Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 10, 2023, 5:03 p.m.	Sept. 10, 2023, 5:07 p.m.

Size	5.1MB
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`97325593f51f6ac58bfd2983c98da85e`
SHA256	`bdd9226e47b60c21d1bdfc794e223d1f52b9f67441e5d021fc5f9f463fb4125e`
CRC32	`D43D228B`
ssdeep	`98304:VXI+UKBIPs2VEJ1ki3smtma78CSj40CI4kIXLG3M/myLow8AS:eKBIkZJ1k6URVI0mdLXF`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

clp8.exe "C:\Users\test22\AppData\Local\Temp\clp8.exe"
184

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 10, 2023, 5:03 p.m.			0	0

The executable uses a known packer (1 event)

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0050ce00', u'virtual_address': u'0x006fb000', u'entropy': 7.878083865176332, u'name': u'UPX1', u'virtual_size': u'0x0050d000'}

entropy

7.87808386518

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00001a00', u'virtual_address': u'0x00c08000', u'entropy': 6.9173553966761485, u'name': u'.rsrc', u'virtual_size': u'0x00002000'}

entropy

6.91735539668

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

The executable is compressed using UPX (2 events)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 events)

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Variant.Babar.266937
FireEye	Generic.mg.97325593f51f6ac5
ALYac	Gen:Variant.Babar.266937
Malwarebytes	Trojan.MalPack
VIPRE	Gen:Variant.Babar.266937
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (W)
Arcabit	Trojan.Babar.D412B9
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/GenKryptik.GNOV
Cynet	Malicious (score: 99)
APEX	Malicious
Kaspersky	Trojan.Win32.Tasker.azrd
BitDefender	Gen:Variant.Babar.266937
Avast	Win32:CrypterX-gen [Trj]
F-Secure	Trojan.TR/Kryptik.cbgfl
TrendMicro	TROJ_GEN.R03BC0XI923
McAfee-GW-Edition	BehavesLike.Win32.Trojan.tc
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Babar.266937 (B)
Avira	TR/Kryptik.cbgfl
Microsoft	Trojan:Win32/Sabsik.TE.A!ml
ZoneAlarm	Trojan.Win32.Tasker.azrd
GData	Gen:Variant.Babar.266937
AhnLab-V3	Malware/Win.Generic.C5483085
McAfee	Artemis!97325593F51F
MAX	malware (ai score=85)
TrendMicro-HouseCall	TROJ_GEN.R03BC0XI923
Rising	Trojan.Tasker!8.CA15 (CLOUD)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
BitDefenderTheta	Gen:NN.ZexaF.36662.@pMfa8vjDnni
AVG	Win32:CrypterX-gen [Trj]
DeepInstinct	MALICIOUS

clp8.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All