Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 23, 2023, 7:19 p.m.	Sept. 23, 2023, 7:28 p.m.

Size	5.4MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`974cf9781ee4c391d8c78f68247e1b18`
SHA256	`6f63952d569d65352cadb59dc95665dc01a2ccead6f2a84f8d89a9ee041aebe4`
CRC32	`4E4EDCAE`
ssdeep	`98304:5Ni77gLVLRv0kFWEu4f06A9u4f+38+BscmQI0vjkaYgucBg0i:5Ni77oVJ0kFWn4sWL3R7mQPuoE`
Yara	PE_Header_Zero - PE File Signature ftp_command - ftp command IsPE64 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Sept. 23, 2023, 7:19 p.m.	process_identifier: 1000 region_size: 176128 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000620000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

section

{u'size_of_data': u'0x00552c00', u'virtual_address': u'0x00009000', u'entropy': 7.65836758241832, u'name': u'.data', u'virtual_size': u'0x00552a80'}

entropy

7.65836758242

description

A section with a high entropy has been found

entropy

0.990820685268

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware.64
Lionic	Trojan.Win32.Reflo.4!c
MicroWorld-eScan	Gen:Variant.Tedy.435707
CAT-QuickHeal	Trojan.Win64
ALYac	Gen:Variant.Tedy.435707
VIPRE	Gen:Variant.Tedy.435707
Sangfor	Trojan.Win64.Reflo.V46d
K7AntiVirus	Trojan ( 005aa5291 )
Alibaba	Trojan:Win64/Reflo.bf469bbd
K7GW	Trojan ( 005aa5291 )
Cybereason	malicious.bc589a
Arcabit	Trojan.Tedy.D6A5FB
VirIT	Trojan.Win64.Genus.BJK
Cyren	W64/Rozena.HA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win64/CoinMiner_AGen.R
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win64.Reflo.pef
BitDefender	Gen:Variant.Tedy.435707
Avast	Win64:MalwareX-gen [Trj]
Tencent	Malware.Win32.Gencirc.11b63b7f
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/AD.Nekark.zwupg
DrWeb	Trojan.Siggen21.31393
McAfee-GW-Edition	Artemis!Trojan
FireEye	Gen:Variant.Tedy.435707
Emsisoft	Gen:Variant.Tedy.435707 (B)
Jiangmin	Trojan.Reflo.le
Webroot	W32.Trojan.Gen
Avira	TR/AD.Nekark.zwupg
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Win64.ShellcodeRunner
Gridinsoft	Trojan.Win64.Agent.sa
Microsoft	Trojan:Win64/Znyonm
ZoneAlarm	HEUR:Trojan.Win64.Reflo.pef
GData	Gen:Variant.Tedy.435707
Google	Detected
AhnLab-V3	Trojan/Win.Rozena.C5479574
McAfee	Artemis!974CF9781EE4
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0CIK23
Rising	Trojan.Rozena!8.6D (TFE:5:VqtQRH5PzKH)
Ikarus	Trojan.Win64.Agent
Fortinet	W64/Rozena.AN!tr
AVG	Win64:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

DV.exe