Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 30, 2023, 5:39 p.m.	June 30, 2023, 5:47 p.m.

Size	6.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`aaead1169523638d40ca4d884e3d787a`
SHA256	`09c92f58d9b11db5d9a7e984cb3270bcc6db79ea153dea86788eccaaa561d50c`
CRC32	`10F2CEDC`
ssdeep	`196608:LZLecymZqT+XX9Atk+7TDhlXRZvYdtEA6OSwK:Nhyzy9AtpRZv2R6Oy`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer

f429fjd4uf84u.exe "C:\Users\test22\AppData\Local\Temp\f429fjd4uf84u.exe"
2072

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

A process attempted to delay the analysis task. (1 event)

description

f429fjd4uf84u.exe tried to sleep 120 seconds, actually delayed analysis time by 0 seconds

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x005ba200', u'virtual_address': u'0x00015000', u'entropy': 7.974996935050252, u'name': u'.rdata', u'virtual_size': u'0x005ba030'}

entropy

7.97499693505

description

A section with a high entropy has been found

entropy

0.93316890763

description

Overall entropy of this PE file is high

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Agent.Y!c
DrWeb	Trojan.Siggen20.21361
MicroWorld-eScan	Gen:Variant.Lazy.260895
ALYac	Gen:Variant.Lazy.260895
Malwarebytes	Malware.AI.4163478603
Sangfor	Trojan.Win32.Lazy.Vz33
K7AntiVirus	Trojan ( 0059c7de1 )
Alibaba	Trojan:Win32/Generic.a5a138bb
K7GW	Trojan ( 0059c7de1 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Lazy.D3FB1F
BitDefenderTheta	Gen:NN.ZexaF.36164.@x0@aSP@gnei
VirIT	Trojan.Win32.Genus.NFN
Cyren	W32/ABRisk.BGYY-3817
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Agent.AEVE
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Agent.xasiui
BitDefender	Gen:Variant.Lazy.260895
NANO-Antivirus	Trojan.Win32.Generic.jtsmkc
Avast	Win32:Evo-gen [Trj]
Tencent	Win32.Trojan.Agent.Tzfl
Emsisoft	Gen:Variant.Lazy.260895 (B)
F-Secure	Heuristic.HEUR/AGEN.1310324
VIPRE	Gen:Variant.Lazy.260895
TrendMicro	TROJ_GEN.R053C0DL722
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
FireEye	Generic.mg.aaead1169523638d
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Agent
Jiangmin	Trojan.Agent.ehzd
Webroot	W32.AGent.Gen
Avira	HEUR/AGEN.1310324
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Sabsik
Gridinsoft	Ransom.Win32.Sabsik.sa
Xcitium	Malware@#2b6dazopn49ai
Microsoft	Trojan:Win32/Lazy!MTB
ZoneAlarm	Trojan.Win32.Agent.xasiui
GData	Gen:Variant.Lazy.260895
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5321973
McAfee	Artemis!AAEAD1169523
Cylance	unsafe
Panda	Trj/RnkBend.A
TrendMicro-HouseCall	TROJ_GEN.R053C0DL722
Rising	Trojan.Generic@AI.100 (RDML:KKOHn6EXsYEAW8csHR1JWw)

f429fjd4uf84u.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All