Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 12, 2021, 2:46 p.m.	Sept. 12, 2021, 2:51 p.m.

Size	651.5KB
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`4ed1ba2cb9ae7dbc8da5d9c1c0f4e29b`
SHA256	`561fc13bd3133437c5607e8697add803482e33dd9de9814fc86cc8e13a520b5b`
CRC32	`AC961A0C`
ssdeep	`12288:TXHe877LVTRKpJACQvHoZRfj3t7XzL7ei09Q1w+105RTk0yq10dXaQDIuNdyt:i87bKp/Qkz5/j++SRYNqQD/Ndyt`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)

removesmbdeps0903.exe "C:\Users\test22\AppData\Local\Temp\removesmbdeps0903.exe"
2140

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
39.107.225.220	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Sept. 12, 2021, 2:46 p.m.	buffer: file C:\Users\test22\AppData\Local\Temp\csrss\smb\deps.zip does not exist console_handle: 0x00000007	1	1	0

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

section

{u'size_of_data': u'0x000a2a00', u'virtual_address': u'0x0010a000', u'entropy': 7.875279076342094, u'name': u'UPX1', u'virtual_size': u'0x000a3000'}

entropy

7.87527907634

description

A section with a high entropy has been found

entropy

0.999231950845

description

Overall entropy of this PE file is high

host

39.107.225.220

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Sept. 12, 2021, 2:46 p.m.	ordinal: 0 function_address: 0x0018fe3d function_name: wine_get_version module: ntdll module_address: 0x77ae0000		3221225785	0

Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
ALYac	Trojan.GenericKD.37531766
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.37531766
K7GW	Trojan ( 00581d3b1 )
K7AntiVirus	Trojan ( 00581d3b1 )
Arcabit	Trojan.Generic.D23CB076
Cyren	W32/RanumBot.O.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/RanumBot.Y
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win32/RanumBot.6bd50888
NANO-Antivirus	Trojan.Win32.Generic.ivkxyf
ViRobot	Trojan.Win32.Z.Ranumbot.667136
MicroWorld-eScan	Trojan.GenericKD.37531766
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan.Ranumbot.Piaj
Ad-Aware	Trojan.GenericKD.37531766
Sophos	ML/PE-A
Comodo	Malware@#26t3jd55du88g
McAfee-GW-Edition	BehavesLike.Win32.Trickbot.jc
FireEye	Trojan.GenericKD.37531766
Emsisoft	Trojan.GenericKD.37531766 (B)
SentinelOne	Static AI - Malicious PE
Avira	TR/Redcap.tdmrs
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Generic.ASBOL.C687
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Malware.Win32.GenericMC.cc
Microsoft	Trojan:Win32/Mamson.A!ac
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
GData	Trojan.GenericKD.37531766
McAfee	GenericRXAA-FA!4ED1BA2CB9AE
VBA32	Trojan.Mamson
Malwarebytes	Trojan.Crypt
Ikarus	Trojan.WinGo.Ranumbot
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/RanumBot.Y!tr
Webroot	W32.Trojan.Gen
AVG	Win32:Trojan-gen
Panda	Trj/Agent.ALS

removesmbdeps0903.exe