Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 7, 2022, 3:45 p.m.	Dec. 7, 2022, 3:51 p.m.

Size	3.5MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`d925de50dd98dbed8ec6b93c98e6900c`
SHA256	`ed9ef547b26d9501c67479d225d44a8fe29ab122c22426b3d9620b6eef8b6dbd`
CRC32	`F5BD6BA3`
ssdeep	`49152:RX0G4RfTILqEiFGOb97BEDKrOeZ3PhwyzzwKYRsmIVBYGfzJgqKqS8mNHkGV69nk:RX0PfbFfb4DcO0YBIVBbJg99RSMo`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) VMProtect_Zero - VMProtect packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ Dec. 7, 2022, 3:45 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 15 registers.r15: 7 registers.rcx: 260 registers.rsi: 5369934752 registers.r10: 3221225785 registers.rbx: 1244208 registers.rsp: 1244168 registers.r11: 514 registers.r8: 1993539584 registers.r9: 958 registers.rdx: 1244304 registers.r12: 0 registers.rbp: 1244432 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0

section

{u'size_of_data': u'0x0037dc00', u'virtual_address': u'0x0029e000', u'entropy': 7.797564167996013, u'name': u'.vmp1', u'virtual_size': u'0x0037db7c'}

entropy

7.797564168

description

A section with a high entropy has been found

entropy

0.999860159418

description

Overall entropy of this PE file is high

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.d925de50dd98dbed
Cylance	Unsafe
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Packed.VMProtect.L suspicious
APEX	Malicious
Kaspersky	VHO:Trojan.Win32.Fabookie.gen
Avast	FileRepMalware [Misc]
McAfee-GW-Edition	BehavesLike.Win64.CoinMiner.wc
Trapmine	suspicious.low.ml.score
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Suspicious PE
Avira	HEUR/AGEN.1210601
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R534938
Acronis	suspicious
Malwarebytes	Malware.AI.1085876530
Rising	Trojan.Fabookie!8.11C3D (TFE:5:mWGo1POf65L)
Ikarus	Trojan.Win64.Agent
MaxSecure	Trojan.Malware.300983.susgen
AVG	FileRepMalware [Misc]

pb1109.exe