Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 1, 2021, 5:13 p.m.	Aug. 1, 2021, 5:13 p.m.

Size	696.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`05d3ecbebc7492b620bdd443ddec52a1`
SHA256	`ce24ef913e1790f362cb81f366364283d3f664b2547627d84701a76d9b38ba47`
CRC32	`2460ECB1`
ssdeep	`12288:RPUG+KqH7zak7K0IXMBR6yrD7VORbCV/hWiW0LP:Rhi7zakIsR6yroRCV/hWiW0LP`
Yara	Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	DATA
resource name	SQL

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Roaming\sqlite3.dll

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.Rm0@fHkSyEV
FireEye	Generic.mg.05d3ecbebc7492b6
CAT-QuickHeal	Trojan.VBCryptMF.S12536123
Qihoo-360	Win32/TrojanDropper.Generic.HykCueAA
ALYac	Gen:Trojan.Heur.Rm0@fHkSyEV
Malwarebytes	Spyware.PasswordStealer
Zillya	Trojan.VB.Win32.479464
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	NetWorm ( 700000151 )
Alibaba	Trojan:Win32/Miner.5e9b6ff1
K7GW	NetWorm ( 700000151 )
Cybereason	malicious.ebc749
Arcabit	Trojan.Heur.EFB612
Cyren	W32/Hupigon.D.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/VB.OPL
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Miner.axeaz
BitDefender	Gen:Trojan.Heur.Rm0@fHkSyEV
Avast	Win32:DropperX-gen [Drp]
Ad-Aware	Gen:Trojan.Heur.Rm0@fHkSyEV
Emsisoft	Gen:Trojan.Heur.Rm0@fHkSyEV (B)
DrWeb	Trojan.DownLoader40.39570
TrendMicro	TROJ_GEN.R002C0DGU21
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.jh
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.VB
Jiangmin	Trojan.Generic.gzcpl
Avira	TR/Dropper.Gen
MAX	malware (ai score=99)
Antiy-AVL	Trojan/Generic.ASMalwS.33FB0F6
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Downloader.oa
Microsoft	Trojan:Win32/Protob.B
GData	Gen:Trojan.Heur.Rm0@fHkSyEV
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Protob.R434945
McAfee	RDN/Generic Dropper
VBA32	SScope.Malware-Cryptor.VBCR.2841
Cylance	Unsafe
TrendMicro-HouseCall	TROJ_GEN.R002C0DGU21
SentinelOne	Static AI - Malicious PE
Fortinet	Riskware/Miner
BitDefenderTheta	AI:Packer.6C5B214F1B
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)

autodata.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All