Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 24, 2023, 4:54 p.m.	July 24, 2023, 5:02 p.m.

Size	7.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d301e057a599f796b6d1335a30efd1e7`
SHA256	`59595ebfcadd54198faf0ad6a2c2418a262cb3900392eacb285f2e32b631bf6c`
CRC32	`3FA59982`
ssdeep	`196608:04Qcq8KK8Ioew+kpFmLQFgYK6nHPTZar7crAHjDtqi/RzmTMNq/fw:EcqcRoe5kFmGbbSsADcMRCTJw`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

112.exe "C:\Users\test22\AppData\Local\Temp\112.exe"
2548
- G7H8j.exe "C:\Users\test22\AppData\Local\Temp\RarSFX0\G7H8j.exe"
  2660
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW July 24, 2023, 4:54 p.m.	computer_name: TEST22-PC	1	1	0

pdb_path

D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb

section

.didat

resource name

PNG

Time & API	Arguments	Status	Return	Repeated
__exception__ July 24, 2023, 4:54 p.m.	stacktrace: 0x1e6604 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1e6604 registers.r14: 0 registers.r15: 0 registers.rcx: 48 registers.rsi: 49144 registers.r10: 0 registers.rbx: 8791664295936 registers.rsp: 4258424 registers.r11: 4256232 registers.r8: 1994794048 registers.r9: 5378617344 registers.rdx: 8796092887632 registers.r12: 0 registers.rbp: 4258544 registers.rdi: 1735309660 registers.rax: 1992192 registers.r13: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 24, 2023, 4:54 p.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d62000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory July 24, 2023, 4:55 p.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004730000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\G7H8j.exe

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\G7H8j.exe

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\G7H8j.exe

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Miner.4!c
FireEye	Generic.mg.d301e057a599f796
Zillya	Trojan.Generic.Win32.1726339
Sangfor	Trojan.Win32.Save.a
Alibaba	Packed:Win64/VMProtect_AGen.a6192379
Cybereason	malicious.618b6f
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Packed.VMProtect_AGen.J suspicious
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Dropper.njRAT-9986242-0
Kaspersky	Trojan.Win32.Miner.bcoln
Avast	Win64:TrojanX-gen [Trj]
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1324403
TrendMicro	Trojan.Win32.SMOKELOADER.YXDGWZ
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.wc
Ikarus	Trojan.Win64.Krypt
Avira	HEUR/AGEN.1324403
Gridinsoft	Ransom.Win32.Wacatac.cl
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	Trojan.Win32.Miner.bcoln
GData	Win32.Application.Coinminer.9IJ0BU
Google	Detected
McAfee	Artemis!D301E057A599
VBA32	TrojanSpy.Cordimik
Rising	Trojan.Miner!8.EA1 (CLOUD)
Fortinet	W32/Malicious_Behavior.SBX
AVG	Win64:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

112.exe