Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 17, 2023, 4:40 p.m.	Feb. 17, 2023, 4:43 p.m.

Size	605.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`865004f0278a4301cd6919a58e09c9b2`
SHA256	`1a8ab52bb58371cdfdf171987be0fec8509fab2495da503417eff49567043850`
CRC32	`7B4BFFBB`
ssdeep	`12288:/Y8t680YIA0PxJwPV22JZv9XGmXt1TF7NL3N2Wi9HyjmfH5aKtlKHtVhagVbG9R3:/Y8ssQJwN2Sd9XGYdR53gWuS6vQbVbmN`
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 17, 2023, 4:40 p.m.		1	1	0

section

.ndata

file	C:\Users\test22\AppData\Local\Temp\fncxla.exe

file	C:\Users\test22\AppData\Local\Temp\fncxla.exe

Lionic	Trojan.Win32.Nymeria.4!c
MicroWorld-eScan	AIT:Trojan.Nymeria.5338
FireEye	Generic.mg.865004f0278a4301
McAfee	Artemis!865004F0278A
Cylance	Unsafe
VIPRE	AIT:Trojan.Nymeria.5338
Sangfor	Suspicious.Win32.Save.ins
Cybereason	malicious.74a685
Arcabit	AIT:Trojan.Nymeria.D14DA
Cyren	W32/Ninjector.HQ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	UDS:Trojan-Spy.Win32.SnakeLogger.gen
BitDefender	AIT:Trojan.Nymeria.5338
Avast	FileRepMalware [Misc]
Emsisoft	AIT:Trojan.Nymeria.5338 (B)
McAfee-GW-Edition	BehavesLike.Win32.ICLoader.jc
Trapmine	malicious.moderate.ml.score
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Trojan.Nymeria
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	AIT:Trojan.Nymeria.5338
Google	Detected
ALYac	AIT:Trojan.Nymeria.5338
MAX	malware (ai score=82)
Ikarus	Trojan.Inject
Fortinet	NSIS/Injector.EXAU!tr
AVG	FileRepMalware [Misc]
CrowdStrike	win/malicious_confidence_90% (D)

vbc.exe