Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 12, 2023, 10:15 a.m.	March 12, 2023, 10:17 a.m.

Size	659.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`488720af6f69c898d6d6395031aa85c3`
SHA256	`08d2b92fdb25dbb96377425688b7489e27364ef8f999dd39277fef64a2184127`
CRC32	`77803BEB`
ssdeep	`12288:vC3KnP4KDfTKXDOMfEMy7C8Nqj0LuF4mw746ovRNuwf6vV:vtPBmCCu7XN4044mwEvHuwfK`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature

10032b.exe "C:\Users\test22\AppData\Local\Temp\10032b.exe"
2568

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.doy

The file contains an unknown PE resource name possibly indicative of a packer (5 events)

resource name	AFX_DIALOG_LAYOUT
resource name	BURUHIPEFENERAFUFAFIHUDIMISO
resource name	DIYU
resource name	TUTEHETAYIGAHEWEDURIPIHAKUHEWOC
resource name	YESISEBEFAMIK

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 12, 2023, 10:15 a.m.	process_identifier: 2568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 544768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00890000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory March 12, 2023, 10:15 a.m.	process_identifier: 2568 region_size: 585728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00085e00', u'virtual_address': u'0x00010000', u'entropy': 7.992536624094098, u'name': u'.data', u'virtual_size': u'0x001034e4'}

entropy

7.99253662409

description

A section with a high entropy has been found

entropy

0.813211845103

description

Overall entropy of this PE file is high

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.65878993
FireEye	Generic.mg.488720af6f69c898
CAT-QuickHeal	Backdoor.MSIL
ALYac	Gen:Variant.Zusy.452500
Malwarebytes	Trojan.MalPack.GS
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0059fbe91 )
Alibaba	TrojanSpy:Win32/Stealer.45076846
K7GW	Trojan ( 0059fbe91 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Zusy.D6E794
Baidu	Win32.Trojan.Kryptik.jm
Cyren	W32/Convagent.BR.gen!Eldorado
Symantec	Trojan Horse
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HSZY
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Trojan.GenericKD.65878993
Avast	Win32:TrojanX-gen [Trj]
Tencent	Win32.Trojan-Spy.Stealer.Szfl
Sophos	Troj/Krypt-VE
DrWeb	Trojan.Siggen20.1541
VIPRE	Gen:Variant.Zusy.452500
TrendMicro	Trojan.Win32.PRIVATELOADER.YXDCJZ
McAfee-GW-Edition	BehavesLike.Win32.Generic.jc
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.GenericKD.65878993 (B)
Ikarus	Trojan-Banker.UrSnif
Webroot	W32.Trojan.Gen
Avira	TR/Dropper.Gen2
Antiy-AVL	Trojan[Backdoor]/MSIL.Convagent
Gridinsoft	Trojan.Win32.Gen.bot
Microsoft	Trojan:Win32/Casdet!rfn
ViRobot	Trojan.Win.Z.Zusy.675328
GData	Trojan.GenericKD.65878993
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R561584
Acronis	suspicious
McAfee	GenericRXVO-MJ!488720AF6F69
MAX	malware (ai score=88)
VBA32	BScope.Trojan.Khalesi
Cylance	unsafe
TrendMicro-HouseCall	Trojan.Win32.PRIVATELOADER.YXDCJZ
Rising	Trojan.Kryptik!1.E370 (CLASSIC)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen

10032b.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All