Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 1, 2021, 10:27 a.m.	Nov. 1, 2021, 10:36 a.m.

Size	1.2MB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MS CAB-Installer self-extracting archive
MD5	`497287b2c0270f7502b8797c72b36055`
SHA256	`1a7075ca044dd3be84270c4e3a281e3708e5bd6e3499d6bf664160b73c0bd1a5`
CRC32	`3B44BAC0`
ssdeep	`24576:yq8cMci8rk8yRqMkytzdzs1JSzQ+t9aWtAOBY1tapGgGKm/TmlG:ymMci8rNyUqzciBHtGaHuq`
Yara	Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 1, 2021, 10:27 a.m.			0	0

resource name

AVI

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceW Nov. 1, 2021, 10:27 a.m.	number_of_free_clusters: 2499409 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1	0
GetDiskFreeSpaceW Nov. 1, 2021, 10:27 a.m.	number_of_free_clusters: 2499409 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1	0

section

{u'size_of_data': u'0x00129200', u'virtual_address': u'0x0000c000', u'entropy': 7.975277632923118, u'name': u'.rsrc', u'virtual_size': u'0x00129036'}

entropy

7.97527763292

description

A section with a high entropy has been found

entropy

0.971790678659

description

Overall entropy of this PE file is high

cmdline

at.exe

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

reg_value

rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"

Lionic	Trojan.Multi.Generic.4!c
MicroWorld-eScan	Trojan.GenericKD.47293550
FireEye	Trojan.GenericKD.47293550
McAfee	Artemis!497287B2C027
Cylance	Unsafe
Sangfor	Backdoor.Win32.Agent.myuerz
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Backdoor:Win32/AVEvader.01e5429c
K7GW	Riskware ( 0040eff71 )
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_FRS.VSNTJV21
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Agent.myuerz
BitDefender	Trojan.GenericKD.47293550
Avast	Win32:Malware-gen
Ad-Aware	Trojan.GenericKD.47293550
Emsisoft	Trojan.GenericKD.47293550 (B)
DrWeb	Trojan.MulDrop18.46357
TrendMicro	TROJ_FRS.VSNTJV21
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tc
Sophos	Mal/Generic-S
MAX	malware (ai score=100)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Trojan.GenericKD.47293550
VBA32	Backdoor.Agent
ALYac	Trojan.GenericKD.47293550
eGambit	Unsafe.AI_Score_92%
Fortinet	Malicious_Behavior.SB
AVG	Win32:Malware-gen

174.exe