Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 13, 2021, 7:42 p.m.	Oct. 13, 2021, 7:49 p.m.

Size	5.9MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`3ce561ff43324e120f554a04926948e2`
SHA256	`4de168b8d8439e1a1d77804f935b96e8f410b935c706ab17460ba3c7a6c74e81`
CRC32	`7A910E76`
ssdeep	`98304:Z3Hn3FrhvFlTPTHRcqm/RWbUFl+tSPOg0Ryq7R9YBZn5V562ka:ZHR5PnR2/ItT1wq4n5V3n`
Yara	IsPE64 - (no description) VMProtect_Zero - VMProtect packed file PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
23.40.44.112	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 13, 2021, 7:42 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 13, 2021, 7:42 p.m.	stacktrace: exception.instruction_r: 90 68 b3 40 ea 22 e8 30 2b 05 00 68 e6 c1 db b1 exception.instruction: nop exception.module: install.exe exception.exception_code: 0x80000004 exception.offset: 10081339 exception.address: 0x14099d43b registers.r14: 0 registers.r15: 0 registers.rcx: 3735929054 registers.rsi: 0 registers.r10: 3378633150 registers.rbx: 0 registers.rsp: 4390992 registers.r11: 84 registers.r8: 655420 registers.r9: 43840 registers.rdx: 367 registers.r12: 0 registers.rbp: 4390704 registers.rdi: 0 registers.rax: 322448107 registers.r13: 0	1	0	0

section

{u'size_of_data': u'0x005f1a00', u'virtual_address': u'0x00504000', u'entropy': 7.920107120122455, u'name': u'.vmp1', u'virtual_size': u'0x005f1850'}

entropy

7.92010712012

description

A section with a high entropy has been found

entropy

0.999671511867

description

Overall entropy of this PE file is high

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

host

23.40.44.112

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Bulz.475950
McAfee	Artemis!3CE561FF4332
Sangfor	Trojan.Win32.Save.a
Symantec	Trojan.Gen.MBT
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Downloader.MSIL.Balamid.aax
BitDefender	Gen:Variant.Bulz.475950
Avast	Win64:Malware-gen
Ad-Aware	Gen:Variant.Bulz.475950
Sophos	Generic ML PUA (PUA)
McAfee-GW-Edition	BehavesLike.Win64.Generic.tc
FireEye	Generic.mg.3ce561ff43324e12
Emsisoft	Gen:Variant.Bulz.475950 (B)
eGambit	Unsafe.AI_Score_98%
Avira	TR/Dldr.Balamid.kxxng
MAX	malware (ai score=86)
Microsoft	Trojan:Win32/Tnega!ml
GData	Gen:Variant.Bulz.475950
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Agent.C4668442
Malwarebytes	Malware.AI.3978763394
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/PossibleThreat
AVG	Win64:Malware-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_70% (W)

install.exe