Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 27, 2021, 3:27 p.m.	Aug. 27, 2021, 3:58 p.m.

Size	368.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7c1876b8b71c72e8e9fb2fd494020c67`
SHA256	`a7a1a43d30f2cb7ee32934670de804b7a2c2961e2ef950339438eab91b1e438b`
CRC32	`EFAA1486`
ssdeep	`6144:A4XrK9PX7Fp6Gh2wWRGl0EDDf1PisZQ5rAGQwg1QtP1f4paaYlsdcaMJEdbI0Pzj:vXe9PPlowWX0t6mOQwg1Qd15CcYk0WeT`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
a.uguu.se	A 144.76.201.136	144.76.201.136

IP Address	Status	Action
144.76.201.136	Active	Moloch
164.124.101.2	Active	Moloch

Flow	SID	Signature	Category
TCP 192.168.56.101:49201 -> 144.76.201.136:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 144.76.201.136:443 -> 192.168.56.101:49202	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49200 -> 144.76.201.136:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 27, 2021, 3:27 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 27, 2021, 3:27 p.m.		1	1	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 27, 2021, 3:27 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72a62000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 27, 2021, 3:27 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00054200', u'virtual_address': u'0x0008c000', u'entropy': 7.937174631398218, u'name': u'UPX1', u'virtual_size': u'0x00055000'}

entropy

7.9371746314

description

A section with a high entropy has been found

entropy

0.91689373297

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37482323
FireEye	Generic.mg.7c1876b8b71c72e8
ALYac	AIT:Trojan.Agent.FMCL
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005816c51 )
Alibaba	Trojan:AutoIt/Injector.33a14707
K7GW	Trojan ( 005816c51 )
Cybereason	malicious.9d5346
Cyren	W32/AutoIt.TA.gen!Eldorado
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of Win32/TrojanDownloader.Autoit.PEK
APEX	Malicious
Kaspersky	Trojan-Dropper.Win32.Apshee.q
BitDefender	Trojan.GenericKD.37482323
Avast	FileRepMalware
Ad-Aware	Trojan.GenericKD.37482323
Emsisoft	Trojan.Autoit (A)
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Sophos	Mal/Generic-S
Webroot	Pua.Yukleyici
Avira	TR/AutoIt.twniy
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Downloader.oa
Microsoft	Ransom:Win32/StopCrypt!ml
GData	Trojan.GenericKD.37482323
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.R438992
McAfee	Artemis!7C1876B8B71C
MAX	malware (ai score=86)
Malwarebytes	Trojan.Agent.AutoIt
Tencent	Win32.Trojan-dropper.Apshee.Ahoq
Ikarus	Trojan.Win32.Injector
Fortinet	AutoIt/Injector.FMD!tr
AVG	FileRepMalware
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_60% (W)

vbc.exe