Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 27, 2023, 10:19 a.m.	March 27, 2023, 10:38 a.m.

Size	262.1KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`cfc3dc40432c7d8d8f838bc20c12bf27`
SHA256	`b6fbf6a0edd6938b1f202feec419341d21d47731ca16fa5b5eabe2672d24a454`
CRC32	`ACE30686`
ssdeep	`6144:IhkI+5/nYc1aWY/yMupzdh62iBIjSp1pbD7:IhkNic1xY/KYJejS7pv7`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ March 27, 2023, 10:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.esp: 1638200 registers.edi: 4177526783 registers.eax: 0 registers.ebp: 178254834 registers.edx: 174 registers.ebx: 176816999 registers.esi: 3753463672 registers.ecx: 4228145	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 27, 2023, 10:19 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043e000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0002e600', u'virtual_address': u'0x00012000', u'entropy': 6.948071400231702, u'name': u'.data', u'virtual_size': u'0x0002f1fc'}

entropy

6.94807140023

description

A section with a high entropy has been found

entropy

0.744979919679

description

Overall entropy of this PE file is high

Lionic	Trojan.Win32.Stealer.12!c
MicroWorld-eScan	Trojan.GenericKD.66076768
McAfee	Artemis!CFC3DC40432C
VIPRE	Trojan.GenericKD.66076768
Sangfor	Spyware.Win32.Kryptik.Vw7d
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanSpy:Win32/Stealer.c5792885
K7GW	Trojan ( 005a14f81 )
K7AntiVirus	Trojan ( 005a14f81 )
Arcabit	Trojan.Generic.D3F04060
Cyren	W32/Agent.FTL.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HTDD
Cynet	Malicious (score: 99)
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Trojan.GenericKD.66076768
Avast	Win32:CrypterX-gen [Trj]
Tencent	Win32.Trojan.FalseSign.Eplw
DrWeb	Trojan.DownLoader45.41138
TrendMicro	TrojanSpy.Win32.RHADAMANTHYS.YXDCXZ
McAfee-GW-Edition	RDN/Generic PWS.y
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.cfc3dc40432c7d8d
Emsisoft	Trojan.GenericKD.66076768 (B)
Ikarus	Trojan.Win32.Crypt
Webroot	W32.Trojan.Gen
Avira	TR/AD.Nekark.puqtw
Antiy-AVL	Trojan/Win32.Kryptik
Gridinsoft	Trojan.Win32.Kryptik.cl
Microsoft	Trojan:Win32/Redline.WOA!MTB
ViRobot	Trojan.Win.Z.Agent.268368
ZoneAlarm	HEUR:Trojan-Spy.Win32.Stealer.gen
GData	Trojan.GenericKD.66076768
Google	Detected
AhnLab-V3	Trojan/Win.RedLine.C5399927
ALYac	Trojan.GenericKD.66076768
MAX	malware (ai score=84)
Cylance	unsafe
TrendMicro-HouseCall	TrojanSpy.Win32.RHADAMANTHYS.YXDCXZ
Rising	Backdoor.Agent!8.C5D (TFE:5:uItweMsNyVJ)
Fortinet	W32/Kryptik.HTDD!tr
AVG	Win32:CrypterX-gen [Trj]
Panda	Trj/GdSda.A

ox.exe