Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 17, 2023, 6:16 p.m.	Aug. 17, 2023, 6:22 p.m.

Size	5.5MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`392495c31f590a0a04b0c0f1cb0e06a9`
SHA256	`98a675d90eba03e1ebe08348e4e305cc72b5797f42ef28718078b9dbca9d3c88`
CRC32	`28723D92`
ssdeep	`49152:so/Qw6Xe8Jrb/TuvO90dL3BmAFd4A64nsfJyIIGJARjieXB9xEolpZj3HExygIS0:PBG0xf46EBzdBqK`
Yara	Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
39.98.177.61	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.symtab

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Aug. 17, 2023, 6:16 p.m.	flags: 16 family: 0	1	0	0

host

39.98.177.61

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Aug. 17, 2023, 6:16 p.m.	ordinal: 0 function_address: 0x000007fefd6b7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000076d30000		-1073741511	0

Cynet	Malicious (score: 100)
Malwarebytes	Malware.AI.1218703491
VIPRE	Gen:Variant.Kryptik.211
Sangfor	Trojan.Win32.Save.a
BitDefender	Gen:Variant.Kryptik.211
Cybereason	malicious.1eeefa
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of WinGo/Packed.Obfuscated.B suspicious
APEX	Malicious
MicroWorld-eScan	Gen:Variant.Kryptik.211
Emsisoft	Gen:Variant.Kryptik.211 (B)
F-Secure	Heuristic.HEUR/AGEN.1318174
McAfee-GW-Edition	BehavesLike.Win64.Trojan.th
FireEye	Gen:Variant.Kryptik.211
Sophos	CXrep/MalGo-A
SentinelOne	Static AI - Suspicious PE
Avira	HEUR/AGEN.1318174
MAX	malware (ai score=88)
Arcabit	Trojan.Kryptik.211
GData	Gen:Variant.Kryptik.211
ALYac	Gen:Variant.Kryptik.211
MaxSecure	Trojan.Malware.300983.susgen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)

update.exe