Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 28, 2023, 1:42 p.m.	May 28, 2023, 2:19 p.m.

Size	674.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`72fa10bd951a660d3b64696d0ce2398a`
SHA256	`340a91310668a5a9ee94404f9bec196f180c6ea1c3a47124614918e02c480d40`
CRC32	`C5D7D069`
ssdeep	`6144:KvY7uKa7GjX7jpbERxpp521t+6mslnCUGwfxIRLtxIRLuovZ3H3AdKy9HGeofJgG:3/04rlwppx6mDaooojmN`
PDB Path	osk.pdb
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
79.137.202.29	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

osk.pdb

host

79.137.202.29

MicroWorld-eScan	Trojan.GenericKD.67246050
FireEye	Trojan.GenericKD.67246050
Cylance	unsafe
Arcabit	Trojan.Generic.D40217E2
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win64/TrojanDownloader.Agent.ACM
APEX	Malicious
Kaspersky	UDS:Trojan.Win32.Badur
BitDefender	Trojan.GenericKD.67246050
Avast	Win64:Trojan-gen
Tencent	Win64.Trojan-Downloader.Oader.Cdhl
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Dldr.Agent.dqohm
VIPRE	Trojan.GenericKD.67246050
McAfee-GW-Edition	RDN/Generic Downloader.x
Emsisoft	Trojan.GenericKD.67246050 (B)
Avira	TR/Dldr.Agent.dqohm
MAX	malware (ai score=84)
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	UDS:Trojan.Win32.Badur
GData	Win64.Trojan.Agent.QMB8W2
Google	Detected
McAfee	RDN/Generic Downloader.x
Malwarebytes	Generic.Malware/Suspicious
Rising	Downloader.Agent!8.B23 (TFE:5:y9pCLMsyKnL)
Ikarus	Trojan-Downloader.Win64.Agent
Fortinet	W64/Agent.ZX!tr
AVG	Win64:Trojan-gen
DeepInstinct	MALICIOUS

p0aw25.exe