Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 11, 2021, 6:01 p.m.	Nov. 11, 2021, 6:22 p.m.

Size	1.9MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`805727541f26cabd75099a8a561daf03`
SHA256	`e06da8ca9df1d376c4df7f78733e01cdbdcd660e8c5ce2c575a2afabfed27cc0`
CRC32	`2C104647`
ssdeep	`49152:Br53XXYgPJPMPBqLMJWlZTQzi1cQkFoKqhVKsntS/XX/nM+kXazQ:BrJXXYe0BqYkZTQz7o3fXtSvX/zkKz`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware

from.exe "C:\Users\test22\AppData\Local\Temp\from.exe"
2780

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x001f0e00', u'virtual_address': u'0x00003000', u'entropy': 7.999894227232827, u'name': u'.rdata', u'virtual_size': u'0x001f0d6e'}

entropy

7.99989422723

description

A section with a high entropy has been found

entropy

0.996490348458

description

Overall entropy of this PE file is high

File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.78844
FireEye	Generic.mg.805727541f26cabd
McAfee	GenericRXAA-AA!805727541F26
Cylance	Unsafe
Cyren	W64/Agent.DMU.gen!Eldorado
ESET-NOD32	a variant of Win64/Agent.AVO
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win64.Donut.egb
BitDefender	Trojan.GenericKDZ.78844
Tencent	Malware.Win32.Gencirc.10cf73a4
Ad-Aware	Trojan.GenericKDZ.78844
Emsisoft	Trojan.Agent (A)
DrWeb	Trojan.InjectNET.14
Jiangmin	Trojan.Donut.jq
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASMalwS.34C0FDD
Gridinsoft	Trojan.Win64.Agent.oa!s1
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Trojan.GenericKDZ.78844
AhnLab-V3	Trojan/Win.Generic.R444976
ALYac	Trojan.GenericKDZ.78844
Malwarebytes	Trojan.Agent
Yandex	Trojan.Agent!3XEDFjEN9n0
Ikarus	Trojan.Win64.Agent
eGambit	Unsafe.AI_Score_99%
Fortinet	W64/Agent.AVO!tr
Cybereason	malicious.95678b

from.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All