Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 1, 2023, 9:05 a.m.	Sept. 1, 2023, 9:07 a.m.

Size	279.5KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`aa1188eb63e988676a78adf858d8a887`
SHA256	`361fb5ed35b901790a30f51bc7d1898069c2acd2f374be0d151ba61d9f50967e`
CRC32	`93CE1A2A`
ssdeep	`3072:TpH5xq5twOiQI9g++sleBLfG/Y+FI4LS4MGhp:TpZGjiDq4LSXGhp`
PDB Path	D:\work\Ant_ts\wwlib\wwlib_æ³¢å¦¹\Release\wwlib.pdb
Yara	Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\work\Ant_ts\wwlib\wwlib_æ³¢å¦¹\Release\wwlib.pdb

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	AFX_DIALOG_LAYOUT
resource name	None

Foreign language identified in PE resource (14 events)

name

AFX_DIALOG_LAYOUT

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00016750

size

0x00000002

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000476c8

size

0x00000468

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000163a0

size

0x000002c8

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00047b30

size

0x00000092

name

None

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00016668

size

0x000000e1

File has been identified by 17 AntiVirus engines on VirusTotal as malicious (17 events)

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Trojan.GenericKD.69038329
FireEye	Trojan.GenericKD.69038329
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
BitDefender	Trojan.GenericKD.69038329
TrendMicro	TROJ_FRS.VSNTHV23
McAfee-GW-Edition	Artemis
Sophos	Mal/Generic-S
Microsoft	Trojan:Win32/Malgent!MSR
Google	Detected
McAfee	Artemis!AA1188EB63E9
MAX	malware (ai score=85)
TrendMicro-HouseCall	TROJ_FRS.VSNTHV23
Rising	Trojan.Generic@AI.86 (RDML:RS1qAjKSsBMqIKRa8mOJcQ)
BitDefenderTheta	Gen:NN.ZedlaF.36662.ru4@aO1tPddj
DeepInstinct	MALICIOUS

wwlib

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All