Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 23, 2023, 9:29 a.m.	Sept. 23, 2023, 9:34 a.m.

Size	965.6KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0c2246bc569ddf7c9e93ccbf87aeb397`
SHA256	`1d30c8ea61630a44351f29b209813275b5077a637a571d888e97398f8c24787d`
CRC32	`7D63E9C2`
ssdeep	`12288:+sT4cgRdrEAzvHG4z/bEUZEPurHbNFKSEv0xt9:+sGRdrEAbm4z/bEUaPuD3Rw0xt9`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

ECVX

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0008a000', u'virtual_address': u'0x00000200', u'entropy': 7.255662811578312, u'name': u'.text', u'virtual_size': u'0x00089fc4'}

entropy

7.25566281158

description

A section with a high entropy has been found

entropy

0.572465646876

description

Overall entropy of this PE file is high

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.Common.685CFF5E
Lionic	Trojan.Win32.Joti.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.VB.8m1@eue3jOti
FireEye	Generic.mg.0c2246bc569ddf7c
CAT-QuickHeal	Trojan.Sabsik
McAfee	New Malware.mp
Malwarebytes	Trojan.Injector.VB
VIPRE	Gen:Trojan.Heur.VB.8m1@eue3jOti
Sangfor	Suspicious.Win32.Save.vb
K7AntiVirus	Trojan ( 005ab6c31 )
Alibaba	Trojan:Win32/Injector.a74634f0
K7GW	Trojan ( 005ab6c31 )
CrowdStrike	win/malicious_confidence_100% (D)
Arcabit	Trojan.Heur.VB.EBE432
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.ETHH
Cynet	Malicious (score: 100)
APEX	Malicious
BitDefender	Gen:Trojan.Heur.VB.8m1@eue3jOti
NANO-Antivirus	Trojan.Win32.VB.kaxwmw
Avast	Win32:InjectorX-gen [Trj]
Tencent	Win32.Trojan.FalseSign.Ymhl
Sophos	Mal/PePatch-Q
F-Secure	Trojan.TR/Crypt.XPACK.Gen3
TrendMicro	Ransom.Win32.LOCKBIT.YXDIUT
McAfee-GW-Edition	New Malware.mp
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Trojan.Heur.VB.8m1@eue3jOti (B)
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.XPACK.Gen3
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Ransom:Win32/Lockbit.HA!MTB
GData	Gen:Trojan.Heur.VB.8m1@eue3jOti
Google	Detected
AhnLab-V3	Trojan/Win.Obfuscated.R606184
VBA32	Trojan.VB.Hider
ALYac	Gen:Trojan.Heur.VB.8m1@eue3jOti
MAX	malware (ai score=88)
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Ransom.Win32.LOCKBIT.YXDIUT
Rising	Trojan.Injector!1.C6AF (CLASSIC)
Ikarus	Trojan.Agent
MaxSecure	Trojan.Malware.218539947.susgen
Fortinet	W32/ETHH!tr
BitDefenderTheta	AI:Packer.315D79041F
AVG	Win32:InjectorX-gen [Trj]
Cybereason	malicious.99f2c4

LB3.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All