Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 22, 2023, 4:15 p.m.	May 22, 2023, 4:19 p.m.

Size	7.5MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`c8c82a0f0ee038fddb54cbf156f2e300`
SHA256	`399987a10d716912a53e259227fd90bab5e239ac253ff6bd5171a71d9f719746`
CRC32	`A606FF87`
ssdeep	`196608:bFk1xjIShj19s9NtuwuU7wsaK381VGACLbRI:IhIShZ90puU7wsF3GEACn`
Yara	Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer VMProtect_Zero - VMProtect packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
45.81.243.246	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 22, 2023, 4:15 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
__exception__ May 22, 2023, 4:15 p.m.	stacktrace: exception.instruction_r: 90 68 b6 0b b3 bf e8 33 8a 09 00 68 89 56 cf 03 exception.instruction: nop exception.module: Satan_AIO.exe exception.exception_code: 0x80000004 exception.offset: 13433113 exception.address: 0x1406af919 registers.r14: 0 registers.r15: 0 registers.rcx: 3735929054 registers.rsi: 0 registers.r10: 3378150514 registers.rbx: 0 registers.rsp: 1637792 registers.r11: 84 registers.r8: 655420 registers.r9: 43840 registers.rdx: 78 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1284021421 registers.r13: 0	1	0	0

section

{u'size_of_data': u'0x0070fe00', u'virtual_address': u'0x00728000', u'entropy': 7.936334255229558, u'name': u'.vmp1', u'virtual_size': u'0x0070fcd8'}

entropy

7.93633425523

description

A section with a high entropy has been found

entropy

0.947275347131

description

Overall entropy of this PE file is high

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

host

45.81.243.246

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Barys.426295
FireEye	Generic.mg.c8c82a0f0ee038fd
McAfee	Artemis!C8C82A0F0EE0
Sangfor	Trojan.Win32.Agent.A0t7
Alibaba	Packed:Win32/VMProtect.c200503b
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.VMProtect.ACR
APEX	Malicious
Kaspersky	UDS:Trojan.Win32.Agent
BitDefender	Gen:Variant.Barys.426295
Avast	Win64:Evo-gen [Trj]
Emsisoft	Gen:Variant.Barys.426295 (B)
VIPRE	Gen:Variant.Barys.426295
McAfee-GW-Edition	BehavesLike.Win64.Generic.wc
Gridinsoft	Trojan.Heur!.03296023
Arcabit	Trojan.Barys.D68137
ZoneAlarm	UDS:Trojan.Win32.Agent
GData	Gen:Variant.Barys.426295
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.Evo-gen.R510300
Acronis	suspicious
ALYac	Gen:Variant.Barys.426295
MAX	malware (ai score=82)
Cylance	unsafe
Ikarus	Win32.Outbreak
AVG	Win64:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)

Satan_AIO.exe