Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 22, 2023, 10:04 a.m.	March 22, 2023, 10:06 a.m.

Size	261.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d064bfcbf2eeffb0dd746daeb03a7208`
SHA256	`acfa4d38373ad711e821419ddd439552de9c25585aa4c75b04279d6528cc2c56`
CRC32	`1EF4327D`
ssdeep	`3072:8ii05qf9LLir4UUX9/W0oshEe2weGN1nmDjpwpEm65aDaRRDhGFpy10wZ2H:kf9LL/59OKh8GNwDjpwpEmlu`
PDB Path	C:\zul_68\ladokizo-mihihiresub\tihufalikuy\zux\mijoyurumiji.pdb
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\zul_68\ladokizo-mihihiresub\tihufalikuy\zux\mijoyurumiji.pdb

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 22, 2023, 10:04 a.m.	process_identifier: 912 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 86016 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009dc000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory March 22, 2023, 10:04 a.m.	process_identifier: 912 region_size: 110592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00350000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00027a00', u'virtual_address': u'0x00001000', u'entropy': 7.583385770430491, u'name': u'.text', u'virtual_size': u'0x0002791c'}

entropy

7.58338577043

description

A section with a high entropy has been found

entropy

0.608445297505

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.d064bfcbf2eeffb0
CAT-QuickHeal	Ransom.Stop.P5
McAfee	Artemis!D064BFCBF2EE
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Riskware ( 00584baa1 )
K7AntiVirus	Trojan ( 00516fdf1 )
Symantec	Packed.Generic.616
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Kryptik.HTCL
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packer.pkr_ce1a-9980177-0
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	Win32:CrypterX-gen [Trj]
Sophos	ML/PE-A
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.dh
Trapmine	malicious.moderate.ml.score
SentinelOne	Static AI - Suspicious PE
Microsoft	Ransom:Win32/LockbitCrypt.SV!MTB
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Google	Detected
AhnLab-V3	Packed/Win.GEE.C5023791
Acronis	suspicious
VBA32	BScope.Trojan.Downloader
Cylance	unsafe
Rising	Trojan.Generic@AI.98 (RDML:nvpWy+Eqj9i1Z+ZUPy3XvQ)
Ikarus	Trojan-Ransom.GandCrab
AVG	Win32:CrypterX-gen [Trj]
Panda	Trj/Genetic.gen

vbc.exe