Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 23, 2023, 5:13 p.m.	May 23, 2023, 5:22 p.m.

Size	8.8MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`dce55bbdd6eed9c8208b7e2581566ff0`
SHA256	`83f79186ecc1c4c5b6be07d6f6f96670b08f285ee74934802bab8317dc0fc370`
CRC32	`9F644947`
ssdeep	`196608:iI+pewbRUslbsbjadzxIWinWodiWajZKZqNZw1w:oLbbsCxIWyd4jZKZ8`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 23, 2023, 5:13 p.m.		1	1	0

section

_RDATA

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory May 23, 2023, 5:13 p.m.	process_identifier: 1236 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004d00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\libffi-7.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\vcruntime140.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\sqlite3.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\python310.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\pythoncom310.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\Setup.exe
file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\python3.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\pywintypes310.dll

section

{u'size_of_data': u'0x00893600', u'virtual_address': u'0x00041000', u'entropy': 7.992389583629507, u'name': u'.rsrc', u'virtual_size': u'0x008935c8'}

entropy

7.99238958363

description

A section with a high entropy has been found

entropy

0.979476883609

description

Overall entropy of this PE file is high

file	C:\Users\test22\AppData\Local\Temp\onefile_2092_133293152189218750\Setup.exe

Lionic	Trojan.Win32.Stealer.12!c
MicroWorld-eScan	Gen:Variant.Lazy.336868
FireEye	Gen:Variant.Lazy.336868
CAT-QuickHeal	TrojanPWS.Stealer
McAfee	Artemis!DCE55BBDD6EE
Malwarebytes	Spyware.PasswordStealer.Python
K7AntiVirus	Trojan ( 005a4f201 )
Alibaba	TrojanPSW:Win32/FBStealer.803f9997
K7GW	Trojan ( 005a4f201 )
Arcabit	Trojan.Lazy.D523E4
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Python/PSW.Agent_AGen.B
APEX	Malicious
Kaspersky	Trojan-PSW.Win32.FBStealer.ch
BitDefender	Gen:Variant.Lazy.336868
Avast	Win64:Evo-gen [Trj]
Tencent	Win32.Trojan-QQPass.QQRob.Hajl
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Redcap.vddve
VIPRE	Gen:Variant.Lazy.336868
TrendMicro	Trojan.Win64.SMOKELOADER.YXDETZ
McAfee-GW-Edition	BehavesLike.Win64.Dropper.rc
Trapmine	suspicious.low.ml.score
Emsisoft	Gen:Variant.Lazy.336868 (B)
Ikarus	Trojan-Spy.Win32.Cordimik
Avira	TR/Redcap.vddve
MAX	malware (ai score=85)
Antiy-AVL	Trojan[PSW]/Python.Agent
Gridinsoft	Ransom.Win64.Sabsik.sa
Microsoft	Trojan:Script/Phonzy.C!ml
ViRobot	Trojan.Win.Z.Lazy.9181696
ZoneAlarm	Trojan-PSW.Win32.FBStealer.ch
GData	Gen:Variant.Lazy.336868
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C5424649
ALYac	Gen:Variant.Lazy.336868
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win64.SMOKELOADER.YXDETZ
Rising	Stealer.Agent!8.C2 (CLOUD)
Fortinet	W32/Agent_AGen.B!tr.pws
AVG	Win64:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

ChatGPT-4.exe