Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 16, 2023, 4:14 p.m.	April 16, 2023, 4:25 p.m.

Size	351.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fd72f009bcbf63c9586becb726402280`
SHA256	`208d115132e8b37828c40f56e9b905c72a40b0bc881736ec3a90a1c03baa1214`
CRC32	`5A5F8F89`
ssdeep	`6144:aWYGtjBQ8thJ+vuNWa7s3qNyZPHAaeV6zvMCV+E:aWjjBdf+vuN3TggaeV6oCVr`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check PE_Header_Zero - PE File Signature IsPE32 - (no description)

troubled_projects.exe "C:\Users\test22\AppData\Local\Temp\troubled_projects.exe"
800

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
212.8.244.201	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

None

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 16, 2023, 4:14 p.m.	process_identifier: 800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 73728 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002de000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory April 16, 2023, 4:14 p.m.	process_identifier: 800 region_size: 90112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host

212.8.244.201

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Convagent.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.36291
MicroWorld-eScan	Trojan.GenericKD.66423803
FireEye	Generic.mg.fd72f009bcbf63c9
CAT-QuickHeal	Ransom.Stop.P5
McAfee	Packed-GDV5!FD72F009BCBF
Malwarebytes	Trojan.MalPack.GS
VIPRE	Trojan.GenericKD.66423803
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/Kryptik.52f08283
K7GW	Trojan ( 005a36d71 )
K7AntiVirus	Trojan ( 005a36d71 )
Arcabit	Trojan.Generic.D3F58BFB
Cyren	W32/Kryptik.JOK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HTHT
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Dropper.Tofsee-9997087-0
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Trojan.GenericKD.66423803
NANO-Antivirus	Trojan.Win32.Tofsee.jvmjwr
Avast	Win32:CrypterX-gen [Trj]
Tencent	Win32.Trojan.Ad.Ctgl
Emsisoft	Trojan.GenericKD.66423803 (B)
F-Secure	Trojan.TR/AD.Stealc.cyutr
TrendMicro	TrojanSpy.Win32.STEALC.YXDDMZ
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.fh
Trapmine	malicious.high.ml.score
Sophos	Troj/Krypt-WE
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Trojan.Gen
Avira	TR/AD.Stealc.cyutr
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win32.Sabsik
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Redline.MOR!MTB
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Generic.Trojan.PSEB.F0NCRJ
Google	Detected
AhnLab-V3	Dropper/Win.DropperX-gen.R571233
VBA32	BScope.Trojan.Khalesi
ALYac	Gen:Variant.Zusy.457078
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TrojanSpy.Win32.STEALC.YXDDMZ

troubled_projects.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All