Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 14, 2021, 3:56 p.m.	July 14, 2021, 3:56 p.m.

Size	176.5KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c2b80fa119a1f182a24569df973f6b44`
SHA256	`7c80c1cbca689063977ae3ea76bf38553e02819ecb28b48ec2b1c7d4633e6052`
CRC32	`46354760`
ssdeep	`3072:3JWgjeWy6Qn2EjqWHBFtvLSmZIMr1ckoXYZK1+5RUQ3cg5NwrSl+2wxvvVDqwl+a:30gdy6I29sSqD15oXYZTBMYwrSl+2wxU`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Dridex_Gene_Zero - Win32 Trojan Dridex Gene

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0001ec00', u'virtual_address': u'0x00007000', u'entropy': 7.723174694475976, u'name': u'.rdata', u'virtual_size': u'0x0001ea2c'}

entropy

7.72317469448

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00006400', u'virtual_address': u'0x00026000', u'entropy': 6.883766898191934, u'name': u'.data', u'virtual_size': u'0x00007e88'}

entropy

6.88376689819

description

A section with a high entropy has been found

entropy

0.843304843305

description

Overall entropy of this PE file is high

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Lionic	Trojan.Win32.Cridex.7!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37198957
CAT-QuickHeal	Trojan.Multi
ALYac	Spyware.Banker.Dridex
Malwarebytes	Trojan.Dridex
VIPRE	Trojan.Win32.Tracur.d (v)
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/EmotetedCryptc.180910
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Arcabit	Trojan.Generic.D2379C6D
Cyren	W32/Kryptik.ENU.gen!Eldorado
ESET-NOD32	a variant of Win32/Kryptik.HLPT
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Banker.Win32.Cridex.amqt
BitDefender	Trojan.GenericKD.37198957
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:TrojanX-gen [Trj]
Tencent	Win32.Trojan.Generic.Syhs
Ad-Aware	Trojan.GenericKD.37198957
Sophos	ML/PE-A + Troj/Agent-BHHA
Comodo	Malware@#3q7mj7jmjirs
Zillya	Trojan.Cridex.Win32.1436
TrendMicro	TROJ_FRS.0NA103G721
McAfee-GW-Edition	Drixed-FJX!C2B80FA119A1
FireEye	Generic.mg.c2b80fa119a1f182
Emsisoft	Trojan.Crypt (A)
Ikarus	Trojan.Win32.Dridex
Webroot	W32.Malware.Gen
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.oa
Microsoft	Trojan:Win32/Dridex.GC!MTB
GData	Trojan.GenericKD.37198957
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Dridex.C4544306
Acronis	suspicious
McAfee	Drixed-FJX!C2B80FA119A1
MAX	malware (ai score=88)
VBA32	TScope.Malware-Cryptor.SB
Cylance	Unsafe
TrendMicro-HouseCall	TROJ_FRS.0NA103G721
Rising	Trojan.Generic@ML.83 (RDMK:XKSBwrCbimr/+myF4YX/Wg)
Yandex	Trojan.PWS.Cridex!lgjRi6VeDx4
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.119423907.susgen
Fortinet	W32/Kryptik.HLPT!tr
BitDefenderTheta	Gen:NN.ZedlaF.34796.lu8@aCHJXOii

pdllod.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All