Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 2, 2023, 8:38 a.m.	Oct. 2, 2023, 8:43 a.m.

Size	1.2MB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`316e3ee9229e0b06a6a7b9bf890bdbda`
SHA256	`fa0388d10c5b777ec6b0107022c6000fb1b70665f89e9d9f96d50eb16c865bb8`
CRC32	`63B26CDC`
ssdeep	`24576:t+7xMpDDU1mPxLfvwV+8csVSu2KxpIy7w02AX:+xj1mPxLtzQQ2Zj`
PDB Path	C:\A10\wcvtlthi1w8p5w\output.pdb
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check

Rules.doc "C:\Users\test22\AppData\Local\Temp\Rules.doc"
2632

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\A10\wcvtlthi1w8p5w\output.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.textbss
section	.All
section	.00cfg

The executable uses a known packer (1 event)

packer

Microsoft Visual C++ V8.0 (Debug)

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 2, 2023, 8:38 a.m.	stacktrace: CallNextHookEx+0x50 BeginDeferWindowPos-0xe0 user32+0x262d5 @ 0x758662d5 rules+0x6ce6e @ 0x100ce6e BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 48 28 8b 78 2c 8b f1 0b f7 0f 85 32 2d 00 00 exception.symbol: CallNextHookEx+0x71 BeginDeferWindowPos-0xbf user32+0x262f6 exception.instruction: mov ecx, dword ptr [eax + 0x28] exception.module: USER32.dll exception.exception_code: 0xc0000005 exception.offset: 156406 exception.address: 0x758662f6 registers.esp: 2816380 registers.edi: 0 registers.eax: 1083375616 registers.ebp: 2816388 registers.edx: 1791 registers.ebx: 0 registers.esi: 2130556928 registers.ecx: 1791	1	0	0

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.Common.E4705C09
Lionic	Trojan.Win32.Agent.Y!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.69434245
CAT-QuickHeal	Backdoor.Agent
McAfee	Artemis!316E3EE9229E
Malwarebytes	Trojan.Crypt
VIPRE	Trojan.GenericKD.69434245
Sangfor	Trojan.Win32.Kryptik.V2h9
K7AntiVirus	Trojan ( 005aaa221 )
Alibaba	Trojan:Win32/Extgen.68197bc8
K7GW	Trojan ( 005aaa221 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D4237B85
BitDefenderTheta	Gen:NN.ZexaE.36738.nPW@a4vNMuoi
VirIT	Trojan.Win32.Genus.TGU
Cyren	W32/Agent.GTL.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HUBU
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packed.Pwsx-10008461-0
Kaspersky	Trojan.Win32.Extgen.aaa
BitDefender	Trojan.GenericKD.69434245
NANO-Antivirus	Trojan.Win32.Stealer.kbcpwj
Avast	Win32:PWSX-gen [Trj]
Tencent	Malware.Win32.Gencirc.11b6d17f
Emsisoft	Trojan.GenericKD.69434245 (B)
F-Secure	Trojan.TR/Crypt.Agent.vkiad
Zillya	Backdoor.Pandora.Win32.186
McAfee-GW-Edition	BehavesLike.Win32.Generic.th
FireEye	Trojan.GenericKD.69434245
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Avira	TR/Crypt.Agent.vkiad
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Win32.Kryptik
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Redline.GPAC!MTB
ZoneAlarm	Trojan.Win32.Extgen.aaa
GData	Win32.Trojan.PSE.R5WBTG
Google	Detected
AhnLab-V3	Infostealer/Win.Injection.C5479143
VBA32	BScope.TrojanPSW.RedLine
ALYac	Trojan.GenericKD.69434245
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R06CH0CIN23
Rising	Backdoor.Agent!8.C5D (TFE:1:GRn6PQFyOMS)
Yandex	Trojan.Kryptik!MgSaWByqcSA

Rules.doc

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All