Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 19, 2023, 6:30 p.m.	Sept. 19, 2023, 6:32 p.m.

Size	229.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1fcab65c8ca14af17470d1435b74d107`
SHA256	`9c1cb827a9c3195a22dec07c71e32b110509d20c1014ad7609be651ce2e2dfde`
CRC32	`A9C825F2`
ssdeep	`3072:ADXg2NbW5ulGBIcDPT+EuxLbQB7PQzlsc8HfzWfLeQvRZ70rVwNurKPLXT78Bx4h:WgUbW5uMB9bTMQxes//z0S+NlTQ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

explorer.exe C:\Windows\Explorer.EXE
1236
control.exe "C:\Windows\SysWOW64\control.exe"
2768
- firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
  964

No Suricata Alerts

No Suricata TLS

request	POST http://www.lphone-xl.com/bxgk/
request	GET http://www.lphone-xl.com/bxgk/?xxN=ikWHN4MijQY5AyJKGBKmp9RfDy9IY0OsXenjOEW69DvhU9R0B37fDkF3Su7Bxfr5RqIxN6lkpQFNqNDBJbqyXHPoN3ksIA9BqLmVomk=&cXM=MHHcxFFn5MCj
request	GET http://www.sqlite.org/2016/sqlite-dll-win32-x86-3100000.zip
request	GET http://www.sqlite.org/2016/sqlite-dll-win32-x86-3110000.zip
request	GET http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
request	GET http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
request	POST http://www.3lock.fund/bxgk/
request	GET http://www.3lock.fund/bxgk/?xxN=Wu6jB5Q+lKuCukxPzm2WMbWjX+SIDKgUB3U7Kk8DOKw/GtTKhEmwqSjmItXDS9i2eb8Fhjph3IwM4PmyWCSQw+mgytZrpQ9sx2eLMjw=&cXM=MHHcxFFn5MCj

request	POST http://www.lphone-xl.com/bxgk/
request	POST http://www.3lock.fund/bxgk/

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Sept. 19, 2023, 6:31 p.m.	process_identifier: 2768 region_size: 3158016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\

file	C:\Users\test22\AppData\Local\Temp\bin.exe

section

{u'size_of_data': u'0x00038200', u'virtual_address': u'0x00001000', u'entropy': 7.993508494929355, u'name': u'.text', u'virtual_size': u'0x00038114'}

entropy

7.99350849493

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Sept. 19, 2023, 6:31 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Noon.4!c
DrWeb	Trojan.Inject4.61170
MicroWorld-eScan	Gen:Variant.Zusy.460032
FireEye	Generic.mg.1fcab65c8ca14af1
Malwarebytes	Spyware.FormBook
Sangfor	Trojan.Win32.Formbook.Vfge
K7AntiVirus	Trojan ( 00536d121 )
Alibaba	Trojan:Win32/Formbook.f1cac41f
K7GW	Trojan ( 00536d121 )
Cybereason	malicious.034c57
Arcabit	Trojan.Zusy.D70500
BitDefenderTheta	AI:Packer.AFC2B2AF1E
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Formbook.AA
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	Trojan-Spy.Win32.Noon.bews
BitDefender	Gen:Variant.Zusy.460032
Avast	Win32:PWSX-gen [Trj]
Tencent	Win32.Trojan.Crypt.Rnkl
Emsisoft	Gen:Variant.Zusy.460032 (B)
F-Secure	Trojan.TR/Crypt.ZPACK.Gen
VIPRE	Gen:Variant.Zusy.460032
TrendMicro	TROJ_GEN.R002C0DII23
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Trapmine	suspicious.low.ml.score
Sophos	Troj/Formbook-A
SentinelOne	Static AI - Malicious PE
Webroot	W32.Noon.Gen
Avira	TR/Crypt.ZPACK.Gen
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Win32.Formbook
Gridinsoft	Trojan.Win32.Formbook.sa
Microsoft	Trojan:Win32/FormBook.AFK!MTB
ZoneAlarm	Trojan-Spy.Win32.Noon.bews
GData	Win32.Trojan.PSE.17XRUK4
Google	Detected
VBA32	Malware-Cryptor.General.3
Cylance	unsafe
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DII23
Rising	Trojan.Generic@AI.100 (RDML:EpiL62kZ3jizHKSFJBq8Iw)
Ikarus	Win32.Outbreak
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Formbook.AA!tr
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

bin.exe