Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 3, 2021, 9:31 a.m.	July 3, 2021, 9:34 a.m.

Size	331.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1fa2d8db24799c93d9b6aa37e05f5525`
SHA256	`073143c5d5589117612c308b01f84c5e5b024878e98b15021ca820458219a568`
CRC32	`586B23E4`
ssdeep	`6144:v13nwMjsBt/xLRMf93cDv6x28TYfzCHkmGj8aOZL4AnLLO:d3wMsB7RMfFgsT4Ak8l43`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch
23.227.203.229	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.text4
section	.text3
section	.text2

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

Connection to IP address

suspicious_request

GET http://23.227.203.229/pixel

Performs some HTTP requests (1 event)

request

GET http://23.227.203.229/pixel

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0004c400', u'virtual_address': u'0x00001000', u'entropy': 7.1646126655122435, u'name': u'.text', u'virtual_size': u'0x0004c25f'}

entropy

7.16461266551

description

A section with a high entropy has been found

entropy

0.935582822086

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (2 events)

host	172.217.25.14
host	23.227.203.229

File has been identified by 41 AntiVirus engines on VirusTotal as malicious (41 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Graftor.972339
ALYac	Gen:Variant.Ulise.248204
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	Trojan:Win32/Kryptik.c63abde4
CrowdStrike	win/malicious_confidence_80% (W)
Arcabit	Trojan.Fugrafa.D2537E
BitDefenderTheta	Gen:NN.ZexaF.34790.uC1@aWQrinii
Cyren	W32/Kryptik.EMS.gen!Eldorado
Symantec	Packed.Generic.459
ESET-NOD32	a variant of Win32/Kryptik.HLON
TrendMicro-HouseCall	TROJ_GEN.R002C0WG221
Avast	Win32:DangerousSig [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Graftor.972339
Paloalto	generic.ml
Ad-Aware	Gen:Variant.Graftor.972339
Sophos	ML/PE-A
TrendMicro	TROJ_GEN.R002C0WG221
McAfee-GW-Edition	Artemis!Trojan
SentinelOne	Static AI - Suspicious PE
FireEye	Generic.mg.1fa2d8db24799c93
Emsisoft	Gen:Variant.Graftor.972339 (B)
APEX	Malicious
Antiy-AVL	Trojan/Generic.ASCommon.1BE
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Graftor.972339
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Agent.R429033
Acronis	suspicious
McAfee	RDN/Generic.rp
MAX	malware (ai score=80)
VBA32	BScope.Exploit.CVE-1999-0016
Ikarus	Win32.Outbreak
Fortinet	W32/Kryptik.HLON!tr
AVG	Win32:DangerousSig [Trj]
Cybereason	malicious.86e275
Qihoo-360	Win32/Heur.Generic.HxMBUxsA

YPlX4My0iUBh3V.php

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All