Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 7, 2021, 7:02 p.m.	Sept. 7, 2021, 7:15 p.m.

Size	190.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`483715033eb4f12ab5c3d9a7e2953221`
SHA256	`f0f3f39e63a0fa9d1af8b6b23f23af1f1274f5f2a5a181a0070fb397fb7225a4`
CRC32	`469E3564`
ssdeep	`3072:fk8NCwrp3GknF7Q9XnHxm7y5Rk4Q/pzT3WvTTaA421M:iknZQ93Re46pzjMaA4A`
PDB Path	C:\rug.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\rug.pdb

resource name	PEDAPIBU
resource name	XUNIKEFOTURIZIBOHOCUZIYE

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 7, 2021, 7:02 p.m.	process_identifier: 1608 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 28672 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02234000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 7, 2021, 7:02 p.m.	process_identifier: 1608 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00380000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00013400', u'virtual_address': u'0x00001000', u'entropy': 7.271943712613426, u'name': u'.text', u'virtual_size': u'0x00013370'}

entropy

7.27194371261

description

A section with a high entropy has been found

entropy

0.407407407407

description

Overall entropy of this PE file is high

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Fragtor.16092
FireEye	Generic.mg.483715033eb4f12a
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7GW	Hacktool ( 700007861 )
Arcabit	Trojan.Jaik.DB9E3
Cyren	W32/Kryptik.EWJ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FKCI
APEX	Malicious
Kaspersky	VHO:Backdoor.Win32.Convagent.gen
BitDefender	Gen:Variant.Fragtor.16092
Avast	Win32:DropperX-gen [Drp]
Rising	Trojan.Generic@ML.95 (RDML:T9KeLS0fdqbKHPf9HgQn9A)
Ad-Aware	Gen:Variant.Fragtor.16092
Emsisoft	Gen:Variant.Fragtor.16092 (B)
McAfee-GW-Edition	BehavesLike.Win32.Emotet.ch
Sophos	ML/PE-A
SentinelOne	Static AI - Malicious PE
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Fragtor.16092
Cynet	Malicious (score: 100)
AhnLab-V3	Infostealer/Win.SmokeLoader.R440306
Acronis	suspicious
McAfee	GenericRXAA-AA!483715033EB4
MAX	malware (ai score=83)
Malwarebytes	Trojan.MalPack.GS
Ikarus	Trojan-Spy.Agent
BitDefenderTheta	Gen:NN.ZexaF.34126.lq0@aCZ2Y7bc
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (D)
MaxSecure	Trojan.Malware.300983.susgen

clip.exe