Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 14, 2021, 9:30 a.m.	Oct. 14, 2021, 10:02 a.m.

Size	991.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a65b1815177ef9eba7e5e894bbf65a3c`
SHA256	`298d542746dfa4922dd5fbc8fab572be58447c9dbd1481c55bd2254bb275684f`
CRC32	`6DF4C671`
ssdeep	`12288:GrHeuodar6Dd3m4aS9FCZXhGiX1d0uVrLGaDOdJ4NUTj94rv4lprmi:GDe0W1m4aVNTc9jOij2rqpm`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

packer

BobSoft Mini Delphi -> BoB / BobSoft

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.403453
FireEye	Gen:Variant.Zusy.403453
Cylance	Unsafe
Cyren	W32/Delf.OKAK-1898
ESET-NOD32	Win32/TrojanDownloader.Delf.DIB
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Remcos.tvz
BitDefender	Gen:Variant.Zusy.403453
Avast	FileRepMalware
Ad-Aware	Gen:Variant.Zusy.403453
McAfee-GW-Edition	BehavesLike.Win32.Worm.dh
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Spy
Webroot	W32.Trojan.Gen
Microsoft	Behavior:Win32/CreateFileMimilibDll.A
GData	Gen:Variant.Zusy.403453
McAfee	GenericRXAA-AA!A65B1815177E
MAX	malware (ai score=80)
VBA32	BScope.TrojanSpy.Noon
Malwarebytes	Trojan.MalPack.SMY.Generic
TrendMicro-HouseCall	TROJ_GEN.R002C0WJD21
Rising	Trojan.Generic@ML.100 (RDML:/qRZtUoiYH58wFqRX2Kpiw)
Fortinet	W32/Injector.EQAC!tr
BitDefenderTheta	Gen:NN.ZelphiCO.34214.9GW@aGR2mjei
AVG	FileRepMalware
Panda	Trj/GdSda.A

vbc.exe