Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 24, 2023, 2:52 p.m.	Oct. 24, 2023, 2:54 p.m.

Size	344.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3ed791d0d3ef43adf351275e0e2d5eb1`
SHA256	`80462fb829254624539aa3e41b87bb577adaa25b8a7beeaf717f8813459f8a3f`
CRC32	`12E9ED1F`
ssdeep	`6144:11d63Ljtigyk3Kj8CxuEAJuay+COUMx4xLi+XUfK5B:1vAXtimaEXy8UMx4xLikUM`
PDB Path	C:\suzivoxirujove\bibe\ladawohini.pdb
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\suzivoxirujove\bibe\ladawohini.pdb

resource name	AFX_DIALOG_LAYOUT
resource name	None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 24, 2023, 2:52 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 180224 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ae000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Oct. 24, 2023, 2:52 p.m.	process_identifier: 2552 region_size: 319488 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00040000', u'virtual_address': u'0x00001000', u'entropy': 7.768857077561053, u'name': u'.text', u'virtual_size': u'0x0003fe9a'}

entropy

7.76885707756

description

A section with a high entropy has been found

entropy

0.746355685131

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
CAT-QuickHeal	Ransom.Stop.P5
Skyhigh	BehavesLike.Win32.Lockbit.fc
Sangfor	Ransom.Win32.Save.a
K7AntiVirus	Trojan ( 005ace911 )
K7GW	Trojan ( 005ace911 )
Cybereason	malicious.561a4e
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packer.pkr_ce1a-9980177-0
Kaspersky	VHO:Backdoor.Win32.Mokes.gen
Avast	RansomX-gen [Ransom]
Tencent	Trojan.Win32.Obfuscated.gen
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.3ed791d0d3ef43ad
Sophos	Troj/Krypt-VK
Ikarus	Trojan.SmokeLoader
Kingsoft	malware.kb.a.1000
Gridinsoft	Ransom.Win32.STOP.bot!n
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	VHO:Backdoor.Win32.Mokes.gen
Google	Detected
AhnLab-V3	Trojan/Win.Stealc.R614190
Acronis	suspicious
VBA32	Malware-Cryptor.Grygoryi.3
Cylance	unsafe
Rising	Trojan.SmokeLoader!1.EB63 (CLASSIC)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.ERHN!tr
AVG	RansomX-gen [Ransom]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

build.exe