Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 7, 2021, 11:02 p.m.	July 7, 2021, 11:04 p.m.

Size	160.5KB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`60d234d54c25dcef19a64ded3a587072`
SHA256	`4f10d7a2e964aa6c91e4b2da80fe82f8a566ca8a541592a4789b48f4dba11581`
CRC32	`1F94ED37`
ssdeep	`3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvCYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/CzQqqDvFf`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)

sysWow64.exe "C:\Users\test22\AppData\Local\Temp\sysWow64.exe"
1468

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
66.42.43.177	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW July 7, 2021, 11:02 p.m.	computer_name: TEST22-PC	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00004e00', u'virtual_address': u'0x00022000', u'entropy': 7.011472814075958, u'name': u'.data', u'virtual_size': u'0x00004c7c'}

entropy

7.01147281408

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 event)

host

66.42.43.177

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\sysWOW32

reg_value

C:\Users\test22\AppData\Local\Temp\sysWow64.exe

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Lionic	Trojan.Win32.NetWire.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Agent.FCZE
FireEye	Generic.mg.60d234d54c25dcef
McAfee	GenericRXKH-LK!60D234D54C25
Malwarebytes	Backdoor.Quasar
Zillya	Trojan.Weecnaw.Win32.761
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Spyware ( 0055216c1 )
K7GW	Spyware ( 0055216c1 )
Cybereason	malicious.54c25d
BitDefenderTheta	Gen:NN.ZexaF.34790.kCW@amsq2rh
Cyren	W32/S-6c6572b7!Eldorado
Symantec	Infostealer
ESET-NOD32	a variant of Win32/Spy.Weecnaw.P
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Dropper.NetWire-8025706-0
Kaspersky	Backdoor.Win32.NetWiredRC.lac
BitDefender	Trojan.Agent.FCZE
NANO-Antivirus	Trojan.Win32.Wirenet.hlbptg
Avast	Win32:RATX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10ce3933
Ad-Aware	Trojan.Agent.FCZE
TACHYON	Trojan/W32.NetWiredRC.164352
Emsisoft	Trojan.Agent.FCZE (B)
DrWeb	BackDoor.Wirenet.557
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.NETWIRED.SMK
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.ch
Sophos	Mal/Generic-S
Ikarus	Backdoor.Rat.Netwire
Jiangmin	Backdoor.NetWiredRC.bld
MaxSecure	Trojan.Malware.102170081.susgen
Avira	TR/Spy.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.309056C
Microsoft	Trojan:Win32/Woreflint.A!cl
Gridinsoft	Ransom.Win32.Wacatac.oa!s1
Arcabit	Trojan.Agent.FCZE
GData	Trojan.Agent.FCZE
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.RL_NetWiredRC.R342610
VBA32	BScope.TrojanSpy.Loyeetro
ALYac	Trojan.Agent.FCZE
MAX	malware (ai score=87)
Cylance	Unsafe
TrendMicro-HouseCall	Backdoor.Win32.NETWIRED.SMK
Rising	Backdoor.NetWire!1.C98D (CLASSIC)
Yandex	Trojan.GenAsa!DOgbQEDHp9A
SentinelOne	Static AI - Suspicious PE

sysWow64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All