Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 1, 2021, 1:51 p.m.	July 1, 2021, 1:56 p.m.

Size	120.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b5571f25836cd41445aa42574af4b736`
SHA256	`3012b7a51af86d42beaaf6488f7166002226cbaee3ccb92e1c2a2d4b107c3930`
CRC32	`40099C6F`
ssdeep	`1536:NWlMcDP/5ToUTS13bz62av30HmmIoDQBlIAqFJv/x++4Si96Hjvrh0rPgz6vUUg+:shKuAGCI7zqbg7SQyx0vgKBAKBgI`
Yara	IsPE32 - (no description) Generic_Malware_Zero - Generic Malware PE_Header_Zero - PE File Signature

file4.exe "C:\Users\test22\AppData\Local\Temp\file4.exe"
2232
- file4.exe "C:\Users\test22\AppData\Local\Temp\file4.exe"
  1348

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 1, 2021, 1:51 p.m.		1	1	0

Time & API	Arguments	Status
NtProtectVirtualMemory July 1, 2021, 1:51 p.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d72000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 1, 2021, 1:51 p.m.	process_identifier: 2232 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 1, 2021, 1:52 p.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 1, 2021, 1:55 p.m.	process_identifier: 1348 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_TRADITIONAL

offset

0x0001a0f0

size

0x0000026c

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 1, 2021, 1:51 p.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003f0000 process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA July 1, 2021, 1:52 p.m.	service_handle: 0x004e5170 service_type: 48 service_status: 3		0	0

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.885387
FireEye	Generic.mg.b5571f25836cd414
Qihoo-360	Win32/Trojan.Generic.HgIASXgA
Cylance	Unsafe
Sangfor	Riskware.Win32.Agent.ky
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan.Win32.Chapak.ezta
BitDefender	Gen:Variant.Razy.885387
Paloalto	generic.ml
AegisLab	Trojan.Multi.Generic.4!c
Ad-Aware	Gen:Variant.Razy.885387
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Variant.Razy.885387 (B)
Webroot	W32.Malware.Gen
Kingsoft	Win32.Troj.Chapak.ez.(kcloud)
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Razy.885387
McAfee	RDN/Generic.dx
MAX	malware (ai score=85)
TrendMicro-HouseCall	TROJ_GEN.R06CH09FU21
SentinelOne	Static AI - Malicious PE
eGambit	PE.Heur.InvalidSig
Fortinet	W32/PossibleThreat
BitDefenderTheta	Gen:NN.ZevbaF.34770.hm2@amRrcZmb
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)

file4.exe