Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 14, 2023, 7:28 a.m.	July 14, 2023, 7:30 a.m.

Size	29.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`751dd472c61b174351d8f98ce5619a7d`
SHA256	`3a62f4c67368f13afd64615e5832085514eb3cb82554b4860399d3c0638c92e4`
CRC32	`A2682560`
ssdeep	`768:DZtWVWcTpwQC9OYYr+8PQsWnIaEr927h1:DZtVQ/Fr+aoz511`
Yara	win_smokeloader_auto - Detects win.smokeloader. PE_Header_Zero - PE File Signature IsPE32 - (no description)

APSLoader.exe "C:\Users\test22\AppData\Local\Temp\APSLoader.exe"
800

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00007200', u'virtual_address': u'0x00001000', u'entropy': 7.81736438062833, u'name': u'.text', u'virtual_size': u'0x00007122'}

entropy

7.81736438063

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

Detects Avast Antivirus through the presence of a library (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle July 14, 2023, 7:28 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle July 14, 2023, 7:28 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Gen:Variant.Ser.Razy.7042
FireEye	Generic.mg.751dd472c61b1743
ALYac	Gen:Variant.Ser.Razy.7042
Malwarebytes	Malware.Heuristic.1004
VIPRE	Gen:Variant.Ser.Razy.7042
Cynet	Malicious (score: 100)
K7AntiVirus	Trojan ( 00536d121 )
Alibaba	Trojan:Win32/Smokeloader.4af7fa2f
K7GW	Trojan ( 00536d121 )
Cybereason	malicious.2c61b1
Arcabit	Trojan.Ser.Razy.D1B82
BitDefenderTheta	AI:Packer.344484C51E
Cyren	W32/SmokeLoader.A.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Smokeloader.J
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ser.Razy.7042
ViRobot	Trojan.Win.Z.Smokeloader.29696.L
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Generic.Ngil
Emsisoft	Gen:Variant.Ser.Razy.7042 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.Siggen18.65326
Zillya	Trojan.Smokeloader.Win32.2536
TrendMicro	TROJ_GEN.R002C0RGD23
McAfee-GW-Edition	BehavesLike.Win32.Bobax.mc
Trapmine	malicious.high.ml.score
Sophos	Mal/Behav-204
Webroot	W32.Trojan.TR.Crypt.XPACK
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win32.SmokeLoader
Microsoft	TrojanDownloader:MSIL/Formbook.RDK!MTB
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Ser.Razy.7042
Google	Detected
AhnLab-V3	Trojan/Win.Smokeldr.R450595
Acronis	suspicious
McAfee	Artemis!751DD472C61B
VBA32	BScope.TrojanPSW.Spy
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0RGD23
Rising	Trojan.Generic@AI.100 (RDML:Y+VkjAadVf5kPTLEhCLaUg)
Ikarus	Trojan.Win32.SmokeLoader
MaxSecure	Trojan.Malware.300983.susgen

APSLoader.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All