Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 8, 2021, 1:27 p.m.	Oct. 8, 2021, 1:29 p.m.

Size	12.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5358e3c10a13dacc3c34d118abf7fac9`
SHA256	`4bc7273fd8a64f28cf0d3fd6bde139e7d53a754fe798478ae48d96840402cce4`
CRC32	`9E5838E4`
ssdeep	`196608:gQeiliL0t03LyR0Qk9MA2S1bbD0fZhYG7i:iILtGLyHZVWbbD03u`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

{u'size_of_data': u'0x0000c400', u'virtual_address': u'0x00c0c000', u'entropy': 7.889953217432576, u'name': u'.rsrc', u'virtual_size': u'0x0000c2c8'}

entropy

7.88995321743

description

A section with a high entropy has been found

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Conjar.2
FireEye	Generic.mg.5358e3c10a13dacc
ALYac	Gen:Heur.Conjar.2
CrowdStrike	win/malicious_confidence_70% (D)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FKNU
APEX	Malicious
BitDefender	Gen:Heur.Conjar.2
Ad-Aware	Gen:Heur.Conjar.2
Sophos	ML/PE-A
McAfee-GW-Edition	BehavesLike.Win32.Generic.rh
Emsisoft	Gen:Heur.Conjar.2 (B)
SentinelOne	Static AI - Malicious PE
Avira	HEUR/AGEN.1119113
MAX	malware (ai score=84)
Microsoft	VirTool:Win32/Pucrpt.A!MTB
GData	Gen:Heur.Conjar.2
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.R442079
VBA32	BScope.Trojan.Wacatac
Fortinet	W32/GenKryptik.FKJF!tr
BitDefenderTheta	Gen:NN.ZexaF.34170.@p0@aubcFlp
Cybereason	malicious.10a13d

CLoader.exe