Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 19, 2021, 9:21 a.m.	Oct. 19, 2021, 9:48 a.m.

Size	30.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`003e691923293c72dca0b670e9ff9390`
SHA256	`a8e4f8648ff3dbfcf882b39d32033d3ca1f6fdaef9694107aba80f36a0480e36`
CRC32	`D7DE161B`
ssdeep	`768:aOsIP7IRNWUlaMijihcIGfTAy95w5HUWCvgnvh5gG:axYfMmiokyI5HUWAS`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

host.exe "C:\Users\test22\AppData\Local\Temp\host.exe"
2020

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00007600', u'virtual_address': u'0x00001000', u'entropy': 7.811490017257314, u'name': u'.text', u'virtual_size': u'0x0000749a'}

entropy

7.81149001726

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

Detects Avast Antivirus through the presence of a library (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle Oct. 19, 2021, 9:21 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle Oct. 19, 2021, 9:21 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.537868
FireEye	Generic.mg.003e691923293c72
McAfee	GenericRXPY-AN!003E69192329
Cylance	Unsafe
Zillya	Trojan.Generic.Win32.1529751
Sangfor	Trojan.Win32.Generic.ky
K7AntiVirus	Trojan ( 00536d121 )
Alibaba	Trojan:Win32/Smokeloader.65170a97
K7GW	Trojan ( 00536d121 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	AI:Packer.39D7B5851E
Cyren	W32/Trojan.BDBE-5229
ESET-NOD32	a variant of Win32/Smokeloader.J
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Razy.537868
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Generic.Bec
Ad-Aware	Gen:Variant.Razy.537868
TACHYON	Trojan/W32.Agent.30720.ZZ
Sophos	Mal/Generic-R + Mal/Behav-204
VIPRE	Trojan.Win32.Winwebsec.m (v)
TrendMicro	TROJ_GEN.R067C0RIG21
McAfee-GW-Edition	BehavesLike.Win32.VirRansom.nc
Emsisoft	Gen:Variant.Razy.537868 (B)
Ikarus	Trojan.Win32.SmokeLoader
Jiangmin	Trojan.Generic.hahai
eGambit	Unsafe.AI_Score_100%
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.34745ED
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
Gridinsoft	Ransom.Win32.AI.sa
Microsoft	Trojan:Win32/Tiggre!rfn
GData	Gen:Variant.Razy.537868
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Smokeldr.C3129113
Acronis	suspicious
VBA32	BScope.TrojanPSW.Spy
ALYac	Gen:Variant.Razy.537868
MAX	malware (ai score=88)
Malwarebytes	Trojan.SmokeLoader
TrendMicro-HouseCall	TROJ_GEN.R067C0RIG21
Rising	Trojan.Generic@ML.100 (RDMK:8zTs8HBheyPIiHEJcxUHDg)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Smokeloader.J!tr

host.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All