Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 23, 2023, 7:19 p.m.	Sept. 23, 2023, 7:21 p.m.

Size	5.4MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`ac5a067a49c0347a26cb08dbf77f45b2`
SHA256	`c89c74a42dc7e8ba62490a3f73f031caec9ec3579bc69d169abc2bfd2e3719d2`
CRC32	`20E5BBE8`
ssdeep	`98304:cAWVhcggbXvZnyKbxK0UiIeYjRJFpFx9e+11:cHyLKN/eeRJpHv1`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Sept. 23, 2023, 7:19 p.m.	process_identifier: 1280 region_size: 176128 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000840000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

section

{u'size_of_data': u'0x00552c00', u'virtual_address': u'0x00009000', u'entropy': 7.692792014460564, u'name': u'.data', u'virtual_size': u'0x00552a80'}

entropy

7.69279201446

description

A section with a high entropy has been found

entropy

0.990910743501

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware.64
Lionic	Trojan.Win32.Reflo.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.Tedy.435707
FireEye	Gen:Variant.Tedy.435707
ALYac	Gen:Variant.Tedy.435707
Cylance	unsafe
Sangfor	Trojan.Win64.Reflo.Vdyd
K7AntiVirus	Trojan ( 005aa5291 )
Alibaba	Trojan:Win64/Reflo.235eb035
K7GW	Trojan ( 005aa5291 )
CrowdStrike	win/malicious_confidence_90% (W)
Arcabit	Trojan.Tedy.D6A5FB
VirIT	Trojan.Win64.Genus.BJK
Cyren	W64/Rozena.HA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/CoinMiner_AGen.R
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win64.Reflo.pef
BitDefender	Gen:Variant.Tedy.435707
Avast	Win64:MalwareX-gen [Trj]
Tencent	Malware.Win32.Gencirc.11b63b7f
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/AD.Nekark.mytfl
DrWeb	Trojan.Siggen21.30957
VIPRE	Gen:Variant.Tedy.435707
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Variant.Tedy.435707 (B)
Ikarus	Trojan.Win64.Agent
Webroot	W32.Trojan.Gen
Avira	TR/AD.Nekark.mytfl
Antiy-AVL	Trojan/Win64.ShellcodeRunner
Gridinsoft	Ransom.Win64.Wacatac.sa
Microsoft	Trojan:Win64/Znyonm
ZoneAlarm	HEUR:Trojan.Win64.Reflo.pef
GData	Gen:Variant.Tedy.435707
Google	Detected
AhnLab-V3	Trojan/Win.Rozena.C5479574
McAfee	Artemis!AC5A067A49C0
MAX	malware (ai score=83)
VBA32	Trojan.Win64.Reflo
Malwarebytes	Malware.AI.3913729121
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0DII23
Rising	Trojan.Rozena!8.6D (TFE:5:VqtQRH5PzKH)
MaxSecure	Trojan.Malware.124932553.susgen
Fortinet	W64/Rozena.AN!tr
AVG	Win64:MalwareX-gen [Trj]
Cybereason	malicious.f26e32
DeepInstinct	MALICIOUS

PLV.exe