Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 13, 2022, 5:11 p.m.	Dec. 13, 2022, 5:29 p.m.

Size	6.9MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`d16df5a6a394820b2271898b31703862`
SHA256	`58e674636ca1d0dfac7e39debd343d652df870f7c582561baf68c38f585410d2`
CRC32	`44A7E41C`
ssdeep	`98304:DVyxQbaRbcR1Mp2DdAG7qDA9faD5n7V78G2R4f8zXEULYhkxl:bEbc19fSgX`
Yara	Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file

demo.exe "C:\Users\test22\AppData\Local\Temp\demo.exe"
2056

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 13, 2022, 5:04 p.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Dec. 13, 2022, 5:04 p.m.	stacktrace: demo+0xe11b0 @ 0x2711b0 demo+0xe11c9 @ 0x2711c9 demo+0x118a19 @ 0x2a8a19 demo+0x1189b9 @ 0x2a89b9 demo+0x52446 @ 0x1e2446 demo+0x6f790 @ 0x1ff790 demo+0x68035 @ 0x1f8035 demo+0x21b3 @ 0x1921b3 demo+0x4b6f @ 0x194b6f demo+0x35a3 @ 0x1935a3 demo+0x22b6 @ 0x1922b6 demo+0x429c @ 0x19429c demo+0xad1e9 @ 0x23d1e9 demo+0x3a7d @ 0x193a7d demo+0x13b4 @ 0x1913b4 demo+0x14db @ 0x1914db BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: cd 29 0f 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 exception.symbol: demo+0xe11b0 exception.instruction: int 0x29 exception.module: demo.exe exception.exception_code: 0xc0000005 exception.offset: 922032 exception.address: 0x2711b0 registers.r14: 0 registers.r15: 0 registers.rcx: 7 registers.rsi: 0 registers.r10: 3221225495 registers.rbx: 0 registers.rsp: 10615200 registers.r11: 514 registers.r8: 3608440 registers.r9: 21 registers.rdx: 2546632 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2 registers.r13: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x000bc000', u'virtual_address': u'0x0014e000', u'entropy': 7.450478026595749, u'name': u'.rdata', u'virtual_size': u'0x000bbe40'}

entropy

7.4504780266

description

A section with a high entropy has been found

File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 events)

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Trojan.GenericKD.64182173
Cylance	Unsafe
Sangfor	Trojan.Win64.Agent.Vnc4
K7AntiVirus	Trojan ( 0059c45e1 )
K7GW	Trojan ( 0059c45e1 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W64/ABRisk.FKTJ-4329
Symantec	ML.Attribute.HighConfidence
Cynet	Malicious (score: 100)
Avast	Win64:MalwareX-gen [Trj]
Tencent	Win32.Trojan.Agen.Ywhl
Ad-Aware	Trojan.GenericKD.64182173
Emsisoft	Trojan.GenericKD.64182173 (B)
F-Secure	Heuristic.HEUR/AGEN.1248767
VIPRE	Trojan.GenericKD.64182173
Sophos	Mal/Generic-S
Webroot	W32.Trojan.GenKD
Avira	HEUR/AGEN.1248767
Antiy-AVL	Trojan/Win32.Wacatac
Gridinsoft	Ransom.Win64.Wacatac.sa
Arcabit	Trojan.Generic.D3D3579D
Google	Detected
Ikarus	Trojan.Win64.Agent
Fortinet	W64/Agent.BVJ!tr
AVG	Win64:MalwareX-gen [Trj]
Panda	Trj/Chgt.AA

demo.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All