Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 20, 2021, 9:13 a.m.	Aug. 20, 2021, 9:17 a.m.

Size	247.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`d942626640bd34a96b1887f24feeecf7`
SHA256	`7b988271813c4427f60be1eb527fff7d3270308b3e8d750663d70028e084e018`
CRC32	`7F335204`
ssdeep	`3072:YjpHUCWz751iuPJv0+ZTCUb1TzMUIxapGa38Are8gecmQqEEOuARg9joKKT0yB3M:gCC651iwlMFiGajgex9pO89j2`
PDB Path	C:\zuboxanem92\mixobex.pdb
Yara	PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\zuboxanem92\mixobex.pdb

resource name

None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 20, 2021, 9:13 a.m.	process_identifier: 2080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 139264 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02d7d000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 20, 2021, 9:13 a.m.	process_identifier: 2080 region_size: 192512 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00029600', u'virtual_address': u'0x00001000', u'entropy': 7.906579514904883, u'name': u'.text', u'virtual_size': u'0x000295f4'}

entropy

7.9065795149

description

A section with a high entropy has been found

entropy

0.672764227642

description

Overall entropy of this PE file is high

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
FireEye	Generic.mg.d942626640bd34a9
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056f9be1 )
K7GW	Trojan ( 0056f9be1 )
BitDefenderTheta	Gen:NN.ZexaF.34088.pq0@a4BqYjgi
Cyren	W32/Kryptik.EWJ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FJFD
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan-Spy.Win32.Stealer.gen
Avast	Win32:TrojanX-gen [Trj]
Emsisoft	Trojan.Agent (A)
TrendMicro	Mal_HPGen-50
McAfee-GW-Edition	BehavesLike.Win32.Emotet.dc
Sophos	ML/PE-A + Troj/Krypt-W
Avira	TR/AD.RedLineSteal.ienyq
Gridinsoft	Trojan.Win32.Packed.lu!heur
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	HEUR:Trojan.Win32.Zenpak.gen
GData	MSIL.Trojan-Stealer.NetSteal.44O13B
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Artemis!D942626640BD
VBA32	BScope.Trojan.Glupteba
Malwarebytes	Trojan.MalPack.GS
TrendMicro-HouseCall	Mal_HPGen-50
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.FJEX!tr
AVG	Win32:TrojanX-gen [Trj]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (W)

apines1.exe