Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 10, 2023, 8:22 p.m.	Oct. 10, 2023, 8:25 p.m.

Size	2.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`921aa3783644750890b9d30843253ec6`
SHA256	`8600a593750580cee7240af4069685e8c2a1683d84652122fcdf6a478e5a4e93`
CRC32	`FA335779`
ssdeep	`49152:lb+HGScSFshuzfqh/vidSlsLyFWAMJpQZr/Bk5hgY3EgI/wSHrA:xGGScSFcuEvxlswnMJpIjBk590gI/wSH`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

8600a593750580cee7240af4069685e8c2a1683d84652122fcdf6a478e5a4e93.exe "C:\Users\test22\AppData\Local\Temp\8600a593750580cee7240af4069685e8c2a1683d84652122fcdf6a478e5a4e93.exe"
2552

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return
GetComputerNameW Oct. 10, 2023, 8:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 10, 2023, 8:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 10, 2023, 8:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 10, 2023, 8:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 10, 2023, 8:22 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 10, 2023, 8:22 p.m.	computer_name: TEST22-PC	1	1

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 10, 2023, 8:22 p.m.			0	0

section

foo

request	GET http://asplinc.com/xe/modules/page/queries/query_read.dsql
request	GET http://www.bsef.or.kr/board/upfile/bbsB/166737125620120323174332.hwp

description

8600a593750580cee7240af4069685e8c2a1683d84652122fcdf6a478e5a4e93.exe tried to sleep 766 seconds, actually delayed analysis time by 105 seconds

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 10, 2023, 8:22 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 159744 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00c01000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00255200', u'virtual_address': u'0x00001000', u'entropy': 7.999738005657763, u'name': u'foo', u'virtual_size': u'0x00255100'}

entropy

7.99973800566

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Trojan.Heur.S.vgW@a0tRnjm
FireEye	Generic.mg.921aa37836447508
McAfee	Generic .zab
Cylance	unsafe
VIPRE	Gen:Trojan.Heur.S.vgW@a0tRnjm
Sangfor	Trojan.Win32.Agent.Vznd
K7AntiVirus	Trojan ( 00536d121 )
Alibaba	Trojan:Win32/Generic.08755e79
K7GW	Trojan ( 00536d121 )
Cybereason	malicious.6ca5be
Cyren	W32/Zbot.W.gen!Eldorado
Symantec	Backdoor.Trojan
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Agent.AEAF
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Trojan.Heur.S.vgW@a0tRnjm
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Evo-gen [Trj]
Tencent	Win32.Trojan.Generic.Kajl
Emsisoft	Gen:Trojan.Heur.S.vgW@a0tRnjm (B)
F-Secure	Trojan.TR/Crypt.ZPACK.Gen
DrWeb	Trojan.Siggen18.58015
Zillya	Trojan.Agent.Win32.3069820
TrendMicro	Backdoor.Win32.OPENCARROT.ZIKH
McAfee-GW-Edition	BehavesLike.Win32.VirRansom.vc
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Agent
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.ZPACK.Gen
Antiy-AVL	Trojan/Win32.Agent
Microsoft	Trojan:Win32/Casdet!rfn
Gridinsoft	Trojan.Heur!.030100E1
Arcabit	Trojan.Heur.S.E9DA04
ViRobot	Trojan.Win.S.Agent.2446336
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Trojan.Heur.S.vgW@a0tRnjm
Google	Detected
AhnLab-V3	Trojan/Win.Agent.C5468236
BitDefenderTheta	AI:Packer.411734A61D
ALYac	Gen:Trojan.Heur.S.vgW@a0tRnjm
MAX	malware (ai score=80)
Malwarebytes	Malware.AI.1916799869
Panda	Trj/CI.A
TrendMicro-HouseCall	Backdoor.Win32.OPENCARROT.ZIKH

8600a593750580cee7240af4069685e8c2a1683d84652122fcdf6a478e5a4e93