Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 11, 2023, 8:07 a.m.	Oct. 11, 2023, 8:07 a.m.

Size	700.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`571ea8843de2bd01744f6caba0e202ea`
SHA256	`3fb1232ce461020dbb7a33792d26379e8e1bf8e54290360d6979e0b97744b418`
CRC32	`4737C515`
ssdeep	`12288:8zlDL8b0kUwWavotiDgwmV2euPJ0p+jj43ex41a7epQEIR0OR6tMwxTln:mln8VUwWavoegVV50J0p+jj9xV70tM6r`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

.gfids

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 11, 2023, 8 a.m.	stacktrace: 0x3d0007 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 0x3f78 exception.instruction_r: 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 exception.instruction: add byte ptr [rax + rax], al exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3d0007 registers.r14: 21090 registers.r15: 0 registers.rcx: 1 registers.rsi: 21504 registers.r10: 5359585302 registers.rbx: 5359935488 registers.rsp: 2883176 registers.r11: 21153 registers.r8: 11755372 registers.r9: 324204 registers.rdx: 146821896 registers.r12: 0 registers.rbp: 16748 registers.rdi: 16727 registers.rax: 3997696 registers.r13: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 11, 2023, 8 a.m.	process_identifier: 2544 region_size: 344064 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000003d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

section

{u'size_of_data': u'0x0003c000', u'virtual_address': u'0x00072000', u'entropy': 7.623659711777643, u'name': u'.data', u'virtual_size': u'0x0003d328'}

entropy

7.62365971178

description

A section with a high entropy has been found

entropy

0.343347639485

description

Overall entropy of this PE file is high

Bkav	W64.AIDetectMalware
Skyhigh	BehavesLike.Win64.PinkSbot.bc
Cybereason	malicious.7a7625
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Kryptik_AGen.GR
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	Trojan-PSW.Win32.Vidar.ctq
Avast	Win64:TrojanX-gen [Trj]
DrWeb	Trojan.PWS.Steam.36538
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.571ea8843de2bd01
Sophos	Mal/Generic-S
Ikarus	Win32.Outbreak
Kingsoft	malware.kb.a.976
Gridinsoft	Spy.Win64.Vidar.bot
Microsoft	Trojan:Win32/Znyonm
ZoneAlarm	Trojan-PSW.Win32.Vidar.ctq
Google	Detected
McAfee	Artemis!571EA8843DE2
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0DJA23
Rising	Trojan.Kryptik!8.8 (CLOUD)
SentinelOne	Static AI - Suspicious PE
AVG	Win64:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

updat1.exe