Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 11, 2021, 6:48 p.m.	Aug. 11, 2021, 6:50 p.m.

Size	6.0MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`86178014e457120d9dc6f6e27453338c`
SHA256	`d541b9ff1fd68818abd9d0f70966e97beaab82dd6bb32d66566fbd6d657fbfd8`
CRC32	`E4C213EC`
ssdeep	`49152:+G6we2P/3W01/65p9CepD70BIme1AWwYg015Y5vl5zytq9oB5JSZZSYu5q01ka2i:+32P/d/s`
Yara	UPX_Zero - UPX packed file IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware anti_vm_detect - Possibly employs anti-virtualization techniques Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature NPKI_Zero - File included NPKI

96igu56gtfujs740t6id.exe "C:\Users\test22\AppData\Local\Temp\96igu56gtfujs740t6id.exe"
2500

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

.symtab

Time & API	Arguments	Status
NtAllocateVirtualMemory Aug. 11, 2021, 6:48 p.m.	process_identifier: 2500 region_size: 1900544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000287f0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 11, 2021, 6:48 p.m.	process_identifier: 2500 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000028940000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 11, 2021, 6:48 p.m.	process_identifier: 2500 region_size: 2490368 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000289c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 11, 2021, 6:48 p.m.	process_identifier: 2500 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000028ba0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Aug. 11, 2021, 6:48 p.m.	ordinal: 0 function_address: 0x000007feff1a7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000077900000		-1073741511	0

Lionic	Trojan.Win32.Agent.b!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.46734996
FireEye	Trojan.GenericKD.46734996
McAfee	GenericRXAA-AA!86178014E457
Malwarebytes	Malware.AI.4285350233
Sangfor	Trojan.Win32.Agent.tetqvx
K7AntiVirus	Trojan ( 0057c5571 )
Alibaba	Trojan:Win32/GoCLR.a3a4e2d9
K7GW	Trojan ( 0057c5571 )
Arcabit	Trojan.Generic.D2C91E94
ESET-NOD32	a variant of WinGo/GoCLR.A
APEX	Malicious
ClamAV	Win.Malware.Bulz-9847817-0
Kaspersky	Trojan-Dropper.Win32.Agent.tetqvx
BitDefender	Trojan.GenericKD.46734996
Avast	Win64:Trojan-gen
Ad-Aware	Trojan.GenericKD.46734996
Comodo	Malware@#23lpl4fe262p9
DrWeb	Trojan.MulDrop18.21489
TrendMicro	TROJ_GEN.R002C0WH621
McAfee-GW-Edition	BehavesLike.Win64.Trojan.vh
Sophos	Mal/Generic-S
Ikarus	Trojan.CobaltStrike
eGambit	Unsafe.AI_Score_100%
Avira	HEUR/AGEN.1144117
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Malware.Win64.MigratedCloud.cc
Microsoft	Trojan:Win32/Tnega!ml
ZoneAlarm	Trojan-Dropper.Win32.Agent.tetqvx
GData	Trojan.GenericKD.46734996
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R426638
VBA32	TrojanDropper.MSIL.Agent
ALYac	Trojan.GenericKD.46734996
MAX	malware (ai score=100)
Cylance	Unsafe
Rising	HackTool.GoCLR!1.D71D (CLASSIC)
Yandex	Trojan.DR.Agent!zJ+7ehHYawY
Fortinet	W64/GoCLR.A!tr
AVG	Win64:Trojan-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Win64/TrojanDropper.Generic.H8oADAcA

96igu56gtfujs740t6id.exe