Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 12, 2021, 2:46 p.m.	Sept. 12, 2021, 2:49 p.m.

Size	789.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`59b759497a138c44698bdbfeaa855e46`
SHA256	`cc03cd3db24427db4274995198377ae945966c27bd5b74bc52e4547481b93553`
CRC32	`481A4DD3`
ssdeep	`12288:sXrSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9DJtXtj:sXWsJ39LyjbJkQFMhmC+6GD9XXV`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

studio.exe "C:\Users\test22\AppData\Local\Temp\studio.exe"
2500

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
39.107.225.220	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 12, 2021, 2:46 p.m.		1	1	0

The executable uses a known packer (1 event)

packer

Armadillo v1.71

Creates a service (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateServiceA Sept. 12, 2021, 2:46 p.m.	service_start_name: start_type: 2 password: display_name: System Remote Data Simulation Layer filepath: C:\Windows\svchost.exe service_name: SRDSL filepath_r: C:\Windows\svchost.exe desired_access: 983551 service_handle: 0x004cf448 error_control: 0 service_type: 272 service_manager_handle: 0x004d1d70	1	5043272	0

Communicates with host for which no DNS query was performed (1 event)

host

39.107.225.220

Installs itself for autorun at Windows startup (1 event)

service_name

SRDSL

service_path

C:\Windows\svchost.exe

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 events)

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.318697
CAT-QuickHeal	Trojan.Mauvaise.SL1
ALYac	Gen:Variant.Zusy.318697
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004b78a51 )
Alibaba	Trojan:Win32/Farfli.8473d5ee
K7GW	Trojan ( 004b78a51 )
Cybereason	malicious.97a138
Cyren	W32/Farfli.OIMS-2324
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Farfli.BLH
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Malware.Delf-6899401-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Zusy.318697
NANO-Antivirus	Trojan.Win32.AD.erhebd
Avast	Other:Malware-gen [Trj]
Tencent	Malware.Win32.Gencirc.10b0cd6d
Ad-Aware	Gen:Variant.Zusy.318697
Sophos	ML/PE-A + Mal/Behav-225
DrWeb	Trojan.Siggen7.25806
VIPRE	Trojan.Win32.Redosdru.C (v)
TrendMicro	BKDR_ZEGOST.SM37
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.bh
FireEye	Generic.mg.59b759497a138c44
Emsisoft	Trojan.Farfli (A)
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Generic.beksk
Avira	TR/Crypt.ZPACK.Gen
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Generic.ASMalwS.2153630
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Agent.vb!s1
Microsoft	Trojan:Win32/Farfli.MES!MTB
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Zusy.318697
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.RL_Generic.R371173
McAfee	GenericRXFT-ZL!59B759497A13
VBA32	BScope.TrojanPSW.Cimuz.B
Malwarebytes	Lamer.Virus.FileInfector.DDS
Zoner	Trojan.Win32.86085
TrendMicro-HouseCall	BKDR_ZEGOST.SM37
Rising	Backdoor.Agent!1.BA39 (CLASSIC)
Yandex	Trojan.GenAsa!xb8WV9Ep0Go

studio.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All