gen:Variant.Zusy.386633 (B)
McAfee-GW-Edition	BehavesLike.Win32.MultiPlug.hc
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Injects.ul
MaxSecure	Trojan.Malware.300983.susgen
MAX	malware (ai score=87)
Antiy-AVL	Trojan/Generic.ASMalwS.3372DC0
Gridinsoft	Trojan.Win32.Downloader.oa!s1
Microsoft	Trojan:Win32/DelfInject.RVD!MTB
GData	Gen:Variant.Zusy.386633
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R426474
Acronis	suspicious
McAfee	GenericRXOV-ZB!F72C2EC4D30A
VBA32	Trojan.Injects
Malwarebytes	Malware.AI.1850730742
TrendMicro-HouseCall	TROJ_GEN.R002C0DFU21
Rising	Trojan.Kryptik!1.D6EE (CLASSIC)
Yandex	Trojan.Injects!KPLSmY6GQUQ
Ikarus	Trojan.Inject
eGambit	Unsafe.AI_Score_97%
Fortinet	W32/Kryptik.HLGP!tr
AVG	Win32:MalwareX-gen [Trj]
Cybereason	malicious.0e1e1c

un.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All