Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 11, 2021, 12:31 p.m.	Nov. 11, 2021, 12:44 p.m.

Size	288.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`118d52ed431c7aaaab60fc9ba28cdb37`
SHA256	`ee01efe5bc64a5e50dc0c495edea7d102d8f851bbe4f37f3ed91279c2e1fd2a5`
CRC32	`52198866`
ssdeep	`3072:BMVyYf0kx9NBk5TuinCK2shZkWMbfVzwDqOecJqQpBjj3ffDeoFb+CXopSmjoeON:BoPBkR3C5WMbfpLccGB/3nKoFXaKzp2`
PDB Path	C:\zan\gas_yareli.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\zan\gas_yareli.pdb

section

.dos

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 11, 2021, 12:31 p.m.	process_identifier: 2304 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f6e000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Nov. 11, 2021, 12:31 p.m.	process_identifier: 2304 region_size: 110592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00320000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0002f600', u'virtual_address': u'0x00001000', u'entropy': 7.03077352761878, u'name': u'.text', u'virtual_size': u'0x0002f51a'}

entropy

7.03077352762

description

A section with a high entropy has been found

entropy

0.659130434783

description

Overall entropy of this PE file is high

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Strab.4!c
Elastic	malicious (high confidence)
McAfee	Packed-GDT!118D52ED431C
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Riskware ( 00584baa1 )
K7AntiVirus	Riskware ( 00584baa1 )
Baidu	Win32.Trojan.Kryptik.jm
Cyren	W32/Kryptik.FSC.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HNGB
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Strab.pef
Avast	FileRepMalware
DrWeb	Trojan.Siggen15.37668
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.dm
FireEye	Generic.mg.118d52ed431c7aaa
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
GData	Win32.Trojan-Stealer.LokiBot.XLQLH9
eGambit	Unsafe.AI_Score_80%
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Azorult.FW!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Infostealer/Win.SmokeLoader.C4764004
Acronis	suspicious
VBA32	BScope.Trojan.Crypt
Malwarebytes	Trojan.MalPack.GS
TrendMicro-HouseCall	TROJ_GEN.R002H07K921
Ikarus	Trojan.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.FSC!tr
Webroot	W32.Strab.pef
AVG	FileRepMalware

vbc.exe