Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 17, 2023, 10:42 a.m.	Oct. 17, 2023, 10:42 a.m.

Size	3.1MB
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e0154733596f482f5feff0f3b5b5cadf`
SHA256	`2143bb3e491fc837475ca29f2dc9fa67f4394c4a38da62ac45e4564678cdbe16`
CRC32	`9DCE7E05`
ssdeep	`49152:65bdzxx9zCKNNprxuDGGynmsvwzqZMSoF3SkgYybFaf2t60Wzw8rfv4YryVn:655Vzx7TGynJ3ZBbca6jzwKv4Jn`
PDB Path	Fiber.pdb
Yara	Malicious_Library_Zero - Malicious_Library Is_DotNET_DLL - (no description) UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

Fiber.pdb

section

{u'size_of_data': u'0x00319a00', u'virtual_address': u'0x00002000', u'entropy': 7.399562219805983, u'name': u'.text', u'virtual_size': u'0x003199d4'}

entropy

7.39956221981

description

A section with a high entropy has been found

entropy

0.999527707809

description

Overall entropy of this PE file is high

MicroWorld-eScan	Gen:Variant.Zusy.472162
FireEye	Gen:Variant.Zusy.472162
Skyhigh	BehavesLike.Win32.Generic.wc
ALYac	Gen:Variant.Zusy.472162
Malwarebytes	Trojan.Downloader.MSIL
VIPRE	Gen:Variant.Zusy.472162
K7AntiVirus	Trojan-Downloader ( 005a77b81 )
BitDefender	Gen:Variant.Zusy.472162
K7GW	Trojan-Downloader ( 005a77b81 )
CrowdStrike	win/malicious_confidence_70% (D)
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.PIX
Kaspersky	HEUR:Backdoor.MSIL.Remcos.gen
Emsisoft	Gen:Variant.Zusy.472162 (B)
Ikarus	Trojan-Spy.Agent
Google	Detected
MAX	malware (ai score=80)
Arcabit	Trojan.Zusy.D73462
ZoneAlarm	HEUR:Backdoor.MSIL.Remcos.gen
GData	Gen:Variant.Zusy.472162
Varist	W32/MSIL_Kryptik.JRF.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R526355

uwp4072801.png.exe