Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 25, 2023, 6:52 p.m.	April 25, 2023, 6:55 p.m.

Size	115.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2a531fb5a055bec266f11c721ee3deca`
SHA256	`d8b52233d360be77ce7dc53efa56b50c039c6e8d3e579b239cec8131c6a1c4a0`
CRC32	`C7EFB01A`
ssdeep	`1536:8BlhXZ0gaYZl5yXmhVzjn7qcc3lIOwnToIftSxb3pY+LmTHh20:mXTLhVfnvc3vETBftSxb3pY+LmTHh2`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
156.236.72.163	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 25, 2023, 6:52 p.m.		1	1	0

packer

Armadillo v1.71

resource name	MUI
resource name	UIFILE

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW April 25, 2023, 6:52 p.m.	total_number_of_free_bytes: 9936195584 free_bytes_available: 9936195584 root_path: C:\ total_number_of_bytes: 34252779520	1	1	0

section

{u'size_of_data': u'0x00004600', u'virtual_address': u'0x0000e000', u'entropy': 6.83602388250992, u'name': u'.rdata', u'virtual_size': u'0x0000457c'}

entropy

6.83602388251

description

A section with a high entropy has been found

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW April 25, 2023, 6:52 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

host

156.236.72.163

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\(Default)

reg_value

C:\Users\test22\AppData\Local\Temp\dan.exe

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Tedy.130070
ClamAV	Win.Malware.Ulise-9821691-0
FireEye	Generic.mg.2a531fb5a055bec2
ALYac	Gen:Variant.Tedy.130070
Malwarebytes	Malware.AI.2452864964
VIPRE	Gen:Variant.Tedy.130070
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Zegost.0f487712
K7GW	Trojan ( 00521b151 )
K7AntiVirus	Trojan ( 00521b151 )
Arcabit	Trojan.Tedy.D1FC16
BitDefenderTheta	Gen:NN.ZexaF.36164.hq0@aafp8Mci
Cyren	W32/Farfli.HU.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Farfli.BXP
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Tedy.130070
Avast	Win32:Farfli-BL [Trj]
Tencent	Malware.Win32.Gencirc.10bdd72a
Emsisoft	Gen:Variant.Tedy.130070 (B)
Baidu	Win32.Trojan.Farfli.bd
F-Secure	Trojan.TR/Spy.Gen
DrWeb	Trojan.DownLoader32.59911
Zillya	Trojan.Farfli.Win32.33956
TrendMicro	TROJ_GEN.R002C0DDH23
McAfee-GW-Edition	GenericRXKQ-WX!2A531FB5A055
Sophos	Troj/AutoG-HX
Ikarus	Trojan.Win32.Redosdru
Jiangmin	Trojan.Generic.aevhg
Avira	TR/Spy.Gen
Antiy-AVL	Trojan/Win32.AGeneric
Gridinsoft	Trojan.Win32.Downloader.sa
Microsoft	Backdoor:Win32/Zegost.DD
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Tedy.130070
Google	Detected
AhnLab-V3	Malware/Win32.Generic.C3975318
Acronis	suspicious
McAfee	GenericRXKQ-WX!2A531FB5A055
MAX	malware (ai score=86)
VBA32	BScope.Trojan.Agent
Cylance	unsafe
Panda	Trj/Genetic.gen

dan.exe