Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 17, 2023, 11:16 a.m.	April 17, 2023, 11:18 a.m.

Size	351.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9f2d4ac2e67b3fe84ac5a8b6f7d6e6dd`
SHA256	`8b1f8ccc99f4ce9e05e6471a7df1c9c1e1d4c193d3d4218157f43c11ea7978fa`
CRC32	`C3049799`
ssdeep	`6144:diTnQl63wAB92+mSftzQab34Lv588toz+lAbb1zt:diUlpK92+mStz5b3ix88lMb1`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check PE_Header_Zero - PE File Signature IsPE32 - (no description)

2-1_2023-04-14_09-11.exe "C:\Users\test22\AppData\Local\Temp\2-1_2023-04-14_09-11.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 17, 2023, 11:16 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0094e000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory April 17, 2023, 11:16 a.m.	process_identifier: 2548 region_size: 143360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00013e00', u'virtual_address': u'0x0002b000', u'entropy': 7.7795152236716385, u'name': u'.data', u'virtual_size': u'0x003b692c'}

entropy

7.77951522367

description

A section with a high entropy has been found

entropy

0.226818830243

description

Overall entropy of this PE file is high

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Lionic	Trojan.Win32.Emotet.L!c
MicroWorld-eScan	Gen:Variant.Zusy.457078
FireEye	Generic.mg.9f2d4ac2e67b3fe8
CAT-QuickHeal	Trojan.Multi
McAfee	Artemis!9F2D4AC2E67B
Malwarebytes	Trojan.MalPack.GS
VIPRE	Gen:Variant.Zusy.457078
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 005a38a81 )
K7AntiVirus	Trojan ( 005a38a81 )
Arcabit	Trojan.Zusy.D6F976
Cyren	W32/Kryptik.JOK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HTIG
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Gen:Variant.Zusy.457078
Avast	Win32:DropperX-gen [Drp]
Tencent	Win32.Trojan-Spy.Stealer.Udkl
Sophos	Troj/Krypt-WE
F-Secure	Trojan.TR/AD.GenSHCode.citco
DrWeb	Trojan.Inject4.56232
TrendMicro	TrojanSpy.Win32.RHADAMANTHYS.YXDDOZ
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.fh
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Zusy.457078 (B)
SentinelOne	Static AI - Suspicious PE
Avira	TR/AD.GenSHCode.citco
MAX	malware (ai score=85)
Antiy-AVL	Trojan[Backdoor]/Win32.Convagent
Gridinsoft	Spy.Win32.Raccoon.bot
Microsoft	Trojan:Win32/Redline.TIY!MTB
ViRobot	Trojan.Win.Z.Zusy.359936.A
ZoneAlarm	HEUR:Trojan-Spy.Win32.Stealer.gen
GData	Win32.Trojan.PSE.ZD8D0M
Google	Detected
AhnLab-V3	Malware/Win.Generic.C5406802
VBA32	BScope.Trojan.Khalesi
Cylance	unsafe
TrendMicro-HouseCall	TrojanSpy.Win32.RHADAMANTHYS.YXDDOZ
Rising	Stealer.Agent!8.C2 (TFE:5:q6o1kdVs2XI)
Ikarus	Trojan.Kryptik
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HTIG!tr
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS

2-1_2023-04-14_09-11.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All