Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 10, 2023, 9:26 a.m.	Nov. 10, 2023, 9:30 a.m.

Size	268.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bed063565678cce483a7647b3fe5dd27`
SHA256	`1f88fd853dfa370210529bd0fc8130305d0678ee3cb920dc92104aa4bc075b89`
CRC32	`A95A3A1E`
ssdeep	`3072:WgxS2Gtjsjy8j3kV97jBha88TW+h7Aar7fTley+oOyx:rdGtjGF3k7thzQdAar77ln+F`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

resource name

AFX_DIALOG_LAYOUT

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 10, 2023, 9:26 a.m.	process_identifier: 660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 81920 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0031c000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Nov. 10, 2023, 9:26 a.m.	process_identifier: 660 region_size: 155648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0002d600', u'virtual_address': u'0x00001000', u'entropy': 7.362428371490362, u'name': u'.text', u'virtual_size': u'0x0002d484'}

entropy

7.36242837149

description

A section with a high entropy has been found

entropy

0.679775280899

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
CAT-QuickHeal	Ransom.Stop.P5
Skyhigh	BehavesLike.Win32.Lockbit.dh
Malwarebytes	Crypt.Trojan.Malicious.DDS
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00516fdf1 )
K7GW	Trojan ( 00516fdf1 )
Cybereason	malicious.534a64
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HVFG
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Tencent	Trojan.Win32.Obfuscated.gen
Sophos	Troj/Krypt-ACJ
F-Secure	Heuristic.HEUR/AGEN.1366024
DrWeb	Trojan.PWS.Steam.36705
TrendMicro	Trojan.Win32.PRIVATELOADER.YXDKIZ
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.bed063565678cce4
SentinelOne	Static AI - Malicious PE
Varist	W32/Kryptik.LAC.gen!Eldorado
Avira	HEUR/AGEN.1366024
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Znyonm
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Google	Detected
Acronis	suspicious
McAfee	Artemis!BED063565678
DeepInstinct	MALICIOUS
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.PRIVATELOADER.YXDKIZ
Rising	Trojan.Generic@AI.100 (RDML:kC06pr247OQAA0IGPASOOA)
Ikarus	Win32.Outbreak
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:PWSX-gen [Trj]
Avast	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

build.exe