Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 20, 2023, 9:50 a.m.	March 20, 2023, 10:14 a.m.

Size	248.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`74b6b35627f6453d787f1c7ea3b9ec33`
SHA256	`51921d13908bd84b1c8fbdd77e6e29d4359ce0fc40857f6f0ad15b1b6ee74730`
CRC32	`298ED315`
ssdeep	`3072:W1jGFFPBsryKxPUBnIZ/C9FUYHwKLLgQmsbVVTjC3r7wcLl2byii5DzrIlu:ug3iPUZIAFUYHDPaQVXC3xR2/iNo`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature

ChromeFIX_errorMEM.exe "C:\Users\test22\AppData\Local\Temp\ChromeFIX_errorMEM.exe"
316

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ March 20, 2023, 9:50 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0xc0074e1c registers.esp: 5373072 registers.edi: 3221704220 registers.eax: 0 registers.ebp: 1585543 registers.edx: 178 registers.ebx: 2759224 registers.esi: 1 registers.ecx: 1603633	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 20, 2023, 9:50 a.m.	process_identifier: 316 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x001bb000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0002d400', u'virtual_address': u'0x00010000', u'entropy': 7.176585474224502, u'name': u'.data', u'virtual_size': u'0x0002dffc'}

entropy

7.17658547422

description

A section with a high entropy has been found

entropy

0.732793522267

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Stealer.12!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.454027
FireEye	Generic.mg.74b6b35627f6453d
CAT-QuickHeal	Ransomware.Tescrypt.WR5
McAfee	Artemis!74B6B35627F6
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanSpy:Win32/Stealer.6460297d
K7GW	Trojan ( 0059d50d1 )
K7AntiVirus	Trojan ( 0059d50d1 )
BitDefenderTheta	Gen:NN.ZexaE.36344.pu0@aimvgTdi
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HSEV
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Gen:Variant.Zusy.454027
Avast	Win32:CrypterX-gen [Trj]
DrWeb	Trojan.PWS.StealerNET.125
VIPRE	Gen:Variant.Jaik.130335
TrendMicro	Mal_HPGen-50
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A
Ikarus	Trojan.Win32.Crypt
Webroot	W32.Trojan.Gen
Gridinsoft	Malware.Win32.RedLine.bot
Arcabit	Trojan.Fragtor.D39681
GData	Gen:Variant.Fragtor.235137
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R564417
Acronis	suspicious
ALYac	Gen:Variant.Jaik.130335
Cylance	unsafe
TrendMicro-HouseCall	Mal_HPGen-50
Rising	Trojan.Kryptik!8.8 (TFE:5:plPaISbghQH)
MAX	malware (ai score=87)
Fortinet	W32/Kryptik.HSEV!tr
AVG	Win32:CrypterX-gen [Trj]

ChromeFIX_errorMEM.exe