Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 1, 2023, 5:18 p.m.	Oct. 1, 2023, 5:20 p.m.

Size	3.1MB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`027a60b4337dd0847d0414aa8719ffec`
SHA256	`3dbde13894aa65f33217ab351dd3f5c4fb54d570b3371fef1505a7370aab4168`
CRC32	`69E9DFD0`
ssdeep	`49152:ZRxujKxS2EuSIYkgSc71bdf5k6N21D5MwICiaiSLE6k1/lRr:ZRM282P2jScBbS2lRr`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature aurora_stealer - detect Aurora stealer IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check

2023.exe.exe "C:\Users\test22\AppData\Local\Temp\2023.exe.exe"
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
212.87.204.93	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

Communicates with host for which no DNS query was performed (1 event)

host

212.87.204.93

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Oct. 1, 2023, 5:18 p.m.	ordinal: 0 function_address: 0x0018fe55 function_name: wine_get_version module: ntdll module_address: 0x76f10000		3221225785	0

Generates some ICMP traffic

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

212.87.204.93:8081

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 events)

Bkav	W32.ManukOponeC.Trojan
Lionic	Trojan.Win32.Coins.4!c
DrWeb	Trojan.PWS.Siggen3.28857
MicroWorld-eScan	Gen:Variant.Jaik.127758
McAfee	GenericRXAA-AA!027A60B4337D
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Variant.Jaik.127758
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanPSW:Win32/Coins.932a500f
K7GW	Trojan ( 005988fe1 )
K7AntiVirus	Trojan ( 005988fe1 )
Arcabit	Trojan.Jaik.D1F30E
BitDefenderTheta	AI:Packer.C209DA8B1F
VirIT	Trojan.Win32.Genus.PEO
Cyren	W32/ABRisk.FLVX-7117
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of WinGo/Agent.JS
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Infostealer.Aurora-9980073-1
Kaspersky	Trojan-PSW.Win32.Coins.affj
BitDefender	Gen:Variant.Jaik.127758
NANO-Antivirus	Trojan.Win32.Coins.jvhmor
Avast	Win32:Evo-gen [Trj]
Tencent	Win32.Trojan-QQPass.QQRob.Qgil
Emsisoft	Gen:Variant.Jaik.127758 (B)
F-Secure	Trojan:W32/AuroraStealer.A
Zillya	Trojan.Coins.Win32.7838
TrendMicro	TrojanSpy.Win32.AURORASTEALER.YXDC1Z
McAfee-GW-Edition	BehavesLike.Win32.Generic.wh
FireEye	Generic.mg.027a60b4337dd084
Sophos	Troj/Aurora-A
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Sabsik
Kingsoft	Win32.Troj.Undef.a
Xcitium	Malware@#38gg6tmjcwbzu
Microsoft	Trojan:Win32/Casdet!rfn
ViRobot	Trojan.Win.Z.Jaik.3226890
ZoneAlarm	Trojan-PSW.Win32.Coins.affj
GData	Win32.Trojan.AuroraStealer.A
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5400367
VBA32	BScope.TrojanPSW.Coins
ALYac	Gen:Variant.Jaik.127758
Cylance	unsafe

2023.exe.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All