Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 10, 2023, 9:15 a.m.	Sept. 10, 2023, 9:25 a.m.

Size	9.8MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`fe5be27304af34b481120a35486df496`
SHA256	`2d972eea915c809d3c76c56a960c82a58881c9c98db4c8e53d894227f958a4c9`
CRC32	`7FE58424`
ssdeep	`196608:aRCetsJ8WuTEElonblp0VPt/Vg3NNJ94yD5ne:aRnCOTEEGnblp07dg3j`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

{u'size_of_data': u'0x00977400', u'virtual_address': u'0x00009000', u'entropy': 7.695526426978692, u'name': u'.data', u'virtual_size': u'0x00977360'}

entropy

7.69552642698

description

A section with a high entropy has been found

entropy

0.964957690393

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware.64
McAfee	Artemis!FE5BE27304AF
Malwarebytes	Generic.Malware/Suspicious
Cyren	W64/Rozena.HA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/ShellcodeRunner_AGen.AH
Kaspersky	Trojan.Win32.Agent.xbdvcj
Avast	FileRepMalware [Misc]
DrWeb	Trojan.MulDrop23.42795
McAfee-GW-Edition	BehavesLike.Win64.Generic.tc
Sophos	Generic Reputation PUA (PUA)
Gridinsoft	Trojan.Win64.Gen.bot
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	Trojan.Win32.Agent.xbdvcj
Google	Detected
Acronis	suspicious
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002H0DI923
Rising	Trojan.Rozena!8.6D (TFE:5:kC3zMNTE3QN)
Ikarus	Win32.Outbreak
Fortinet	W64/Rozena.AN!tr
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

iexpress.exe