Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 21, 2023, 3:50 p.m.	June 21, 2023, 3:52 p.m.

Size	299.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dabf4bf05dadea76f0a7b346eee48844`
SHA256	`4fce1d0099d746c09f6e7a8ae41882cbb95070ab24843b1516b8a74ce65d3701`
CRC32	`5215BA01`
ssdeep	`3072:12zYpE8kiiX63a0mkBxKvQ5RN3vKdjSj0mRLRLh7EkHot:cMO8kWK0mkTKo5RpvUcp9Ew`
PDB Path	C:\batuhisajece\ruw ninuyi.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\batuhisajece\ruw ninuyi.pdb

Time & API	Arguments	Status
NtAllocateVirtualMemory June 21, 2023, 3:50 p.m.	process_identifier: 1156 region_size: 86016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 21, 2023, 3:50 p.m.	process_identifier: 1156 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 86016 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 21, 2023, 3:50 p.m.	process_identifier: 1156 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

section

{u'size_of_data': u'0x00021c00', u'virtual_address': u'0x00001000', u'entropy': 7.641362868435145, u'name': u'.text', u'virtual_size': u'0x00021b56'}

entropy

7.64136286844

description

A section with a high entropy has been found

entropy

0.453020134228

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Trojan.GenericKD.67645333
Malwarebytes	Trojan.MalPack.GS
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D4082F95
Cyren	W32/Kryptik.KAO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HTWC
APEX	Malicious
ClamAV	Win.Packer.pkr_ce1a-9980177-0
Kaspersky	HEUR:Trojan.Win32.Chapak.gen
BitDefender	Trojan.GenericKD.67645333
Avast	Win32:DropperX-gen [Drp]
Emsisoft	Trojan.GenericKD.67645333 (B)
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.dh
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.dabf4bf05dadea76
Sophos	Troj/Krypt-VZ
SentinelOne	Static AI - Suspicious PE
Antiy-AVL	Trojan/Win32.Wacatac
Gridinsoft	Ransom.Win32.STOP.dg!n
Microsoft	Trojan:Win32/Amadey.GGO!MTB
ZoneAlarm	HEUR:Trojan.Win32.Chapak.gen
GData	Win32.Trojan.Agent.RLX5NG
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C5397385
Acronis	suspicious
McAfee	Artemis!DABF4BF05DAD
MAX	malware (ai score=84)
VBA32	Trojan.Buzus
Cylance	unsafe
Panda	Trj/Chgt.AD
Rising	Trojan.Generic@AI.100 (RDML:ffovSeA1AWfWeO4EZCxXrg)
Ikarus	Trojan-Banker.UrSnif
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.ERHN!tr
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS

DaHost.exe