Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 4, 2021, 1:54 p.m.	Sept. 4, 2021, 2:02 p.m.

Size	675.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4e120e201ef1e0c75a923215aa66e07b`
SHA256	`9068226836b564e7d81a13c015a217bc2870dcfab4bd643c87a4551b6f9d2c97`
CRC32	`58EA99C5`
ssdeep	`12288:qwXJkb4f2LnqOjfkvHcgd3rXWDFbiAEM5lLVXbRWRPM5pBfdIyt/W7THlS:pKnLkv8gB0GAEM5lLVrclkvlH/qJS`
PDB Path	C:\diriwotif\mas\serov-mij.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\diriwotif\mas\serov-mij.pdb

resource name

BOLAWACULATOREGOWAVOVOSIXAZIWEMU

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 4, 2021, 1:54 p.m.	process_identifier: 1908 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 503808 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0226d000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 4, 2021, 1:54 p.m.	process_identifier: 1908 region_size: 864256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03a70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00084200', u'virtual_address': u'0x00001000', u'entropy': 7.981453275670867, u'name': u'.text', u'virtual_size': u'0x00084150'}

entropy

7.98145327567

description

A section with a high entropy has been found

entropy

0.783543365456

description

Overall entropy of this PE file is high

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Fragtor.15265
FireEye	Generic.mg.4e120e201ef1e0c7
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056d16b1 )
K7GW	Trojan ( 0056d16b1 )
BitDefenderTheta	Gen:NN.ZexaF.34126.Qq0@a4GlrAnG
Cyren	W32/Kryptik.EWJ.gen!Eldorado
ESET-NOD32	a variant of Win32/Kryptik.HMII
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Fragtor.15265
Avast	Win32:RansomX-gen [Ransom]
Rising	Trojan.Kryptik!1.D91D (CLASSIC)
Ad-Aware	Gen:Variant.Fragtor.15265
Emsisoft	Gen:Variant.Fragtor.15265 (B)
McAfee-GW-Edition	BehavesLike.Win32.Emotet.jc
Sophos	ML/PE-A
MAX	malware (ai score=82)
Microsoft	Trojan:Win32/Azorult.RF!MTB
GData	Gen:Variant.Fragtor.15265
Cynet	Malicious (score: 100)
AhnLab-V3	CoinMiner/Win.Glupteba.R440044
Acronis	suspicious
McAfee	RDN/Generic.grp
VBA32	BScope.Backdoor.Mokes
Malwarebytes	Trojan.MalPack
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_58%
Fortinet	W32/Kryptik.HMIM!tr
AVG	Win32:RansomX-gen [Ransom]
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.300983.susgen

Soft-win.exe