Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 16, 2023, 4:48 p.m.	March 16, 2023, 4:49 p.m.

Size	6.1MB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`99efa19440acb8132312136bfa7d0981`
SHA256	`c339d4dd247e4069ef221cfaf63cba7ad786cff52cd378820ef3870fffc53fe2`
CRC32	`2648FF1A`
ssdeep	`98304:enuR3evfw+nDZns4hHSkJ4AVcLeKxwqINtsqXbY4woND+pDfGKYc1S:wuJenw+Vns481AVKe7dNts4bY42xGKT`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	pnadd
section	kxwpt
section	jxxgorr
section	soeylm

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x005a0a00', u'virtual_address': u'0x00086000', u'entropy': 7.832875696660676, u'name': u'soeylm', u'virtual_size': u'0x005a0960'}

entropy

7.83287569666

description

A section with a high entropy has been found

entropy

0.916865552904

description

Overall entropy of this PE file is high

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Bkav	W32.AIDetectNet.01
DrWeb	Trojan.BPlug.4031
MicroWorld-eScan	Gen:Variant.Application.BrowserModifier.55
FireEye	Generic.mg.99efa19440acb813
McAfee	PUP-XTH-VS
Cylance	unsafe
VIPRE	Gen:Variant.Application.BrowserModifier.55
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/grayware_confidence_100% (W)
BitDefender	Gen:Variant.Application.BrowserModifier.55
Cyren	W32/Neoreklami.K.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Adware.Neoreklami.LV
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	not-a-virus:HEUR:AdWare.Win32.Neoreklami.gen
Alibaba	AdWare:Win32/Neoreklami.23b049a7
ViRobot	Adware.Neoreklami.6436864.H
Rising	Trojan.Generic@AI.100 (RDML:74/MXAOlfertEWY/GE2n8Q)
TrendMicro	TROJ_GEN.R002C0PC823
McAfee-GW-Edition	BehavesLike.Win32.PUPXTH.vc
Emsisoft	Gen:Variant.Application.BrowserModifier.55 (B)
Ikarus	PUA.Neoreklami
Avira	ADWARE/Adware.Gen7
MAX	malware (ai score=70)
Gridinsoft	Trojan.Heur!.02012020
ZoneAlarm	not-a-virus:HEUR:AdWare.Win32.Neoreklami.gen
GData	Gen:Variant.Application.BrowserModifier.55
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R526588
ALYac	Gen:Variant.Application.BrowserModifier.55
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R002C0PC823
Tencent	Adware.Win32.Neoreklami.yb
SentinelOne	Static AI - Suspicious PE
Fortinet	Adware/Neoreklami
AVG	Win32:Adware-gen [Adw]
Avast	Win32:Adware-gen [Adw]

c339d4dd247e4069ef221cfaf63cba7ad786cff52cd378820ef3870fffc53fe2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All