Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 10, 2021, 10:32 a.m.	Aug. 10, 2021, 10:35 a.m.

Size	305.1KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`51a9c62b973de53fb8cbe27ab7b6db9b`
SHA256	`f86b8862461fc09be89a685b16b534a6ef231e2ec2f6da874eb2f4018c6700b1`
CRC32	`C05E58C4`
ssdeep	`6144:iokJIphWRmp2kYCeYPsZRaRQFqgYxgGN6Ep74aSETNLz:PkJLo3eRZARQgOY6M7UONf`
PDB Path	C:\xampp\htdocs\Loct\ad7aa2f20c094641a301b4693643dba7\Loader\Project1\Release\Project1.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\xampp\htdocs\Loct\ad7aa2f20c094641a301b4693643dba7\Loader\Project1\Release\Project1.pdb

section

.gfids

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 10, 2021, 10:32 a.m.	process_identifier: 1108 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0018f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 10, 2021, 10:32 a.m.	process_identifier: 1108 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 10, 2021, 10:32 a.m.	process_identifier: 1108 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess Aug. 10, 2021, 10:32 a.m.	status_code: 0x00000000 process_identifier: 204 process_handle: 0x000000c0		0	0
NtTerminateProcess Aug. 10, 2021, 10:32 a.m.	status_code: 0x00000000 process_identifier: 204 process_handle: 0x000000c0	1	0	0

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Malicious.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen3.1955
FireEye	Generic.mg.51a9c62b973de53f
Cylance	Unsafe
VIPRE	Win32.Malware!Drop
Sangfor	Trojan.Win32.Save.a
Alibaba	TrojanSpy:Win32/Kryptik.df48a3cf
Cybereason	malicious.900bf8
BitDefenderTheta	Gen:NN.ZexaF.34058.tuZ@aqIFMXfi
Cyren	W32/Injector.AKK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HMAB
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.Win32.Noon.gen
BitDefender	Trojan.GenericFCA.Agent.11813
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan.Inject.Auto
Emsisoft	Trojan.Crypt (A)
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Sophos	Mal/Generic-R
SentinelOne	Static AI - Suspicious PE
MAX	malware (ai score=82)
Microsoft	Trojan:Win32/AgentTesla.BKP!MTB
GData	MSIL.Trojan-Stealer.AgentTesla.62GOCG
Cynet	Malicious (score: 100)
McAfee	RDN/Generic.grp
VBA32	BScope.Trojan-Dropper.Injector
TrendMicro-HouseCall	TROJ_GEN.R002H0CH921
Ikarus	Win32.Outbreak
Fortinet	W32/GenKryptik.FIBB!tr
AVG	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_80% (W)
Qihoo-360	Win32/TrojanSpy.Noon.HwoCJ58A

abb.exe