Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 29, 2021, 10:47 a.m.	July 29, 2021, 10:55 a.m.

Size	24.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a69e12607d01237460808fa1709e5e86`
SHA256	`188e05efb42c1f7fdb5c910a6614f710a87ae642b23ac9ffe3f75246744865bc`
CRC32	`15CB81D8`
ssdeep	`96:wpMyid82EdNqPXX9vO2wiEz7pc7vEroIQ9dNcfKdroIZdNg5sZroI7DNgsFlZgN+:w2d82Edwftwi+pAe45D4mdlMiY`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ July 29, 2021, 10:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x748ab727 registers.esp: 1636948 registers.edi: 3198896 registers.eax: 1636948 registers.ebp: 1637028 registers.edx: 0 registers.ebx: 3198896 registers.esi: 3198896 registers.ecx: 2	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 29, 2021, 10:47 a.m.	process_identifier: 2032 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fd2000 process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 29, 2021, 10:47 a.m.	process_identifier: 2032 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x004b0000 process_handle: 0xffffffff	1	0	0

Bkav	W32.FamVT.AgardCT.Trojan
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen9.55628
MicroWorld-eScan	Trojan.GenericKD.35157951
FireEye	Trojan.GenericKD.35157951
CAT-QuickHeal	Trojan.Agent
McAfee	Generic Trojan.iq
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Agent.EDSW
K7AntiVirus	Trojan ( 005607381 )
Alibaba	Trojan:MSIL/PrivacyToolSu.e5249181
K7GW	Trojan ( 005607381 )
Cybereason	malicious.07d012
Cyren	W32/Trojan.PXOD-6408
ESET-NOD32	MSIL/PrivacyToolSu.B
APEX	Malicious
Paloalto	generic.ml
BitDefender	Trojan.GenericKD.35157951
NANO-Antivirus	Trojan.Win32.PrivacyToolSu.htfbrk
Ad-Aware	Trojan.GenericKD.35157951
Sophos	Mal/Generic-R
Comodo	Malware@#tt8ycje1055h
Zillya	Trojan.PrivacyToolSu.Win32.1
TrendMicro	Trojan.Win32.PRIVATOOL.REG
McAfee-GW-Edition	Generic Trojan.iq
Emsisoft	Trojan.GenericKD.35157951 (B)
Ikarus	Trojan.Agent
Jiangmin	Trojan.Generic.gzbio
Webroot	W32.Rogue.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.2C23F94
Gridinsoft	Trojan.Win32.Gen.ba
GData	Trojan.GenericKD.35157951
AhnLab-V3	Malware/Win32.Generic.C3369194
VBA32	TScope.Trojan.VB
ALYac	Trojan.MSIL.PrivacyToolSu
MAX	malware (ai score=99)
Malwarebytes	Trojan.Injector.VB
TrendMicro-HouseCall	Trojan.Win32.PRIVATOOL.REG
Tencent	Malware.Win32.Gencirc.11c3d51d
Yandex	Trojan.PrivacyToolSu!9LP1IysdRSg
Fortinet	W32/Trojan.IQ!tr
MaxSecure	Trojan.Malware.74473450.susgen
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.Generic.HgIASOYA

reestr.exe