Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 11, 2023, 5:49 p.m.	April 11, 2023, 5:51 p.m.

Size	4.5MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`2de83135f9c732a1563ba36d73444109`
SHA256	`57688ebad140cf112323fd5b1fc4fbe573603f6c4f16e8d8a50d6e1f75100bf8`
CRC32	`6332D2BB`
ssdeep	`98304:GPsyAq0rTgjHLNieY4KejbEJp2s/FrIz+bAKsB5krAwCsqfGKOr:GPMqC+HtTK4Y6wdLyzwChir`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature

xt64.exe "C:\Users\test22\AppData\Local\Temp\xt64.exe"
632

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.rsrc
section	.idata
section
section	bmqopjfa
section	aippkeyk

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 11, 2023, 5:42 p.m.	stacktrace: 0x9e6604 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9e6604 registers.r14: 0 registers.r15: 0 registers.rcx: 48 registers.rsi: 22712926 registers.r10: 0 registers.rbx: 8791653941248 registers.rsp: 3341448 registers.r11: 518 registers.r8: 2004821056 registers.r9: 26726400 registers.rdx: 8796092887632 registers.r12: 0 registers.rbp: 3341568 registers.rdi: 22713014 registers.rax: 10380800 registers.r13: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00198200', u'virtual_address': u'0x00001000', u'entropy': 7.937592248175138, u'name': u' \\x00 ', u'virtual_size': u'0x00468000'}

entropy

7.93759224818

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x002e4800', u'virtual_address': u'0x009b7000', u'entropy': 7.962786025588704, u'name': u'bmqopjfa', u'virtual_size': u'0x002e5000'}

entropy

7.96278602559

description

A section with a high entropy has been found

entropy

0.999673629243

description

Overall entropy of this PE file is high

File has been identified by 33 AntiVirus engines on VirusTotal as malicious (33 events)

Lionic	Trojan.Win32.ClipBanker.Z!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.208008
McAfee	Artemis!2DE83135F9C7
Cylance	unsafe
CrowdStrike	win/malicious_confidence_70% (W)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	UDS:Trojan-Banker.Win64.ClipBanker.gen
BitDefender	Gen:Variant.Lazy.208008
Avast	FileRepMalware [Misc]
Emsisoft	Gen:Variant.Lazy.208008 (B)
VIPRE	Gen:Variant.Lazy.208008
McAfee-GW-Edition	BehavesLike.Win64.Generic.rc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.2de83135f9c732a1
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.Win64.Themida
GData	Gen:Variant.Lazy.208008
Gridinsoft	Malware.Win64.Gen.bot!se40363
Arcabit	Trojan.Lazy.D32C88
ZoneAlarm	UDS:Trojan-Banker.Win64.ClipBanker.gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
ALYac	Gen:Variant.Lazy.208008
MAX	malware (ai score=85)
Malwarebytes	Malware.AI.1366004449
Zoner	Probably Heur.ExeHeaderL
SentinelOne	Static AI - Suspicious PE
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS

xt64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All