Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 13, 2021, 9:27 a.m.	July 13, 2021, 9:38 a.m.

Size	412.7KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`b516ece6fab6a089d4540de2cdb7ffce`
SHA256	`8fdff97d01ee42d71b7d0acb3e4a121701604d04654acae723bc8096cd191e39`
CRC32	`F4ADD349`
ssdeep	`12288:5D+iqEAAAAAAAAAAAAAAAXAbAAAAAAAAAAAAAAAAAAAAAbAAAgAxAAAAAAAAAA+9:ct`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Antivirus - Contains references to security software OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

flashplayerpp_install_cn.exe "C:\Users\test22\AppData\Local\Temp\flashplayerpp_install_cn.exe"
1908

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

_RDATA

name

RT_ICON

language

LANG_CHINESE

filetype

dBase III DBT, version number 0, next free block index 40

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000270f0

size

0x00042028

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00069118

size

0x00000014

Alibaba	TrojanDownloader:Win64/Generic.69ca523a
Kaspersky	Trojan-Downloader.Win64.Agent.xb
Avast	Win64:Malware-gen
Comodo	TrojWare.Win32.Agent.pdfxt@0
Webroot	W32.Trojan.Gen
Kingsoft	Win32.TrojDownloader.Win64.xb.(kcloud)
ZoneAlarm	Trojan-Downloader.Win64.Agent.xb
Microsoft	Program:Win32/Wacapew.C!ml
McAfee	Artemis!B516ECE6FAB6
SentinelOne	Static AI - Suspicious PE
AVG	Win64:Malware-gen
Qihoo-360	Win64/TrojanDownloader.Generic.HgEASYQA

flashplayerpp_install_cn.exe