Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 28, 2023, 1:43 p.m.	May 28, 2023, 2:41 p.m.

Size	1.2MB
Type	MS-DOS executable, MZ for MS-DOS
MD5	`edfad6bc3bc4d075a440b49baf575f56`
SHA256	`db9091ba1e3f755972a5ca4bc0b3e76b77c3fd79a398313d5511b1bedffd46f6`
CRC32	`5075B628`
ssdeep	`24576:aNPqVZyrXMgZ+W7k/MP5u1QX8y8sJWlLIo0yyj01YA/L:p8XMhMk/MP5JX8ZYG3fa01YG`
Yara	MPRESS_Zero - MPRESS packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)

Rebcoana.exe "C:\Users\test22\AppData\Local\Temp\Rebcoana.exe"
1460

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW May 28, 2023, 1:43 p.m.	computer_name: TEST22-PC	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.MPRESS1
section	.MPRESS2

A process attempted to delay the analysis task. (1 event)

description

Rebcoana.exe tried to sleep 210 seconds, actually delayed analysis time by 0 seconds

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00110400', u'virtual_address': u'0x00001000', u'entropy': 7.999832158284618, u'name': u'.MPRESS1', u'virtual_size': u'0x001e2000'}

entropy

7.99983215828

description

A section with a high entropy has been found

entropy

0.883211678832

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW May 28, 2023, 1:43 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Expresses interest in specific running processes (1 event)

process: potential process injection target

winlogon.exe

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Swisyn.mki7
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Babar.145243
FireEye	Generic.mg.edfad6bc3bc4d075
ALYac	Gen:Variant.Babar.145243
Malwarebytes	Malware.AI.4230366076
Zillya	Trojan.AutoIT.Win32.154890
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0058dfcd1 )
Alibaba	Trojan:Script/Diztakun.332c226f
K7GW	Trojan ( 0058dfcd1 )
Cybereason	malicious.a85498
Arcabit	Trojan.Babar.D2375B
Cyren	W32/ABRisk.OHBY-1543
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	Win32/Autoit.OLQ
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	UDS:Trojan-Dropper.Win32.Daws
BitDefender	Gen:Variant.Babar.145243
Avast	Win32:Evo-gen [Trj]
Rising	Dropper.Daws!8.3FB (CLOUD)
Emsisoft	Gen:Variant.Babar.145243 (B)
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.Disabler.122
VIPRE	Gen:Variant.Babar.145243
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.tc
Trapmine	malicious.high.ml.score
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan.Dropper
Jiangmin	Trojan.Script.auhw
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Win32.Autoit
Xcitium	Malware@#3tre4ecal1wp8
Microsoft	Trojan:Win32/Sabsik.FL.B!rfn
ZoneAlarm	HEUR:Trojan.Script.Diztakun.gen
GData	Gen:Variant.Babar.145243
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C4923063
McAfee	Artemis!EDFAD6BC3BC4
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Script
Cylance	unsafe
Panda	Trj/CI.A
Tencent	Win32.Trojan.Dropper.Gmnw
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat

Rebcoana.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All