Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 26, 2023, 9:38 a.m.	July 26, 2023, 9:41 a.m.

Size	4.9MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`c7feee4698e4d22fead87c243d9cb8ad`
SHA256	`caa7643ffed1f6042896a2df3c799613bd323193fdfb8da5683832e369494da7`
CRC32	`650F7676`
ssdeep	`49152:3X7rf/f93D7jDwRpQF5AbLB/1eY+1K1BKbkKjWd2rMei6B:n7bVLD8pm5A3PeY+4sbkzdQPB`
Yara	UPX_Zero - UPX packed file IsPE64 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 26, 2023, 9:31 a.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 26, 2023, 9:31 a.m.		1	1	0

Time & API	Arguments	Status	Return	Repeated
__exception__ July 26, 2023, 9:31 a.m.	stacktrace: 0x1bd2f04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 c1 76 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1bd2f04 registers.r14: 4678850 registers.r15: 4683152 registers.rcx: 284 registers.rsi: 3743072 registers.r10: 0 registers.rbx: 0 registers.rsp: 1243304 registers.r11: 1245072 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 300 registers.r12: 4679824 registers.rbp: 1243440 registers.rdi: 284 registers.rax: 29175552 registers.r13: 1	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 26, 2023, 9:31 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\aam1tmp.exe

section

{u'size_of_data': u'0x0000f200', u'virtual_address': u'0x00031000', u'entropy': 7.989038354072426, u'name': u'UPX1', u'virtual_size': u'0x00010000'}

entropy

7.98903835407

description

A section with a high entropy has been found

entropy

0.414383561644

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.Common.88AD13DC
MicroWorld-eScan	Trojan.GenericKD.68329144
McAfee	Artemis!C7FEEE4698E4
Cylance	unsafe
Sangfor	Trojan.Win32.Agent.Vyrd
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/grayware_confidence_70% (D)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win64.Donut.vwf
BitDefender	Trojan.GenericKD.68329144
NANO-Antivirus	Virus.Win64.Virut-Gen.bwpxnc
Avast	Win64:TrojanX-gen [Trj]
Rising	Trojan.Donut!8.11D07 (CLOUD)
Sophos	Mal/Generic-S
DrWeb	Program.Unwanted.5412
McAfee-GW-Edition	Artemis!Trojan
FireEye	Trojan.GenericKD.68329144
Emsisoft	Trojan.GenericKD.68329144 (B)
Ikarus	Trojan.Win64.Shellcoderunner
GData	Trojan.GenericKD.68329144
Webroot	W32.Trojan.Gen
Gridinsoft	Ransom.Win64.Wacatac.cl
Arcabit	PUP.Riskware.Systweak
ZoneAlarm	Trojan.Win64.Donut.vwf
Microsoft	Trojan:Win64/Donut.psyA!MTB
Google	Detected
MAX	malware (ai score=87)
Malwarebytes	PUP.Optional.SysTweak
Tencent	Malware.Win32.Gencirc.10bef847
Fortinet	Malicious_Behavior.SB
AVG	Win64:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS

setup-rc18.exe