Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 17, 2021, 9:33 a.m.	Aug. 17, 2021, 9:42 a.m.

Size	827.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3244a92cbba0f5edcae4ea2f2f0d1b7d`
SHA256	`fe23294471a62757c45932f4c5f6196585cc44f3ce5d29649868fe49c691ffa2`
CRC32	`6FE130F7`
ssdeep	`12288:WhxUck0fyI/Xv94r0umLKC+pvbIAsrxPT+o8wcr:WhGdkF4r0uvnDIFJP`
Yara	PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

packer

BobSoft Mini Delphi -> BoB / BobSoft

resource name

RXXA

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Aug. 17, 2021, 9:33 a.m.	process_identifier: 2232 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory Aug. 17, 2021, 9:33 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cc2000 process_handle: 0xffffffff	1	0	0

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Remcos.m!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Mikey.127063
FireEye	Generic.mg.3244a92cbba0f5ed
Cylance	Unsafe
Alibaba	Backdoor:Win32/Remcos.03ded7a7
BitDefenderTheta	Gen:NN.ZelphiF.34088.ZGW@aqrmlhfi
Cyren	W32/Delf.EZVQ-4415
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.EPYM
APEX	Malicious
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
BitDefender	Gen:Variant.Mikey.127063
Avast	Win32:RATX-gen [Trj]
Tencent	Win32.Backdoor.Remcos.Lhdc
Ad-Aware	Gen:Variant.Mikey.127063
McAfee-GW-Edition	BehavesLike.Win32.Fareit.ch
Sophos	Generic ML PUA (PUA)
Ikarus	Win32.Outbreak
Kingsoft	Win32.Hack.Undef.(kcloud)
Microsoft	Trojan:Win32/Fareit!ml
Cynet	Malicious (score: 100)
McAfee	GenericRXAA-AA!3244A92CBBA0
MAX	malware (ai score=89)
VBA32	TrojanDownloader.Agent
Rising	Trojan.Generic@ML.95 (RDML:GAkzn9YQV6JqBROYqbS6Qg)
SentinelOne	Static AI - Suspicious PE
eGambit	Unsafe.AI_Score_80%
AVG	Win32:RATX-gen [Trj]
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Win32/Backdoor.Remcos.HwUBT4cA

vbc.exe