Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 27, 2021, 8:01 a.m.	Oct. 27, 2021, 8:03 a.m.

Size	464.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9e37ecd7b3a3cc19e3fb569a8f79f2c0`
SHA256	`290cb899ef25b56068497a4af04f625cc1e38f5a3b53ba335af3670f6bcad377`
CRC32	`D5605D0C`
ssdeep	`6144:fTWvGdEw/Jj9ZSBdhIxDMFmSRlBHrTvDU6Wdmv5ZfPb8HP8dOtHAaJ9OE5ynVP:uUEQ5OKxQFmSZLiwv5ZfPykAxh9R5S`
PDB Path	C:\yax23_casasekaboc-luciwocayimome\z.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\yax23_casasekaboc-luciwocayimome\z.pdb

section

.miveb

resource name

AFX_DIALOG_LAYOUT

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 27, 2021, 8:01 a.m.	process_identifier: 1896 region_size: 319488 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Oct. 27, 2021, 8:01 a.m.	process_identifier: 1896 region_size: 581632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00057400', u'virtual_address': u'0x00001000', u'entropy': 7.963397609121904, u'name': u'.text', u'virtual_size': u'0x00057365'}

entropy

7.96339760912

description

A section with a high entropy has been found

entropy

0.753779697624

description

Overall entropy of this PE file is high

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Fragtor.35416
McAfee	Artemis!9E37ECD7B3A3
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00564bda1 )
K7GW	Trojan ( 00564bda1 )
Cybereason	malicious.cd3005
BitDefenderTheta	Gen:NN.ZexaF.34236.Du0@aKoj1UoG
Cyren	W32/Kryptik.FOQ.gen!Eldorado
Symantec	Packed.Generic.528
ESET-NOD32	a variant of Win32/Kryptik.HNBY
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Exploit.Win32.ShellCode.gen
BitDefender	Gen:Variant.Fragtor.35416
Avast	Win32:MalwareX-gen [Trj]
Rising	Malware.Heuristic!ET#93% (RDMK:cmRtazoPsF0Uz3rMOVN0I4D1eP8w)
Ad-Aware	Gen:Variant.Fragtor.35416
Sophos	Mal/Generic-R + Troj/Krypt-BO
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.gc
FireEye	Generic.mg.9e37ecd7b3a3cc19
Emsisoft	Gen:Variant.Fragtor.35416 (B)
SentinelOne	Static AI - Malicious PE
MAX	malware (ai score=81)
Microsoft	Ransom:Win32/StopCrypt.MOK!MTB
ZoneAlarm	HEUR:Exploit.Win32.ShellCode.gen
GData	Gen:Variant.Fragtor.35416
Cynet	Malicious (score: 100)
Acronis	suspicious
Malwarebytes	Trojan.MalPack.GS
Ikarus	Trojan.Win32.Crypt
eGambit	Unsafe.AI_Score_80%
Fortinet	W32/Kryptik.HNBT!tr
AVG	Win32:MalwareX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)

solex.exe