Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 8, 2021, 9:56 a.m.	Sept. 8, 2021, 9:59 a.m.

Size	243.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`5dc89acaae4edda1b0519ff9657b763a`
SHA256	`9d29d5a2fa3e1b5213d8e73bfbc32cc9f716a7d8a261289decd409a806a4220d`
CRC32	`388CF18B`
ssdeep	`3072:r7ZfniI3338yqpr/pxTmi50Q51uWWc6gn1/QBRvTfdcDKvWD5oX/Gq5F9fq:rZVPohxTfiQn5jQBRvjdfPX+qhy`
PDB Path	C:\nakuy\kucocikawot\xixorumadetewa\73-r.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\nakuy\kucocikawot\xixorumadetewa\73-r.pdb

resource name	FUFAMEDOWU
resource name	MORELUFA

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 8, 2021, 9:56 a.m.	process_identifier: 2444 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 143360 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x021db000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 8, 2021, 9:56 a.m.	process_identifier: 2444 region_size: 196608 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00390000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0002fa00', u'virtual_address': u'0x00001000', u'entropy': 7.842761188108351, u'name': u'.text', u'virtual_size': u'0x0002f960'}

entropy

7.84276118811

description

A section with a high entropy has been found

entropy

0.787190082645

description

Overall entropy of this PE file is high

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Fragtor.16772
FireEye	Generic.mg.5dc89acaae4edda1
ALYac	Gen:Variant.Jaik.47587
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056ac331 )
K7GW	Trojan ( 0056ac331 )
Cybereason	malicious.5f8098
BitDefenderTheta	Gen:NN.ZexaF.34126.pq0@a4d328lc
Cyren	W32/Kryptik.EWJ.gen!Eldorado
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Fragtor.16772
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Gen:Variant.Fragtor.16772
Sophos	ML/PE-A
McAfee-GW-Edition	BehavesLike.Win32.Worm.dc
Emsisoft	Gen:Variant.Fragtor.16772 (B)
GData	Gen:Variant.Fragtor.16772
MaxSecure	Trojan.Malware.300983.susgen
Arcabit	Trojan.Fragtor.D4184
Microsoft	Ransom:Win32/StopCrypt.MUK!MTB
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Artemis!5DC89ACAAE4E
MAX	malware (ai score=80)
Rising	Trojan.Generic@ML.80 (RDML:c19SzFPWF6Z/9YIKMklIHg)
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_85%
AVG	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)

apines.exe