Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 15, 2021, 12:30 p.m.	Aug. 15, 2021, 12:59 p.m.

Size	98.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2c088bc2980ba15e3500f929a7d13019`
SHA256	`284fe4243b097f48a25331d564e74fa79e02664470092dd6491e20e00c578a1f`
CRC32	`72499141`
ssdeep	`1536:5Csejmb+6BQyusX1UjtA0uWRf/eloc/9T1jVEyp:AtD6jSm0uWRfCogTjVEG`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Ave_Maria_Zero - Remote Access Trojan that is also called WARZONE RAT IsPE32 - (no description)

warzone.exe "C:\Users\test22\AppData\Local\Temp\warzone.exe"
2620
explorer.exe C:\Windows\Explorer.EXE
1236

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 15, 2021, 12:30 p.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

WM_DSP

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW Aug. 15, 2021, 12:23 p.m.	total_number_of_free_bytes: 10930814976 free_bytes_available: 10930814976 root_path: C:\ total_number_of_bytes: 34252779520	1	1	0

Foreign language identified in PE resource (1 event)

name

WM_DSP

language

LANG_ENGLISH

filetype

PE32 executable (GUI) Intel 80386, for MS Windows

sublanguage

SUBLANG_ARABIC_QATAR

offset

0x00018070

size

0x00002c00

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Bkav	W32.FamVT.BuerakMO.Trojan
Lionic	Trojan.Win32.Agentb.tret
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Maria.3
MicroWorld-eScan	DeepScan:Generic.Malware.SLlg.36A3E827
FireEye	Generic.mg.2c088bc2980ba15e
CAT-QuickHeal	Trojan.MocrtRI.S11879567
McAfee	WarzoneRAT-FCNI!2C088BC2980B
Cylance	Unsafe
Zillya	Trojan.Agentb.Win32.22106
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Agentb.d3c833b0
K7GW	Trojan ( 0054d10e1 )
K7AntiVirus	Trojan ( 0054d10e1 )
BitDefenderTheta	AI:Packer.AE92A8321F
Cyren	W32/Antiav.INDT-0919
Symantec	Backdoor.Avecma
ESET-NOD32	a variant of Win32/Agent.TJS
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Malware.Sllg-9774396-0
Kaspersky	Trojan.Win32.Agentb.jiad
BitDefender	DeepScan:Generic.Malware.SLlg.36A3E827
NANO-Antivirus	Trojan.Win32.AntiAV.fljpfv
Avast	Win32:Malware-gen
Rising	Stealer.AveMaria!1.BA1C (CLASSIC)
Ad-Aware	DeepScan:Generic.Malware.SLlg.36A3E827
Sophos	Mal/Generic-R + Troj/Mocrt-A
Comodo	TrojWare.Win32.AntiAV.VA@81mmki
TrendMicro	TrojanSpy.Win32.MOCRT.SM
McAfee-GW-Edition	BehavesLike.Win32.Dropper.nh
Emsisoft	DeepScan:Generic.Malware.SLlg.36A3E827 (B)
Ikarus	Trojan-Spy.Agent
Jiangmin	Trojan.Agentb.dvs
eGambit	Trojan.Generic
Avira	TR/Redcap.ghjpt
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Generic.ASMalwS.2A11D98
Kingsoft	Win32.Heur.KVMH017.a.(kcloud)
Gridinsoft	Trojan.Win32.Agent.vb!s1
Microsoft	Backdoor:Win32/Remcos!MTB
GData	DeepScan:Generic.Malware.SLlg.36A3E827
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.AveMaria.R263895
VBA32	BScope.TrojanSpy.AveMaria
ALYac	DeepScan:Generic.Malware.SLlg.36A3E827
Malwarebytes	AveMaria.Backdoor.Stealer.DDS
TrendMicro-HouseCall	TrojanSpy.Win32.MOCRT.SM
Tencent	Malware.Win32.Gencirc.10b4d4b1

warzone.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All