Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 19, 2022, 11:10 a.m.	May 19, 2022, 11:38 a.m.

Size	541.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`68fcd1ebd9de5ff4645e62008dd04ece`
SHA256	`f710395880f835d08b965db304c00350be5824af2bbe7a55ba6ead607f7ff65d`
CRC32	`7DF7E653`
ssdeep	`12288:H+1vy6Hcr8NbBUYMTULzrljUKrBIADSSpPe1+UdGBd3:H+w68r8XUYMTULtUKrBfSKPe8TP3`
PDB Path	C:\jevus76\zelozejo53.pdb
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
121.254.136.27	Active	Moloch
45.252.249.58	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\jevus76\zelozejo53.pdb

resource name

AFX_DIALOG_LAYOUT

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 19, 2022, 11:10 a.m.	process_identifier: 2324 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 282624 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c3e000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory May 19, 2022, 11:10 a.m.	process_identifier: 2324 region_size: 479232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04440000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00056a00', u'virtual_address': u'0x00001000', u'entropy': 7.872642031036245, u'name': u'.text', u'virtual_size': u'0x000568fa'}

entropy

7.87264203104

description

A section with a high entropy has been found

entropy

0.641073080481

description

Overall entropy of this PE file is high

host	121.254.136.27
host	45.252.249.58

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
McAfee	Artemis!68FCD1EBD9DE
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00564bda1 )
Alibaba	Trojan:Win32/Starter.ali2000005
K7GW	Trojan ( 00564bda1 )
Cybereason	malicious.ce9728
Cyren	W32/Kryptik.GOQ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Kryptik.HPQE
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	PWSX-gen [Trj]
McAfee-GW-Edition	BehavesLike.Win32.Flyagent.hh
FireEye	Generic.mg.68fcd1ebd9de5ff4
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Microsoft	Trojan:Win32/RelineStealer.VK!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.RunPE.C5133270
Acronis	suspicious
VBA32	Malware-Cryptor.InstallCore.6
Malwarebytes	Trojan.MalPack.GS
Rising	Trojan.Kryptik!8.8 (CLOUD)
Ikarus	Trojan.Crypter
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.ERHN!tr
AVG	PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

vbc.exe