Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 15, 2021, 2:27 p.m.	Nov. 15, 2021, 3:02 p.m.

Size	570.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ae43eeced75fa3cb00434d1c43a821fd`
SHA256	`b74bf179ccedb1a9e8f219636c903d90ec03d923460449cbda8d037d6cd97699`
CRC32	`32D1733E`
ssdeep	`12288:FUk0pIqeNiyNpAUvhN3Utfh9uSR5LO/KXJReNtiZlh79:FypIqKvX/0J7Rw/pNti3`
PDB Path	C:\vacuj93 wimamexac.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\vacuj93 wimamexac.pdb

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Nov. 15, 2021, 2:27 p.m.	process_identifier: 2760 region_size: 393216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Nov. 15, 2021, 2:27 p.m.	process_identifier: 2760 region_size: 438272 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00500000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0006d600', u'virtual_address': u'0x00001000', u'entropy': 7.96135097467934, u'name': u'.text', u'virtual_size': u'0x0006d5e0'}

entropy

7.96135097468

description

A section with a high entropy has been found

entropy

0.768892794376

description

Overall entropy of this PE file is high

Elastic	malicious (high confidence)
FireEye	Generic.mg.ae43eeced75fa3cb
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Hacktool ( 700007861 )
Cyren	W32/Kryptik.FOQ.gen!Eldorado
Symantec	Packed.Generic.528
APEX	Malicious
ClamAV	Win.Packed.Fragtor-9908420-0
Kaspersky	VHO:Trojan.Win32.Convagent.gen
McAfee-GW-Edition	BehavesLike.Win32.Emotet.hc
Sophos	ML/PE-A
Ikarus	Trojan-Ransom.StopCrypt
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Lockbit-FSWW!AE43EECED75F
VBA32	Malware-Cryptor.2LA.gen
Malwarebytes	Trojan.MalPack.GS
Rising	Trojan.Generic@ML.96 (RDML:4HAF/l3I3q+20zUQ8qK3Zg)
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Kryptik.FOQ!tr
BitDefenderTheta	Gen:NN.ZexaF.34266.Jq0@a8Cv3ChO
Cybereason	malicious.d6e32b
MaxSecure	Trojan.Malware.300983.susgen

index.php