Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 4, 2023, 5:11 p.m.	April 4, 2023, 5:15 p.m.

Size	5.4MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`e0d2634fe2b085685f0b71e66ac91ec9`
SHA256	`24c485ecb00d9d6ed8c12fb7a3162169cb1b666ab9a90eb3c1bcdf8dd8c40df4`
CRC32	`574CDC23`
ssdeep	`49152:pyWMOEmrU4VWLP6zev05oej0EL9gCegK/efy5d8A45EG273LCV0UOQJUh9q101GF:Eq6PQn4/9GEp32VLV+h9sF`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature

1bz7KfahvU.exe "C:\Users\test22\AppData\Local\Temp\1bz7KfahvU.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress April 4, 2023, 5:03 p.m.	ordinal: 0 function_address: 0x000007fefd6b7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000076d30000		-1073741511	0

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Lionic	Trojan.Win64.Coins.tseu
DrWeb	Trojan.MulDrop21.48974
MicroWorld-eScan	Trojan.GenericKD.65908911
FireEye	Trojan.GenericKD.65908911
CAT-QuickHeal	Trojan.Sabsik
ALYac	Trojan.GenericKD.65908911
Malwarebytes	Generic.Malware/Suspicious
Zillya	Trojan.Foreign.Win32.61270
Sangfor	Ransom.Win32.Agent.V53r
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/Foreign.338742e6
K7GW	Trojan ( 0059db221 )
K7AntiVirus	Trojan ( 0059db221 )
Arcabit	Trojan.Generic.D3EDB0AF
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of WinGo/Agent.LN
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Ransom.Win32.Foreign.ompf
BitDefender	Trojan.GenericKD.65908911
Avast	Win64:RansomX-gen [Ransom]
Tencent	Win32.Trojan-Ransom.Foreign.Gtgl
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Foreign.zaxan
VIPRE	Trojan.GenericKD.65908911
McAfee-GW-Edition	BehavesLike.Win64.Trojan.th
Emsisoft	Trojan.GenericKD.65908911 (B)
Ikarus	Trojan.Win64.Meterpreter
Jiangmin	Trojan.PSW.Agent.dct
Webroot	W32.Trojan.Genkd
Avira	TR/Foreign.zaxan
Antiy-AVL	Trojan[Ransom]/Win32.Foreign
Gridinsoft	Ransom.Win64.Sabsik.sa
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	Trojan-Ransom.Win32.Foreign.ompf
GData	Trojan.GenericKD.65908911
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R565774
McAfee	Artemis!E0D2634FE2B0
MAX	malware (ai score=80)
Cylance	unsafe
Panda	Trj/RansomGen.A
TrendMicro-HouseCall	TROJ_GEN.R002H0ACC23
Rising	Ransom.Foreign!8.292 (CLOUD)
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.203044601.susgen
Fortinet	W32/Agent.LN!tr
AVG	Win64:RansomX-gen [Ransom]

1bz7KfahvU.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All