Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 23, 2023, 1:02 p.m.	March 23, 2023, 1:14 p.m.

Size	3.0MB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`a8a106555b9e1f92569d623c66ee8c12`
SHA256	`84aac7290471d6aa883962c2e739b44adcea7f533cc0317e8d0d6f847def1f7a`
CRC32	`3CFD0B94`
ssdeep	`49152:3WjN903V68U3f1uXAlL/EUSiITRf+EGg7dyvUCUDaB5+Tc6k1HFm:3IrIVbUYiLs4vUCU5T0w`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) PE_Header_Zero - PE File Signature

svchost.exe "C:\Users\test22\AppData\Local\Temp\svchost.exe"
1680

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
212.87.204.93	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

Communicates with host for which no DNS query was performed (1 event)

host

212.87.204.93

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress March 23, 2023, 1:02 p.m.	ordinal: 0 function_address: 0x0018fe55 function_name: wine_get_version module: ntdll module_address: 0x778a0000		3221225785	0

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

212.87.204.93:8081

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Lionic	Trojan.Win32.Babar.4!c
MicroWorld-eScan	Gen:Variant.Jaik.127758
ALYac	Gen:Variant.Jaik.127758
Malwarebytes	Malware.AI.497866992
VIPRE	Gen:Variant.Jaik.127758
Sangfor	Infostealer.Win32.Coins.Vn3m
K7AntiVirus	Trojan ( 0059bc771 )
Alibaba	TrojanPSW:Win32/Coins.16494ee5
K7GW	Trojan ( 0059bc771 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Jaik.D1F30E
VirIT	Trojan.Win32.Genus.OBK
Cyren	W32/ABRisk.BJZZ-6489
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of WinGo/Agent.JS
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Infostealer.Aurora-9980073-1
Kaspersky	Trojan-PSW.Win32.Coins.afag
BitDefender	Gen:Variant.Jaik.127758
NANO-Antivirus	Trojan.Win32.Coins.judqhg
Avast	Win32:Evo-gen [Trj]
Tencent	Win32.Trojan-QQPass.QQRob.Iajl
Sophos	Troj/Aurora-A
Zillya	Trojan.Coins.Win32.7793
TrendMicro	TrojanSpy.Win32.AURORASTEALER.YXDCGZ
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.a8a106555b9e1f92
Emsisoft	Gen:Variant.Jaik.127758 (B)
Webroot	W32.Trojan.Gen
Avira	TR/Redcap.owzmd
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Win32.GoAgent
Gridinsoft	Malware.Win32.Aurora.bot
Xcitium	Malware@#1al9xg0hdtt50
Microsoft	Trojan:Win32/Malgent!MSR
ViRobot	Trojan.Win.Z.Babar.3192544
GData	Gen:Variant.Jaik.127758
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R557261
McAfee	Artemis!A8A106555B9E
VBA32	BScope.Trojan.Nacra
TrendMicro-HouseCall	TrojanSpy.Win32.AURORASTEALER.YXDCGZ
Rising	Stealer.Aurora!1.E1B6 (CLOUD)
Ikarus	Trojan-Spy.TitanStealer
Fortinet	W32/GoAgent.IE!tr
BitDefenderTheta	AI:Packer.ECEEBC4821
AVG	Win32:Evo-gen [Trj]

svchost.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All