Summary | ZeroBOX

ChatGPT-4.exe

Gen1 Generic Malware UPX ASPack Malicious Library Malicious Packer Anti_VM PE64 PE File OS Processor Check DLL
Category Machine Started Completed
FILE s1_win7_x6403_us May 23, 2023, 5:13 p.m. May 23, 2023, 5:22 p.m.
Size 8.8MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 dce55bbdd6eed9c8208b7e2581566ff0
SHA256 83f79186ecc1c4c5b6be07d6f6f96670b08f285ee74934802bab8317dc0fc370
CRC32 9F644947
ssdeep 196608:iI+pewbRUslbsbjadzxIWinWodiWajZKZqNZw1w:oLbbsCxIWyd4jZKZ8
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
section _RDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 1236
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004d00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\vcruntime140.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\python310.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\pythoncom310.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\Setup.exe
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\python3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\pywintypes310.dll
section {u'size_of_data': u'0x00893600', u'virtual_address': u'0x00041000', u'entropy': 7.992389583629507, u'name': u'.rsrc', u'virtual_size': u'0x008935c8'} entropy 7.99238958363 description A section with a high entropy has been found
entropy 0.979476883609 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\Setup.exe
Lionic Trojan.Win32.Stealer.12!c
MicroWorld-eScan Gen:Variant.Lazy.336868
FireEye Gen:Variant.Lazy.336868
CAT-QuickHeal TrojanPWS.Stealer
McAfee Artemis!DCE55BBDD6EE
Malwarebytes Spyware.PasswordStealer.Python
K7AntiVirus Trojan ( 005a4f201 )
Alibaba TrojanPSW:Win32/FBStealer.803f9997
K7GW Trojan ( 005a4f201 )
Arcabit Trojan.Lazy.D523E4
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Python/PSW.Agent_AGen.B
APEX Malicious
Kaspersky Trojan-PSW.Win32.FBStealer.ch
BitDefender Gen:Variant.Lazy.336868
Avast Win64:Evo-gen [Trj]
Tencent Win32.Trojan-QQPass.QQRob.Hajl
Sophos Mal/Generic-S
F-Secure Trojan.TR/Redcap.vddve
VIPRE Gen:Variant.Lazy.336868
TrendMicro Trojan.Win64.SMOKELOADER.YXDETZ
McAfee-GW-Edition BehavesLike.Win64.Dropper.rc
Trapmine suspicious.low.ml.score
Emsisoft Gen:Variant.Lazy.336868 (B)
Ikarus Trojan-Spy.Win32.Cordimik
Avira TR/Redcap.vddve
MAX malware (ai score=85)
Antiy-AVL Trojan[PSW]/Python.Agent
Gridinsoft Ransom.Win64.Sabsik.sa
Microsoft Trojan:Script/Phonzy.C!ml
ViRobot Trojan.Win.Z.Lazy.9181696
ZoneAlarm Trojan-PSW.Win32.FBStealer.ch
GData Gen:Variant.Lazy.336868
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C5424649
ALYac Gen:Variant.Lazy.336868
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win64.SMOKELOADER.YXDETZ
Rising Stealer.Agent!8.C2 (CLOUD)
Fortinet W32/Agent_AGen.B!tr.pws
AVG Win64:Evo-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)