Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 7, 2021, 7:03 p.m.	Sept. 7, 2021, 7:06 p.m.

Size	338.9KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ef125f7a35d65a62902594b0b4c46812`
SHA256	`c8b7234f8cbfaa32f5c52c02b259511861bfa602a447aea1b1e82f024f102e50`
CRC32	`CE9F022F`
ssdeep	`6144:Kuapr+ATpbbX5OBlC8+lEvKlJfF05Ibmu9EgeIKxAtW6Iz:KJTN58lC8+lEvKlJfF05Ibmu9EgeIKxp`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Is_DotNET_EXE - (no description) Malicious_Packer_Zero - Malicious Packer Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
FireEye	Generic.mg.ef125f7a35d65a62
CAT-QuickHeal	Backdoor.MsilFC.S13564499
McAfee	Fareit-FZT!EF125F7A35D6
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.a35d65
ESET-NOD32	a variant of MSIL/Agent.CFQ
ClamAV	Win.Packed.Razy-9625918-0
Kaspersky	HEUR:Backdoor.MSIL.Crysan.gen
BitDefender	IL:Trojan.MSILZilla.1627
MicroWorld-eScan	IL:Trojan.MSILZilla.1627
Avast	Win32:DropperX-gen [Drp]
Ad-Aware	IL:Trojan.MSILZilla.1627
Emsisoft	IL:Trojan.MSILZilla.1627 (B)
DrWeb	Trojan.Siggen9.56514
McAfee-GW-Edition	Fareit-FZT!EF125F7A35D6
Sophos	Mal/Agent-AVM
SentinelOne	Static AI - Malicious PE
Jiangmin	Backdoor.MSIL.cxnh
eGambit	Unsafe.AI_Score_92%
Avira	HEUR/AGEN.1143588
MAX	malware (ai score=80)
Microsoft	Backdoor:MSIL/AsyncRat.AD!MTB
GData	MSIL.Trojan.PSE.1DQ5TRK
AhnLab-V3	Trojan/Win32.RL_Generic.C3546893
BitDefenderTheta	Gen:NN.ZemsilF.34126.vm2@aaKuHrjO
ALYac	IL:Trojan.MSILZilla.1627
Malwarebytes	Generic.Trojan.Malicious.DDS
Rising	Trojan.AntiVM!1.CF63 (CLASSIC)
Ikarus	Trojan.MSIL.Agent
Fortinet	MSIL/CoinMiner.CFQ!tr
AVG	Win32:DropperX-gen [Drp]
CrowdStrike	win/malicious_confidence_70% (D)

c2.exe