Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 17, 2023, 7:11 a.m.	May 17, 2023, 7:13 a.m.

Size	327.1KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`22b25918bfdd12b1b6646cf6cdf1e867`
SHA256	`8be6deb199d15344938cca068b14d9af482d69b0e864c42bc0f11690dd8cf1f7`
CRC32	`C35DB91B`
ssdeep	`6144:seIJOgbSk6haa3G7YWoWTAqkUgE0YRa8ts:shOgShtusWsvE7e`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ May 17, 2023, 7:11 a.m.	stacktrace: mavrodiblack+0x8460 @ 0x408460 mavrodiblack+0x95b8 @ 0x4095b8 mavrodiblack+0x1200b @ 0x41200b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 0f b7 46 14 89 55 fc 89 55 cc 89 45 c8 39 96 a0 exception.instruction: movzx eax, word ptr [esi + 0x14] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x18fa7a registers.esp: 1634844 registers.edi: 0 registers.eax: 0 registers.ebp: 1635916 registers.edx: 0 registers.ebx: 1971191808 registers.esi: 3316739243 registers.ecx: 4366408	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 17, 2023, 7:11 a.m.	process_identifier: 1932 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0018f000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory May 17, 2023, 7:11 a.m.	process_identifier: 1932 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0018f000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00026600', u'virtual_address': u'0x0002a000', u'entropy': 7.734067370276554, u'name': u'.data', u'virtual_size': u'0x00028568'}

entropy

7.73406737028

description

A section with a high entropy has been found

entropy

0.485759493671

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Variant.Zusy.467841
FireEye	Generic.mg.22b25918bfdd12b1
McAfee	RDN/Generic PWS.y
Malwarebytes	Trojan.Crypt
VIPRE	Gen:Variant.Zusy.467841
Sangfor	Backdoor.Win32.Zusy.Vmgo
K7AntiVirus	Trojan ( 0059d4ec1 )
Alibaba	TrojanSpy:Win32/Stealer.6c4961a5
K7GW	Trojan ( 0059d4ec1 )
Arcabit	Trojan.Zusy.D72381
VirIT	Trojan.Win32.GenusT.DHPD
Cyren	W32/Agent.GAX.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HSEV
APEX	Malicious
ClamAV	Win.Packed.Zusy-10001910-0
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Gen:Variant.Zusy.467841
Avast	Win32:BackdoorX-gen [Trj]
Tencent	Win32.Trojan.FalseSign.Udkl
Sophos	Troj/Steal-DNO
F-Secure	Trojan.TR/AD.Nekark.pqgcn
McAfee-GW-Edition	RDN/Generic PWS.y
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Zusy.467841 (B)
Ikarus	Trojan.Win32.Crypt
Google	Detected
Avira	TR/AD.Nekark.pqgcn
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Win32.Kryptik
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/RedLineStealer.EM!MTB
ZoneAlarm	HEUR:Trojan-Spy.Win32.Stealer.gen
GData	Gen:Variant.Zusy.467841
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R578284
ALYac	Gen:Variant.Zusy.467841
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R002H0CEE23
Rising	Backdoor.Agent!8.C5D (TFE:5:Ojq6eX0sX8N)
Fortinet	W32/Kryptik.HSEV!tr
AVG	Win32:BackdoorX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (W)

MavrodiBlack.exe