Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 20, 2022, 5:30 p.m.	May 20, 2022, 5:36 p.m.

Size	273.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7212de5b3965d87dc138a6741329d6f4`
SHA256	`1bebac82bd6764612962f1a3daed34a11df24d659cda7fc8ceabcaa3a18e5cf9`
CRC32	`561CC1B2`
ssdeep	`3072:ugNmip8/ytvmnUG2gq1kix9xYRp8pJGnXzCmbonosxkgaBChUpZa9uD6Vdyhk:uEmigevmnUG2gB9Rp8XGnInViga3wVf`
PDB Path	C:\jajijawodatewe11\nipo7\sukasoyi\fedaram\digider.pdb
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\jajijawodatewe11\nipo7\sukasoyi\fedaram\digider.pdb

section	.himaxom
section	.howav

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 20, 2022, 5:30 p.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c0e000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory May 20, 2022, 5:30 p.m.	process_identifier: 2776 region_size: 110592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0001fc00', u'virtual_address': u'0x00001000', u'entropy': 7.448913931162782, u'name': u'.text', u'virtual_size': u'0x0001faea'}

entropy

7.44891393116

description

A section with a high entropy has been found

entropy

0.466911764706

description

Overall entropy of this PE file is high

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Jaik.74958
FireEye	Generic.mg.7212de5b3965d87d
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005923e21 )
BitDefender	Gen:Variant.Jaik.74958
K7GW	Trojan ( 005923e21 )
Cybereason	malicious.014e79
Arcabit	Trojan.Jaik.D124CE
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
Ad-Aware	Gen:Variant.Jaik.74958
Emsisoft	Gen:Variant.Jaik.74958 (B)
McAfee-GW-Edition	BehavesLike.Win32.Flyagent.dm
SentinelOne	Static AI - Malicious PE
Sophos	ML/PE-A
APEX	Malicious
MAX	malware (ai score=86)
Microsoft	Ransom:Win32/StopCrypt!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Jaik.74958
Cynet	Malicious (score: 100)
Acronis	suspicious
VBA32	Malware-Cryptor.InstallCore.6
ALYac	Gen:Variant.Jaik.74958
Malwarebytes	Trojan.MalPack.GS
Rising	Trojan.Generic@AI.100 (RDML:Kq/OvDSYjlXGSdI63FYfQQ)
Ikarus	Trojan.Crypter
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.ERHN!tr
AVG	PWSX-gen [Trj]
Avast	PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)

winlog.exe