Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 11, 2023, 5:49 p.m.	April 11, 2023, 5:51 p.m.

Size	318.8KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`ebc9000c9233ce8d2f0ec1d81ea6dfd5`
SHA256	`b939788848ec0367f91d9bd3ffb17f9de4b0b7bd2c94dfc79212ea1d79e6c3c5`
CRC32	`BBA01FF9`
ssdeep	`3072:6+AnkTCmphR48m3vPyVuyubmC7z0A2A1P59fFZ9mqwS+Tdgk5Ju9u1POY7oT9fxV:6+AnGk8YxRz04PTfFZQqwLOutpol`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 11, 2023, 5:49 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 11, 2023, 5:49 p.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044d000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory April 11, 2023, 5:49 p.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73662000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0002c200', u'virtual_address': u'0x00023000', u'entropy': 7.268096886373615, u'name': u'.data', u'virtual_size': u'0x0002de88'}

entropy

7.26809688637

description

A section with a high entropy has been found

entropy

0.573051948052

description

Overall entropy of this PE file is high

Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
FireEye	Generic.mg.ebc9000c9233ce8d
Malwarebytes	Malware.AI.426273772
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
Arcabit	Trojan.Ser.Jaik.DDC3
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.GIMV
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Gen:Variant.Ser.Jaik.3523
MicroWorld-eScan	Gen:Variant.Ser.Jaik.3523
Avast	Win32:CrypterX-gen [Trj]
Emsisoft	Gen:Variant.Ser.Jaik.3523 (B)
F-Secure	Trojan.TR/AD.RedLineSteal.illkg
VIPRE	Gen:Variant.Ser.Jaik.3523
Trapmine	malicious.moderate.ml.score
Avira	TR/AD.RedLineSteal.illkg
Microsoft	Trojan:MSIL/RedLineStealer.EM!MTB
ZoneAlarm	UDS:Trojan-Spy.Win32.Stealer.gen
GData	Win32.Trojan-Stealer.Cordimik.X6N31H
Google	Detected
AhnLab-V3	Packed/Win.Katusha.C5409373
ALYac	Gen:Variant.Ser.Jaik.3523
MAX	malware (ai score=80)
Cylance	unsafe
Rising	Backdoor.Agent!8.C5D (TFE:5:wqFH5EZ1GkN)
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.W32.Strab.gen_260344
Fortinet	PossibleThreat.ZDS
AVG	Win32:CrypterX-gen [Trj]
DeepInstinct	MALICIOUS

windows.exe