Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 30, 2021, 9:32 a.m.	Sept. 30, 2021, 9:38 a.m.

Size	116.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2fb19e7e14e4adb6c338dbe3f8a91f13`
SHA256	`6e34dcb9961e3e77b611d86dfd67c5c692e273d9a2d7ff619f9b2004dd918389`
CRC32	`74D782F1`
ssdeep	`1536:iKbMbYibslYbllZ+VFzT8G70qfU/5tqGZh9V/fNpM9n:1MDwYbzZUFEFjZhPFpM9n`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 30, 2021, 9:32 a.m.		1	1	0

resource name

CUSTOM

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 30, 2021, 9:32 a.m.	process_identifier: 1960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f92000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory Sept. 30, 2021, 9:32 a.m.	process_identifier: 1960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74013000 process_handle: 0xffffffff	1	0	0

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_TRADITIONAL

offset

0x0001b260

size

0x000002ec

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 30, 2021, 9:32 a.m.	process_identifier: 1960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003f0000 process_handle: 0xffffffff	1	0	0

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Razy.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.941556
FireEye	Generic.mg.2fb19e7e14e4adb6
ALYac	Trojan.Kryptik.gen
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/VBObfuse.c138cb3d
K7GW	Trojan ( 00587f531 )
K7AntiVirus	Trojan ( 00587f531 )
Cyren	W32/VBKrypt.BAN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HMOY
APEX	Malicious
ClamAV	Win.Malware.Razy-9896280-0
Kaspersky	Trojan.Win32.Mucc.rvy
BitDefender	Gen:Variant.Razy.941556
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan.Mucc.Hvth
Ad-Aware	Gen:Variant.Razy.941556
Emsisoft	Trojan.Crypt (A)
TrendMicro	TROJ_FRS.0NA103IO21
McAfee-GW-Edition	BehavesLike.Win32.Rontokbro.ch
Sophos	Mal/Generic-R + Troj/Zbot-PMQ
Ikarus	Trojan.Win32.Crypt
Avira	TR/Crypt.Agent.btoza
Microsoft	Trojan:Win32/VBObfuse.SM!MTB
ZoneAlarm	Trojan.Win32.Mucc.rvy
GData	Gen:Variant.Razy.941556
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/VBKrand.Gen
McAfee	RDN/Generic.com
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Mucc
Malwarebytes	Trojan.MalPack.VB
TrendMicro-HouseCall	TROJ_FRS.0NA103IO21
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Kryptik.HMOY!tr
BitDefenderTheta	Gen:NN.ZevbaCO.34170.hm0@aWyAZeaj
AVG	Win32:Trojan-gen
Cybereason	malicious.e44f7f
Panda	Trj/GdSda.A

vbc.exe