Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 1, 2023, 7:27 p.m.	June 1, 2023, 7:30 p.m.

Size	552.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a27b6bfb8e6aef454395cbab2bdf7cd1`
SHA256	`8022060ef633e157518037122a6003813cc0a3066d456a1164275a211efc8f5c`
CRC32	`49E4AE17`
ssdeep	`12288:F8ENlAKnykvnA6NkSo3wtfVx9Edm3pd4bOjxeEUYQc5aYWyQ0h75:SENlF4rRqfVxQGp7jN5aBWV5`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

resource name

None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 1, 2023, 7:27 p.m.	process_identifier: 660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 421888 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007dc000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory June 1, 2023, 7:27 p.m.	process_identifier: 660 region_size: 987136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00067c00', u'virtual_address': u'0x00018000', u'entropy': 7.988194406871897, u'name': u'.data', u'virtual_size': u'0x002e7388'}

entropy

7.98819440687

description

A section with a high entropy has been found

entropy

0.752493200363

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Agent.Y!c
FireEye	Generic.mg.a27b6bfb8e6aef45
CAT-QuickHeal	Ransom.Stop.P5
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.f0964f
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenKryptik.GKHY
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	Win32:Evo-gen [Trj]
Rising	Trojan.Generic@AI.100 (RDML:9hqx3aGDRs8G/4TKSSYM8w)
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
Trapmine	malicious.high.ml.score
Sophos	Troj/Krypt-XU
SentinelOne	Static AI - Malicious PE
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Gridinsoft	Ransom.Win32.STOP.dg!n
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Google	Detected
McAfee	Artemis!A27B6BFB8E6A
VBA32	BScope.Backdoor.Tofsee
Cylance	unsafe
Ikarus	Trojan.Agent
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

tinytask.exe