Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 7, 2023, 6:32 p.m.	Aug. 7, 2023, 6:34 p.m.

Size	459.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b6e604a44fada526ffdff314ba34953d`
SHA256	`b9fe51977ac529e23d9f9dafae8a50429af6c4b847c4002c9300c7d47631bf97`
CRC32	`24FDB1D9`
ssdeep	`6144:F2OyTwdoALugAuMTuHg9CKwrQMAjV8YJdGXu029dSz8q0cZZMzhoe:FbyTw8gyuH+CFUMAjaYJdCFIIsh`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

AmpulesUnweened.exe "C:\Users\test22\AppData\Local\Temp\AmpulesUnweened.exe"
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

resource name

None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 7, 2023, 6:32 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 212992 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024bc000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 7, 2023, 6:32 p.m.	process_identifier: 2564 region_size: 401408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02320000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00034a00', u'virtual_address': u'0x00023000', u'entropy': 7.98106113691277, u'name': u'.data', u'virtual_size': u'0x01ed8f80'}

entropy

7.98106113691

description

A section with a high entropy has been found

entropy

0.459105779716

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKDZ.102311
FireEye	Generic.mg.b6e604a44fada526
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/Kryptik.KHD.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HUGZ
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.Win32.Windigo.gen
BitDefender	Trojan.GenericKDZ.102311
Avast	Win32:BotX-gen [Trj]
Tencent	Trojan.Win32.Obfuscated.gen
Emsisoft	Trojan.GenericKDZ.102311 (B)
DrWeb	Trojan.DownLoader45.64338
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.gh
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A
SentinelOne	Static AI - Malicious PE
Jiangmin	TrojanSpy.Windigo.afh
Webroot	W32.Trojan.Gen
Antiy-AVL	Trojan[Spy]/Win32.Windigo
Gridinsoft	Ransom.Win32.STOP.dd!n
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan-Spy.Win32.Windigo.gen
GData	Trojan.GenericKDZ.102311
Google	Detected
AhnLab-V3	Malware/Win.Generic.C5467577
McAfee	Artemis!B6E604A44FAD
MAX	malware (ai score=89)
VBA32	BScope.Trojan.AET.281105
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/Genetic.gen
Rising	Trojan.Kryptik!1.E962 (CLASSIC)
Ikarus	Trojan-Ransom.StopCrypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HACT!tr
AVG	Win32:BotX-gen [Trj]
DeepInstinct	MALICIOUS

AmpulesUnweened.exe