Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 22, 2023, 8:43 a.m.	April 22, 2023, 8:53 a.m.

Size	28.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bd1f19c4defecdd38c2c366e24154ebb`
SHA256	`12a202ebe5065c2c94f449ee39d0549b82366a01f99169cae3ebd3946b3c6940`
CRC32	`E60BDB02`
ssdeep	`384:qXRb1oPR8JdN5wo6GBde64p9eKtlvQI/Ygr3q7MVbgORPpbamJZpTJXVbHny5PCp:qEuJTuovOvT/Ygr3q7MVsOnbbBrF`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: 123+0x3dbb @ 0x8b3dbb 123+0x1e3c @ 0x8b1e3c BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x250fff registers.esp: 141227120 registers.edi: 4193412 registers.eax: 141227248 registers.ebp: 141227256 registers.edx: 0 registers.ebx: 11106800 registers.esi: 11096784 registers.ecx: 2424832	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 1440 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00250000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ser.Razy.14040
FireEye	Generic.mg.bd1f19c4defecdd3
ALYac	Gen:Variant.Ser.Razy.14040
Sangfor	Trojan.Win32.Agent.Agin
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Ser.Razy.D36D8
BitDefenderTheta	Gen:NN.ZexaF.36164.bqW@ayTDf5n
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.Agent.QJC
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ser.Razy.14040
Avast	Win32:SpywareX-gen [Trj]
Tencent	Win32.Trojan.Generic.Ijgl
Emsisoft	Gen:Variant.Ser.Razy.14040 (B)
F-Secure	Heuristic.HEUR/AGEN.1317098
VIPRE	Gen:Variant.Ser.Razy.14040
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1317098
MAX	malware (ai score=82)
Microsoft	Trojan:Win32/Doina.MA!MTB
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Ser.Razy.14040
AhnLab-V3	Trojan/Win.VX.C5393441
McAfee	Artemis!BD1F19C4DEFE
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Trojan.Generic@AI.100 (RDML:89aHFN4pWtotzBeRbBxezg)
Ikarus	Win32.Outbreak
AVG	Win32:SpywareX-gen [Trj]
DeepInstinct	MALICIOUS

123.exe