Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 5, 2022, 5 p.m.	Dec. 5, 2022, 5:02 p.m.

Size	6.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8cd1ea50f8f4c45055400e70da52b326`
SHA256	`66552cbe03b205cba08a2524fb93303dec5edf51188758b08d12624db1ee73e1`
CRC32	`9E74960F`
ssdeep	`98304:Zr+dbd33oSpsJu9oR+bY11UhoIwBOqF85EiqrvBb2s4U5OoNkI9xFvPrBtOs6ha:x+BzpWu891ZDBOr+iqrpbTLp/U`
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

f429fjd4uf84u.sdfh "C:\Users\test22\AppData\Local\Temp\f429fjd4uf84u.sdfh"
2064

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

A process attempted to delay the analysis task. (1 event)

description

f429fjd4uf84u.sdfh tried to sleep 120 seconds, actually delayed analysis time by 0 seconds

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x005ba400', u'virtual_address': u'0x00015000', u'entropy': 7.974485991020605, u'name': u'.rdata', u'virtual_size': u'0x005ba2a8'}

entropy

7.97448599102

description

A section with a high entropy has been found

entropy

0.935108418367

description

Overall entropy of this PE file is high

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Lionic	Trojan.Win32.Agent.Y!c
MicroWorld-eScan	Trojan.GenericKD.63926617
FireEye	Generic.mg.8cd1ea50f8f4c450
ALYac	Gen:Variant.Lazy.260895
Malwarebytes	Malware.AI.4256019526
VIPRE	Gen:Variant.Lazy.260895
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0059ba121 )
BitDefender	Trojan.GenericKD.63926617
K7GW	Trojan ( 0059ba121 )
BitDefenderTheta	Gen:NN.ZexaF.36106.@x0@aGbBpmhi
Cyren	W32/ABRisk.QMYD-6255
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Agent.AEWZ
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Agent.gen
Alibaba	Trojan:Win32/Generic.c5a442e2
Cynet	Malicious (score: 99)
Rising	Trojan.Generic@AI.90 (RDML:uGA8/e3H2FlUP9SOAUUilQ)
Ad-Aware	Trojan.GenericKD.63926617
Emsisoft	Trojan.GenericKD.63926617 (B)
Comodo	Malware@#lf2h65387aqp
F-Secure	Heuristic.HEUR/AGEN.1213193
McAfee-GW-Edition	BehavesLike.Win32.Trojan.vc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Agent
Jiangmin	Trojan.Agent.ehea
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1213193
Antiy-AVL	Trojan/Script.Phonzy
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Malgent!MSR
Gridinsoft	Trojan.Win32.Agent.cl
Arcabit	Trojan.Generic.D3CF7159
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
GData	Trojan.GenericKD.63926617
Google	Detected
McAfee	Artemis!8CD1EA50F8F4
MAX	malware (ai score=100)
Cylance	Unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0CKE22
Tencent	Win32.Trojan.Agent.Sgil
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/PossibleThreat
AVG	FileRepMalware
Avast	FileRepMalware

f429fjd4uf84u.sdfh

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All