Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 16, 2023, 4:15 p.m.	April 16, 2023, 4:39 p.m.

Size	716.9KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`9fede67b91a08de8cb9b0ee0cd6fed9a`
SHA256	`edaa2ce71663089d28ee9d99b2b3fb466d06a57ff9621e547fe972996ed12112`
CRC32	`10231107`
ssdeep	`12288:cUoT7b68SvOA3AP1oMAYsHlfjRa8kHy4BdPHoj0Fj5nbizIpHt+nXc:XoT7b6XvhAto9YsHJRa8EVPA4bizIHtD`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 16, 2023, 4:15 p.m.	process_identifier: 2556 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0018f000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00097000', u'virtual_address': u'0x0001b000', u'entropy': 7.105160971423712, u'name': u'.data', u'virtual_size': u'0x00097b1c'}

entropy

7.10516097142

description

A section with a high entropy has been found

entropy

0.85552407932

description

Overall entropy of this PE file is high

Lionic	Trojan.Win32.Reline.4!c
DrWeb	Trojan.Inject4.54151
MicroWorld-eScan	Trojan.Agent.GDLY
McAfee	GenericRXVO-MR!9FEDE67B91A0
Malwarebytes	Spyware.RedLineStealer
Sangfor	Trojan.Win32.Kryptik.V32d
K7AntiVirus	Riskware ( 00584baa1 )
Alibaba	TrojanPSW:Win32/Reline.f8cf3080
K7GW	Riskware ( 00584baa1 )
Cyren	W32/Kryptik.JBX.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HSZU
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-PSW.Win32.Reline.gen
BitDefender	Trojan.Agent.GDLY
Avast	Win32:CrypterX-gen [Trj]
Tencent	Win32.Trojan.FalseSign.Ewnw
Emsisoft	Trojan.Agent.GDLY (B)
F-Secure	Trojan.TR/AD.Nekark.wnmgp
VIPRE	Trojan.Agent.GDLY
TrendMicro	TROJ_GEN.R002C0DDF23
McAfee-GW-Edition	GenericRXVO-MR!9FEDE67B91A0
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.9fede67b91a08de8
Sophos	Mal/Generic-S
Ikarus	Win32.Outbreak
GData	Win32.Trojan.PSE.11AU12L
Webroot	W32.Trojan.Gen
Avira	TR/AD.Nekark.wnmgp
Arcabit	Trojan.Agent.GDLY
ViRobot	Trojan.Win.Z.Redline.734064
ZoneAlarm	HEUR:Trojan-PSW.Win32.Reline.gen
Microsoft	Trojan:Win32/Redline.MOO!MTB
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R562351
VBA32	BScope.TrojanPSW.RedLine
ALYac	Trojan.Agent.GDLY
MAX	malware (ai score=80)
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R002C0DDF23
Rising	Backdoor.Agent!8.C5D (TFE:5:Ih39svw0scR)
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Kryptik.HSEV!tr
AVG	Win32:CrypterX-gen [Trj]
DeepInstinct	MALICIOUS

pushmid.exe