Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 26, 2023, 5:48 p.m.	May 26, 2023, 5:51 p.m.

Size	281.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`56f7220f0987dc74bc0d5bb27f3df3ca`
SHA256	`fc8a4cf4cdbd2de468b872d65acc55ed3e0664ada77d3d98f105127a780b7584`
CRC32	`EEEB8F57`
ssdeep	`3072:qn3gEjBb7HYEr4YkY57STYRDZkLszNTszFp546apTjOWHd:q3hjpcE0FFODZkLszKO6+T3`
PDB Path	C:\putay\kumatulij\noxuni-poye\moxo28 rucaw\yuz\hesu.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\putay\kumatulij\noxuni-poye\moxo28 rucaw\yuz\hesu.pdb

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 26, 2023, 5:46 p.m.	process_identifier: 1680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 86016 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007bc000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory May 26, 2023, 5:46 p.m.	process_identifier: 1680 region_size: 90112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00027c00', u'virtual_address': u'0x00001000', u'entropy': 7.582607190139154, u'name': u'.text', u'virtual_size': u'0x00027b12'}

entropy

7.58260719014

description

A section with a high entropy has been found

entropy

0.566844919786

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Mikey.147255
ClamAV	Win.Packer.pkr_ce1a-9980177-0
FireEye	Generic.mg.56f7220f0987dc74
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00516fdf1 )
K7GW	Trojan ( 005690671 )
Cybereason	malicious.b606e9
Arcabit	Trojan.Mikey.D23F37
Cyren	W32/Kryptik.JUT.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	VHO:Backdoor.Win32.Convagent.gen
BitDefender	Gen:Variant.Mikey.147255
Avast	DropperX-gen [Drp]
Emsisoft	Gen:Variant.Mikey.147255 (B)
McAfee-GW-Edition	BehavesLike.Win32.Worm.dh
Trapmine	suspicious.low.ml.score
Sophos	Troj/Krypt-VZ
SentinelOne	Static AI - Suspicious PE
MAX	malware (ai score=88)
Gridinsoft	Ransom.Win32.STOP.dg!n
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	VHO:Backdoor.Win32.Convagent.gen
GData	Gen:Variant.Mikey.147255
Google	Detected
Acronis	suspicious
Cylance	unsafe
Rising	Trojan.Generic@AI.100 (RDML:8Pc4K9B7AKpK1TFLlfLXNQ)
Ikarus	Trojan.Win32.Crypt
AVG	DropperX-gen [Drp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

mslink1.exe