Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 21, 2021, 6:06 p.m.	Oct. 21, 2021, 6:06 p.m.

Size	256.9KB
Type	MS-DOS executable, MZ for MS-DOS
MD5	`fcb53acd5fd1637a2ac1bc69f396e92c`
SHA256	`cc7045d9fe77c4aa4cb646d01fb4700008a34f58f49358d0b0b0997d21016aab`
CRC32	`B592D7CB`
ssdeep	`3072:eb/VDsMK5SdPlKCXbkB9Kv1y5Gun6XKwRDcXEX55d2wNQ+XnwEf4bvuQ5OjrDGZt:WCoMRt6XKUSRACdOj57jY5jM9H8eGN`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) IsDLL - (no description) UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00002800', u'virtual_address': u'0x00042000', u'entropy': 6.811109602860974, u'name': u'.reloc', u'virtual_size': u'0x000027e4'}

entropy

6.81110960286

description

A section with a high entropy has been found

File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 events)

Lionic	Trojan.Win32.Androm.m!c
McAfee	RDN/Gozi
Sangfor	Backdoor.Win32.Androm.ky
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Androm.85959a53
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/GenKryptik.FMIM
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Androm.uulr
BitDefender	Trojan.GenericKD.37835376
MicroWorld-eScan	Trojan.GenericKD.37835376
Avast	FileRepMetagen [Malware]
Ad-Aware	Trojan.GenericKD.37835376
Sophos	Mal/Generic-S
DrWeb	Trojan.Gozi.839
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.fcb53acd5fd1637a
Ikarus	Win32.Outbreak
GData	Win32.Trojan-Spy.Ursnif.HK9QW5
Webroot	W32.Trojan.Ursnif
MAX	malware (ai score=89)
Kingsoft	Win32.Hack.Androm.uu.(kcloud)
Microsoft	Trojan:Win32/Woreflint.A!cl
ALYac	Spyware.Ursnif
Cylance	Unsafe
TrendMicro-HouseCall	TROJ_FRS.VSNW14J21
Fortinet	PossibleThreat.MU
AVG	FileRepMetagen [Malware]

status.png

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All