Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 7, 2021, 9:42 a.m.	Nov. 7, 2021, 9:46 a.m.

Size	2.1MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`6c1bf5fd5e33a68d980525c71cacf1d8`
SHA256	`cdcb49e671a1fc4d502a52055b1af6c7addf6471b609fc0b827ba16c1fb4689b`
CRC32	`EFAB7FC7`
ssdeep	`49152:LIzdwHzLFa+ha58m3bHo1YxUQgOwCLutDsYVJZ:0z23Fi51Lg/CLutLVH`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware

j.exe "C:\Users\test22\AppData\Local\Temp\j.exe"
2768

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

A process attempted to delay the analysis task. (1 event)

description

j.exe tried to sleep 325 seconds, actually delayed analysis time by 0 seconds

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00220000', u'virtual_address': u'0x00003000', u'entropy': 7.999915819205372, u'name': u'.rdata', u'virtual_size': u'0x0021ff6e'}

entropy

7.99991581921

description

A section with a high entropy has been found

entropy

0.996793403573

description

Overall entropy of this PE file is high

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Lionic	Trojan.Win32.Inject.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.78844
FireEye	Generic.mg.6c1bf5fd5e33a68d
ALYac	Trojan.GenericKDZ.78844
Cylance	Unsafe
Sangfor	Trojan.Win32.Inject.gen
K7AntiVirus	Trojan ( 00588d001 )
Alibaba	Trojan:Win64/Generic.f4f2606a
K7GW	Trojan ( 00588d001 )
Cybereason	malicious.39ebdc
Cyren	W64/Agent.DMU.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/Agent.AVO
TrendMicro-HouseCall	TROJ_GEN.R002H0CK521
Paloalto	generic.ml
Kaspersky	Trojan.Win64.Inject.iz
BitDefender	Trojan.GenericKDZ.78844
Avast	FileRepMalware
Tencent	Win32.Trojan.Generic.Woqd
Ad-Aware	Trojan.GenericKDZ.78844
Emsisoft	Trojan.GenericKDZ.78844 (B)
McAfee-GW-Edition	BehavesLike.Win64.Fujacks.vc
Sophos	Mal/Generic-S
Jiangmin	Trojan.Donut.je
eGambit	Unsafe.AI_Score_97%
MAX	malware (ai score=81)
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Ransom.Win64.Sabsik.sa
Microsoft	Trojan:Script/Phonzy.C!ml
GData	Trojan.GenericKDZ.78844
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R444976
McAfee	Artemis!6C1BF5FD5E33
Malwarebytes	Trojan.Agent
Ikarus	Win32.Outbreak
Fortinet	W64/Agent.AVO!tr
AVG	FileRepMalware
CrowdStrike	win/malicious_confidence_80% (W)

j.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All