Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 16, 2023, 11 a.m.	July 16, 2023, 11:04 a.m.

Size	541.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fa0e45413ffcfb619ab488952c7d4cf3`
SHA256	`75fc8932ad40c76d48783b1e9042f19983d72163e82065a04b0298c37962915c`
CRC32	`FBCAF93A`
ssdeep	`12288:+ToPWBv/cpGrU3yDT+tjIKY1YHRfcr0ECTLx0T:+TbBv5rUlIKbXBTLx0T`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

section

.didat

resource name

PNG

section

{u'size_of_data': u'0x0000e200', u'virtual_address': u'0x00064000', u'entropy': 6.802173495258792, u'name': u'.rsrc', u'virtual_size': u'0x0000e050'}

entropy

6.80217349526

description

A section with a high entropy has been found

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Zum.Razy.1
FireEye	Generic.mg.fa0e45413ffcfb61
ALYac	Zum.Razy.1
Malwarebytes	MachineLearning/Anomalous.94%
VIPRE	Zum.Razy.1
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.26925c
Cyren	W32/S-1b09bef6!Eldorado
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Malware.Fugrafa-9938779-0
Kaspersky	VHO:Trojan-Ransom.Win32.Convagent.gen
BitDefender	Zum.Razy.1
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious SFX
MAX	malware (ai score=88)
Gridinsoft	Ransom.Win32.STOP.dg!n
Arcabit	Zum.Razy.1
ZoneAlarm	VHO:Trojan-Ransom.Win32.Convagent.gen
GData	Zum.Razy.1
Google	Detected
Acronis	suspicious
Rising	Trojan.Kryptik!1.B663 (CLASSIC)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.ERHN!tr
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)

95.214.25.232:3004