Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 26, 2021, 9:18 a.m.	Aug. 26, 2021, 9:18 a.m.

Size	368.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fbae05d8fbfbb56b2a96afabfcaab501`
SHA256	`c98a42f6e9e5f2e0e12f69c4ce7022265b7db271369ddb2ebff3348c0434d3cf`
CRC32	`8D3BEA92`
ssdeep	`6144:j4XrK9PX7Fp6Gh2wWRGl0EDDf1PisZQ5rAGQwg1QtP1f4paaYlsdcaMJEdbI0PzZ:sXe9PPlowWX0t6mOQwg1Qd15CcYk0Wep`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
a.uguu.se	A 144.76.201.136	144.76.201.136

IP Address	Status	Action
144.76.201.136	Active	Moloch
164.124.101.2	Active	Moloch

Flow	SID	Signature	Category
TCP 192.168.56.101:49201 -> 144.76.201.136:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49198 -> 144.76.201.136:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 144.76.201.136:443 -> 192.168.56.101:49202	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 26, 2021, 9:18 a.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 26, 2021, 9:18 a.m.		1	1	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 26, 2021, 9:18 a.m.	process_identifier: 2232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ce2000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 26, 2021, 9:18 a.m.	process_identifier: 2232 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x032a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00054200', u'virtual_address': u'0x0008c000', u'entropy': 7.937164429688532, u'name': u'UPX1', u'virtual_size': u'0x00055000'}

entropy

7.93716442969

description

A section with a high entropy has been found

entropy

0.91689373297

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
FireEye	Generic.mg.fbae05d8fbfbb56b
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cyren	W32/AutoIt.TA.gen!Eldorado
ESET-NOD32	a variant of Win32/Injector.Autoit.FMD
APEX	Malicious
Sophos	Generic ML PUA (PUA)
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
MaxSecure	Trojan.Malware.300983.susgen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
eGambit	Unsafe.AI_Score_99%
Webroot	Pua.Yukleyici

loader2.exe