Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 21, 2021, 6:17 p.m.	Oct. 21, 2021, 6:24 p.m.

Size	328.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`05d6732ff73403961d2b131ac1237393`
SHA256	`d3a9a3edb7bf2c1c0bee319acb384b4ea0d27a72c09ee0781996ecc4b6637fef`
CRC32	`93FC73BB`
ssdeep	`6144:nTo3T9zMROMLxpMqCaqSb/d0SqX7tNfVXVHQLIiu8c:nTk9zMROMLxzN70SwZGEX8c`
PDB Path	C:\xiyacoyoxixa\jip17_lup\j.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\xiyacoyoxixa\jip17_lup\j.pdb

section

.pozugam

resource name

AFX_DIALOG_LAYOUT

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 21, 2021, 6:17 p.m.	process_identifier: 2284 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02fc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Oct. 21, 2021, 6:17 p.m.	process_identifier: 2284 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02fe0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0002d200', u'virtual_address': u'0x00001000', u'entropy': 7.828509682297772, u'name': u'.text', u'virtual_size': u'0x0002d100'}

entropy

7.8285096823

description

A section with a high entropy has been found

entropy

0.551987767584

description

Overall entropy of this PE file is high

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Fragtor.33136
FireEye	Generic.mg.05d6732ff7340396
McAfee	Packed-GDV!05D6732FF734
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056d16b1 )
K7GW	Trojan ( 0056d16b1 )
Cybereason	malicious.a9600b
BitDefenderTheta	Gen:NN.ZexaF.34218.uu1@aGkvZGjG
Cyren	W32/Kryptik.FOE.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Generic-9903366-0
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Fragtor.33136
Ad-Aware	Gen:Variant.Fragtor.33136
Emsisoft	Gen:Variant.Fragtor.33136 (B)
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Sophos	ML/PE-A + Troj/Krypt-BO
eGambit	Unsafe.AI_Score_96%
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Fragtor.33136
Cynet	Malicious (score: 100)
AhnLab-V3	Packed/Win.GDV.R446483
Acronis	suspicious
ALYac	Gen:Variant.Fragtor.33136
MAX	malware (ai score=84)
Malwarebytes	Trojan.MalPack.GS
Rising	Trojan.Kryptik!1.DA21 (CLASSIC)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
CrowdStrike	win/malicious_confidence_100% (D)

vbc.exe