Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 10, 2021, 10:36 a.m.	July 10, 2021, 10:38 a.m.

Size	160.5KB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`715788fb520b3873db406fdf59521afa`
SHA256	`dbe60153ede523dc838e9289aa0b43c5022c182b85396381b96b5d44c1698e27`
CRC32	`0A661E93`
ssdeep	`3072:HOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvCYMjMqqDvFf:HOTcK+NrRioGHlz8rz0i/CzQqqDvFf`
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check NetWire_RAT_Zero - NetWire RAT PE_Header_Zero - PE File Signature

sysWow64-e1.exe "C:\Users\test22\AppData\Local\Temp\sysWow64-e1.exe"
732

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
66.42.43.177	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW July 10, 2021, 10:36 a.m.	computer_name: TEST22-PC	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00004e00', u'virtual_address': u'0x00022000', u'entropy': 7.011472814075958, u'name': u'.data', u'virtual_size': u'0x00004c7c'}

entropy

7.01147281408

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 event)

host

66.42.43.177

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\sysWOW32

reg_value

C:\Users\test22\AppData\Local\Temp\sysWow64-e1.exe

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Elastic	malicious (high confidence)
DrWeb	BackDoor.Wirenet.557
MicroWorld-eScan	Trojan.Agent.FCZE
FireEye	Generic.mg.715788fb520b3873
McAfee	GenericRXKH-LK!715788FB520B
Cylance	Unsafe
Zillya	Trojan.Weecnaw.Win32.761
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Spyware ( 0055216c1 )
Alibaba	TrojanSpy:Win32/Weecnaw.9973d878
K7GW	Spyware ( 0055216c1 )
Cybereason	malicious.b520b3
BitDefenderTheta	Gen:NN.ZexaF.34790.kCW@amFOnfo
Cyren	W32/S-6c6572b7!Eldorado
Symantec	Infostealer
ESET-NOD32	a variant of Win32/Spy.Weecnaw.P
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Dropper.NetWire-8025706-0
Kaspersky	HEUR:Trojan.Win32.NetWire.vho
BitDefender	Trojan.Agent.FCZE
NANO-Antivirus	Trojan.Win32.Wirenet.hlbptg
Avast	Win32:RATX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10ce3933
Ad-Aware	Trojan.Agent.FCZE
Emsisoft	Trojan.Agent.FCZE (B)
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.NETWIRED.SMK
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.ch
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
GData	Trojan.Agent.FCZE
Jiangmin	Backdoor.NetWiredRC.bld
Avira	TR/Spy.Gen
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Generic.ASMalwS.309056C
Gridinsoft	Ransom.Win32.Wacatac.oa!s1
Arcabit	Trojan.Agent.FCZE
Microsoft	Backdoor:Win32/Netwire.PA!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.RL_NetWiredRC.R342610
VBA32	BScope.TrojanSpy.Loyeetro
ALYac	Trojan.Agent.FCZE
TACHYON	Trojan/W32.NetWiredRC.164352
Malwarebytes	Backdoor.Quasar
TrendMicro-HouseCall	Backdoor.Win32.NETWIRED.SMK
Rising	Backdoor.NetWire!1.C98D (CLASSIC)
Yandex	Trojan.GenAsa!DOgbQEDHp9A
Ikarus	Backdoor.Rat.Netwire
Fortinet	W32/Ulise.103681!tr

sysWow64-e1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All