Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 7, 2021, 12:20 p.m.	Oct. 7, 2021, 12:22 p.m.

Size	811.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c050088cde2c6e479d294c4eda274c78`
SHA256	`662eecce48bec8dc6ebb8dc123713a3dfb97dc2514ddb3396d88cf855267f2bb`
CRC32	`ED30373D`
ssdeep	`12288:LJNzf5G/0os4Hn6hgF8VCJ3fj9Ffin4uq8Sk:vhfos4Hn8dVU3fxFfin4t8Sk`
Yara	PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.itext

packer

BobSoft Mini Delphi -> BoB / BobSoft

resource name

KONRA

Lionic	Trojan.Win32.Scarsi.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.402780
McAfee	Artemis!C050088CDE2C
Cylance	Unsafe
Sangfor	Virus.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Cyren	W32/Rescoms.N.gen!Eldorado
Symantec	Packed.Generic.516
ESET-NOD32	a variant of Win32/Injector.EQFQ
APEX	Malicious
ClamAV	Win.Trojan.Remcos-9897068-0
Kaspersky	UDS:Trojan.Win32.Scarsi.gen
BitDefender	Gen:Variant.Zusy.402780
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Gen:Variant.Zusy.402780
Emsisoft	Gen:Variant.Zusy.402780 (B)
F-Secure	Heuristic.HEUR/AGEN.1104239
McAfee-GW-Edition	BehavesLike.Win32.BadFile.ch
FireEye	Gen:Variant.Zusy.402780
Sophos	ML/PE-A
Ikarus	Win32.Outbreak
GData	Gen:Variant.Zusy.402780
Avira	HEUR/AGEN.1104239
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Woreflint.A!cl
Cynet	Malicious (score: 100)
MAX	malware (ai score=86)
Rising	Trojan.Generic@ML.86 (RDML:rimx9QxDXvHA5srCBmBBqA)
Fortinet	W32/Injector.EOBG!tr
BitDefenderTheta	Gen:NN.ZelphiF.34170.YKW@a0bKWPii
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/RnkBend.A

MTB1056 Proforma.exe