Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 7, 2023, 4:12 p.m.	Oct. 7, 2023, 4:21 p.m.

Size	888.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b8303120c1bf50b01dbc9f8d6fea45d8`
SHA256	`c1ae35cd9be8a69a397e7b1e24229847a71bf7ff80bf4021429ee9804bf02652`
CRC32	`A99D40D0`
ssdeep	`12288:qIKpM6POHEEF081OMTAy/Ubf1eAUNtBI9e4fmSuBJuQpgcOmWHNtU6:qIKjPOHEEF081OMlEfUPBIpuBYHw6`
PDB Path	C:\CbcnGrkHn1xTZ3fUY5veKRPVvmC22mKW\Ghost.pdb
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check

deluxe_crypted1234.exe "C:\Users\test22\AppData\Local\Temp\deluxe_crypted1234.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\CbcnGrkHn1xTZ3fUY5veKRPVvmC22mKW\Ghost.pdb

section

.00cfg

packer

Microsoft Visual C++ V8.0 (Debug)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 7, 2023, 4:12 p.m.	stacktrace: 0x373eb4 0x371eb7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x1d90fff registers.esp: 146602536 registers.edi: 32702160 registers.eax: 146602660 registers.ebp: 146602672 registers.edx: 0 registers.ebx: 4986048 registers.esi: 4990808 registers.ecx: 30998528	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 7, 2023, 4:12 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d90000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealer.12!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Jaik.501
FireEye	Gen:Variant.Jaik.501
Skyhigh	RDN/Generic PWS.y
ALYac	Gen:Variant.Jaik.501
Cylance	unsafe
VIPRE	Gen:Variant.Jaik.501
Sangfor	Infostealer.Win32.Kryptik.Vl7q
K7AntiVirus	Trojan ( 005ac0691 )
Alibaba	TrojanSpy:Win32/Stealer.fe2503d1
K7GW	Trojan ( 005ac0691 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Jaik.501
VirIT	Trojan.Win32.GenusT.DSMX
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.GOMJ
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Gen:Variant.Jaik.501
Avast	Win32:PWSX-gen [Trj]
Tencent	Malware.Win32.Gencirc.13f150cf
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/AD.Nekark.mlkjj
DrWeb	Trojan.PWS.RedLineNET.6
TrendMicro	Trojan.Win32.SMOKELOADER.YXDJEZ
Emsisoft	Gen:Variant.Jaik.501 (B)
Varist	W32/ABRisk.TJCR-3520
Avira	TR/AD.Nekark.mlkjj
Antiy-AVL	Trojan/Win32.Sabsik
Gridinsoft	Malware.Win32.Gen.bot
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	HEUR:Trojan-Spy.Win32.Stealer.gen
GData	Gen:Variant.Jaik.501
Google	Detected
McAfee	RDN/Generic PWS.y
MAX	malware (ai score=82)
Malwarebytes	Malware.AI.4183782339
Panda	Trj/Chgt.AD
Zoner	Trojan.Win32.162634
TrendMicro-HouseCall	Trojan.Win32.SMOKELOADER.YXDJEZ
Rising	Trojan.Kryptik!8.8 (TFE:5:Bs50Wdws6UC)
Ikarus	Trojan.Win32.Injector
MaxSecure	Trojan.Malware.73793603.susgen
Fortinet	W32/Injector.ETFD!tr
BitDefenderTheta	Gen:NN.ZexaF.36738.3yY@aSxqzFf
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS

deluxe_crypted1234.exe