Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 8, 2021, 9:56 a.m.	Sept. 8, 2021, 9:59 a.m.

Size	595.0KB
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`109c2133f17fa4e495f63c99429835f9`
SHA256	`64cc1575183bd3525e59a436b8c1930ac1fe60fabde4878e4f2256892499ef9a`
CRC32	`45D6F9B1`
ssdeep	`12288:z1Potrm/P9Yw3BJ8b68fJ8iQ/3nl1GXEVE5Q7CsFvFqqHHhEDkEx:pPotrSFYwvU6UX7SmsFtqqnS`
Yara	PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Sept. 8, 2021, 9:56 a.m.	buffer: total: 2, filtered: 1 console_handle: 0x00000007	1	1	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 8, 2021, 9:56 a.m.		1	1	0

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

section

{u'size_of_data': u'0x00094800', u'virtual_address': u'0x000f6000', u'entropy': 7.87787087862491, u'name': u'UPX1', u'virtual_size': u'0x00095000'}

entropy

7.87787087862

description

A section with a high entropy has been found

entropy

0.999158957107

description

Overall entropy of this PE file is high

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Sept. 8, 2021, 9:56 a.m.	ordinal: 0 function_address: 0x0018fe3d function_name: wine_get_version module: ntdll module_address: 0x77ae0000		3221225785	0

Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37533989
FireEye	Trojan.GenericKD.37533989
ALYac	Trojan.GenericKD.37533989
Cylance	Unsafe
K7AntiVirus	Trojan ( 0057c6591 )
Alibaba	Trojan:Win32/RanumBot.61fb177c
K7GW	Trojan ( 0057c6591 )
CrowdStrike	win/malicious_confidence_60% (W)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/RanumBot.AI
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Trojan.GenericKD.37533989
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan.Generic.Dwjs
Ad-Aware	Trojan.GenericKD.37533989
Emsisoft	Trojan.GenericKD.37533989 (B)
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Redcap.rrttl
Antiy-AVL	Trojan/Generic.ASBOL.C687
Gridinsoft	Trojan.Win32.Phonzy.vb
Microsoft	Trojan:Script/Phonzy.C!ml
GData	Trojan.GenericKD.37533989
Cynet	Malicious (score: 100)
McAfee	Artemis!109C2133F17F
MAX	malware (ai score=87)
Malwarebytes	Malware.Heuristic.1003
Ikarus	Trojan.WinGo.Ranumbot
Fortinet	W32/RanumBot.AI!tr
AVG	Win32:Trojan-gen
Panda	Trj/CI.A
MaxSecure	Trojan.Malware.300983.susgen

enumusers0904.exe