Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 30, 2022, 6:19 p.m.	Dec. 30, 2022, 6:23 p.m.

Size	3.5MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`682fdceb8132982fe1bc167d349a2e0d`
SHA256	`6648c16ea58b3cbb22617541fe2ac5c88291e5d540e6100e7ed4d53eb4f58e2b`
CRC32	`808C86E2`
ssdeep	`98304:2xVro2DNTq6Qx06T896G7UfS57VifEeh++1TB:2x5xTGx0okUa5pQF1TB`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) VMProtect_Zero - VMProtect packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ Dec. 30, 2022, 6:12 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 1244320 registers.r15: 0 registers.rcx: 260 registers.rsi: 1244288 registers.r10: 3221225785 registers.rbx: 1243984 registers.rsp: 1243848 registers.r11: 514 registers.r8: 1993539584 registers.r9: 958 registers.rdx: 1244320 registers.r12: 15 registers.rbp: 1244112 registers.rdi: 0 registers.rax: 0 registers.r13: 4096	1	0	0

section

{u'size_of_data': u'0x0037f200', u'virtual_address': u'0x002a1000', u'entropy': 7.798502671054573, u'name': u'.vmp1', u'virtual_size': u'0x0037f034'}

entropy

7.79850267105

description

A section with a high entropy has been found

entropy

0.999860374197

description

Overall entropy of this PE file is high

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Cylance	Unsafe
Sangfor	Trojan.Win64.Agent.V6dv
K7AntiVirus	Trojan ( 00581cad1 )
K7GW	Trojan ( 00581cad1 )
Cyren	W64/VMProtect.DM.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Agent.ATS
TrendMicro-HouseCall	TROJ_GEN.R002H0DLR22
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Trojan.GenericKD.64572754
MicroWorld-eScan	Trojan.GenericKD.64572754
Avast	Win64:TrojanX-gen [Trj]
Ad-Aware	Trojan.GenericKD.64572754
Emsisoft	Trojan.GenericKD.64572754 (B)
VIPRE	Trojan.GenericKD.64572754
McAfee-GW-Edition	BehavesLike.Win64.Generic.wc
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.682fdceb8132982f
Sophos	Generic ML PUA (PUA)
APEX	Malicious
GData	Win64.Trojan.Agent.QAX6N9
Avira	TR/Agent.smulg
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Win32.Sabsik
Gridinsoft	Malware.Win64.Sabsik.cc
Arcabit	Trojan.Generic.D3D94D52
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R536217
Acronis	suspicious
McAfee	Artemis!682FDCEB8132
Malwarebytes	Trojan.Injector
Ikarus	Trojan.Win64.Agent
Rising	Trojan.Agent!8.B1E (TFE:5:pPUdxdqQazR)
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W64/VMProtect.EEF8!tr
AVG	Win64:TrojanX-gen [Trj]

pb1111.exe