Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 10, 2022, 3:02 p.m.	Dec. 10, 2022, 3:06 p.m.

Size	9.9MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`7a5155b804e592d83f8319cbdb27e164`
SHA256	`5eb7b2fd13264f066b10946539eff6be750647de246cf791e57ca4c17b0b9c31`
CRC32	`9E3641D4`
ssdeep	`196608:Y6khIBSOhjcHmRfm+kXHqxafG8Sc+5jECye/4MqG2naCGI/:Y6khXw8yf9kXEaOG+4Cf4MqG2najI`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (14 events)

section	87*qGv;7
section	^NsFAbb[
section	4.ps1S["
section	l^D/X#s1
section	aAyXB94]
section	n9Mms2uS
section	7u=]29J1
section	*<5LK<h`
section	Ug$Va';z
section	dA:<*dF(
section	r,Ht]nHV
section	m$m2M1,9
section	o?%]P5Wl
section	lNMkoK?T

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x009ed800', u'virtual_address': u'0x00768000', u'entropy': 7.968862550664511, u'name': u'm$m2M1,9', u'virtual_size': u'0x009ed72c'}

entropy

7.96886255066

description

A section with a high entropy has been found

entropy

0.999066384944

description

Overall entropy of this PE file is high

File has been identified by 31 AntiVirus engines on VirusTotal as malicious (31 events)

Lionic	Trojan.Win32.Generic.4!c
AVG	Win64:Evo-gen [Trj]
MicroWorld-eScan	Trojan.GenericKD.64131479
Malwarebytes	Trojan.Crypt
Sangfor	Trojan.Win32.Agent.V1rl
Cybereason	malicious.377b90
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
APEX	Malicious
BitDefender	Trojan.GenericKD.64131479
Cynet	Malicious (score: 100)
Avast	Win64:Evo-gen [Trj]
Ad-Aware	Trojan.GenericKD.64131479
Emsisoft	Trojan.GenericKD.64131479 (B)
McAfee-GW-Edition	BehavesLike.Win64.Generic.tc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.7a5155b804e592d8
Ikarus	MSIL.Malware.Coinminer
GData	MSIL.Malware.Coinminer.XPLRXX
Webroot	W32.Malware.Gen
MAX	malware (ai score=83)
Gridinsoft	Spy.Win64.Gozi.bot
Arcabit	Trojan.Generic.D3D29197
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
Acronis	suspicious
McAfee	Artemis!7A5155B804E5
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat.PALLAS.M
CrowdStrike	win/malicious_confidence_70% (W)

Emit64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All