Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 28, 2023, 9:42 a.m.	Aug. 28, 2023, 9:44 a.m.

Size	2.5MB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`2d4fd05bdccee76bac5231cfa4da5130`
SHA256	`7083e4774a68e23dd2f9239e5108f6615ff945a0673e7e975ab2ca2d4cb297d3`
CRC32	`417209D0`
ssdeep	`24576:f9pwADGez1Y0ve8Q7SlDhJD2/m/2Kq+nirnycpw0SrkrO:1p80v/XDhJD2/m/2Kq+ijyccrkr`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

oebd595d1a23f36763e746f48750d171a.exe "C:\Users\test22\AppData\Local\Temp\oebd595d1a23f36763e746f48750d171a.exe"
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 28, 2023, 9:42 a.m.			0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 28, 2023, 9:42 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00001600', u'virtual_address': u'0x00289000', u'entropy': 7.28664512212282, u'name': u'.rsrc', u'virtual_size': u'0x00001538'}

entropy

7.28664512212

description

A section with a high entropy has been found

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealerc.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Sangfor	Trojan.Win32.Kryptik.V6ie
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanPSW:Win32/Stealerc.dd39b737
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.GNFL
APEX	Malicious
Kaspersky	HEUR:Trojan-PSW.Win32.Stealerc.gen
Avast	FileRepMalware [Misc]
Tencent	Win32.Trojan.FalseSign.Iqil
F-Secure	Trojan.TR/Kryptik.jjfaw
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.2d4fd05bdccee76b
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Krypt
Webroot	W32.Malware.Gen
Avira	TR/Kryptik.jjfaw
Xcitium	Malware@#364bt5hcpxiq6
ZoneAlarm	HEUR:Trojan-PSW.Win32.Stealerc.gen
Microsoft	Trojan:Win32/Leonem
McAfee	Artemis!2D4FD05BDCCE
Cylance	unsafe
Rising	Stealer.Stealerc!8.17BE0 (CLOUD)
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/GenKryptik.GNFL!tr
BitDefenderTheta	Gen:NN.ZexaF.36350.HMY@ay9Zn4ni
AVG	FileRepMalware [Misc]
Cybereason	malicious.8fcdf3
DeepInstinct	MALICIOUS

oebd595d1a23f36763e746f48750d171a.exe