Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 12, 2023, 7:45 a.m.	July 12, 2023, 7:48 a.m.

Size	2.9MB
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 936, Revision Number: {F83C8B86-38E7-44D5-8B09-92BAFCF829A8}, Number of Words: 2, Subject: DJMZUHDJXKBBRNDOFLOLPYOURGMJUXSEIQUR, Author: DJMZUHDJXKBBRNDOFLOLPYOURGMJUXSEIQUR, Name of Creating Application: Advanced Installer 16.5 build 8df7ad95, Template: ;2052, Comments: DJMZUHDJXKBBRNDOFLOLPYOURGMJUXSEIQUR , Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5	`20bec50362e877fa5935cb1fc67012f9`
SHA256	`dbf87a5fcbfb1c8fd567e3c7a2103e63ad62422a0cc7d1ea64a265364ecfb3ba`
CRC32	`ACEA9245`
ssdeep	`49152:QQvlrXVVdWX59GUrSLzeaVtFU2e2PfqZ2jQbfcOQHe1i+aW3NAWt6x7JjhS4V+s0:BlQFrEZHY7LE+x0VV+s0qMr`
Yara	OS_Processor_Check_Zero - OS Processor Check CAB_file_format - CAB archive file Malicious_Library_Zero - Malicious_Library Antivirus - Contains references to security software Microsoft_Office_File_Zero - Microsoft Office File Generic_Malware_Zero - Generic Malware

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "zQBcaqxBrBs" C:\Users\test22\AppData\Local\Temp\setup.jpg
2632

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

ClamAV	Win.Trojan.Bulz-9863763-0
ALYac	Generic.Exploit.VBScript.A.BF3AA4DD
Zillya	Trojan.VMProtect.Win32.48329
Sangfor	Suspicious.Win32.Save.a
Cyren	W32/Trojan.IHU.gen!Eldorado
Symantec	Trojan Horse
ESET-NOD32	multiple detections
Avast	Win32:Trojan-gen
Kaspersky	UDS:Rootkit.Win64.PurpleFox.ffr
BitDefender	Gen:Variant.Doina.21448
Rising	Trojan.PurpleFox/MSI!1.D10D (CLASSIC)
Emsisoft	Gen:Variant.Doina.21448 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.Packed2.43111
VIPRE	Gen:Variant.Doina.21448
TrendMicro	Trojan.VBS.FUPORFLEX.SMYEBDR
McAfee-GW-Edition	GenericRXOX-RA!982364763429
FireEye	Gen:Variant.Doina.21448
Sophos	Mal/VMProtBad-A
Ikarus	Trojan.Win32.VMProtect
Antiy-AVL	Trojan[Packed]/Win32.VMProtect
Microsoft	Trojan:Script/Phonzy.A!ml
Arcabit	Trojan.Doina.D53C8 [many]
ZoneAlarm	HEUR:Trojan.Script.Generic
GData	Generic.Exploit.VBScript.A.D68697A5
Google	Detected
McAfee	GenericRXOX-RA!982364763429
MAX	malware (ai score=89)
VBA32	BScope.Trojan.Agentb
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/VMProtect.ABO!tr
BitDefenderTheta	Gen:NN.ZedlaF.36302.@J7@auIQWXd
AVG	Win32:Trojan-gen

setup.jpg