Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 22, 2023, 1:44 p.m.	Jan. 22, 2023, 1:58 p.m.

Size	1.3MB
Type	MS-DOS executable, MZ for MS-DOS
MD5	`49c19748e633bbb852b7a759eaf78be3`
SHA256	`4167e30b0c2b021e6df012e74b25601ae28aec44ce70bac4b0c0882a6308c38d`
CRC32	`930C35E0`
ssdeep	`24576:7ARPonaSEVZEx9RvtuNGoowVup9NoYdS9UD1K0bzcGJgmw4iBtweh61PEA8QHnUo:7AReEVZqLzofuMYKtGnw4ihPEHhU4X`
Yara	IsPE32 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques PE_Header_Zero - PE File Signature themida_packer - themida packer Malicious_Library_Zero - Malicious_Library MPRESS_Zero - MPRESS packed file UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.MPRESS1
section	.MPRESS2

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00145800', u'virtual_address': u'0x00001000', u'entropy': 7.97840215375741, u'name': u'.MPRESS1', u'virtual_size': u'0x004c8000'}

entropy

7.97840215376

description

A section with a high entropy has been found

entropy

0.952799121844

description

Overall entropy of this PE file is high

File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 events)

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Agent.lqvp
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Babar.62092
McAfee	Artemis!49C19748E633
Cylance	Unsafe
VIPRE	Gen:Variant.Babar.62092
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Babar.DF28C
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.Themida.IFB
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Babar.62092
Avast	Win32:Trojan-gen
Sophos	Generic ML PUA (PUA)
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.49c19748e633bbb8
Emsisoft	Gen:Variant.Babar.62092 (B)
SentinelOne	Static AI - Suspicious PE
MAX	malware (ai score=81)
Gridinsoft	Ransom.Win32.Wacatac.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Babar.62092
BitDefenderTheta	Gen:NN.ZexaF.36212.vn0@aOwqZ0hi
ALYac	Gen:Variant.Babar.62092
VBA32	BScope.TrojanPSW.Coins
Malwarebytes	Malware.Heuristic.1003
Yandex	Trojan.GenAsa!LQmWrHldTi8
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:Trojan-gen
Cybereason	malicious.fcaf94

48.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All