Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 8, 2022, 10:31 a.m.	Dec. 8, 2022, 10:46 a.m.

Size	382.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4be31e244804fd6d2e0a8ba49447352a`
SHA256	`889744bd9c2ef0b7099a43912e3159dc0071d04e903039c768953b11b48bf6bc`
CRC32	`6B628F63`
ssdeep	`6144:G3CMLVAC4K/Mn0gVpjEEQoef9WcoBlC/1aVe:GDhAC4KknxzDcWC/13`
PDB Path	C:\domujehodomi.pdb
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
142.251.42.164	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\domujehodomi.pdb

section

.wayil

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Dec. 8, 2022, 10:31 a.m.	process_identifier: 872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 90112 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005ca000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Dec. 8, 2022, 10:31 a.m.	process_identifier: 872 region_size: 110592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

host

142.251.42.164

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Androm.4!c
MicroWorld-eScan	Trojan.GenericKD.64082753
FireEye	Generic.mg.4be31e244804fd6d
Cylance	Unsafe
VIPRE	Gen:Variant.Jaik.107582
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00516fdf1 )
K7GW	Trojan ( 00516fdf1 )
Arcabit	Trojan.Jaik.D1A43E
Cyren	W32/Lockbit.H.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HRWD
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packer.pkr_ce1a-9980177-0
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
BitDefender	Trojan.GenericKD.64082753
Avast	Win32:Evo-gen [Trj]
Tencent	Win32.Backdoor.Androm.Majl
Ad-Aware	Trojan.GenericKD.64082753
DrWeb	Trojan.PWS.Stealer.23680
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.fm
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S + Troj/Krypt-SY
Webroot	W32.Trojan.Gen
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Ransom.Win32.AzorUlt.sa
Microsoft	Trojan:Win32/SmokeLoader.GBH!MTB
GData	Trojan.GenericKD.64082753
Google	Detected
AhnLab-V3	Malware/Win.Generic.R538656
Acronis	suspicious
McAfee	RDN/Generic PWS.y
MAX	malware (ai score=89)
VBA32	Malware-Cryptor.2LA.gen
Malwarebytes	Delphi.Trojan.Downloader.DDS
TrendMicro-HouseCall	TROJ_GEN.R002H07L722
Rising	Trojan.Generic@AI.100 (RDML:Je5X/zM17zOZ6dCgJjtm7A)
Ikarus	Trojan.Win32.Azorult
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Evo-gen [Trj]

.win32.exe