Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 25, 2023, 5:53 p.m.	Nov. 25, 2023, 6:07 p.m.

Size	334.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4406e9c6faab7ab95c4e0550d7756dbc`
SHA256	`d381efbc2ea684b34bd852804284d9a9a27ce458be61ee375268d76681bec748`
CRC32	`9056D7B3`
ssdeep	`3072:iJVu4ae7hI4Z3Fk5gPFMmbdhmSt4Z8f+5Fxo87SqD54KVhiTrYdke0:v4aeP3F0CdhmSt4ZX7u8hiTGx`
PDB Path	C:\sohic.pdb
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\sohic.pdb

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 25, 2023, 5:53 p.m.	process_identifier: 2612 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 86016 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a4c000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Nov. 25, 2023, 5:53 p.m.	process_identifier: 2612 region_size: 110592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00320000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0002e200', u'virtual_address': u'0x00001000', u'entropy': 6.823936162295113, u'name': u'.text', u'virtual_size': u'0x0002e096'}

entropy

6.8239361623

description

A section with a high entropy has been found

entropy

0.553223388306

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
FireEye	Generic.mg.4406e9c6faab7ab9
CAT-QuickHeal	Ransom.Stop.P5
Skyhigh	BehavesLike.Win32.Lockbit.fm
Malwarebytes	Generic.Malware/Suspicious
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packer.pkr_ce1a-9980177-0
Kaspersky	UDS:Trojan-PSW.Win32.Stealerc.gen
Avast	FileRepMalware [Pws]
Tencent	Trojan.Win32.Obfuscated.gen
Trapmine	malicious.high.ml.score
Sophos	Troj/Krypt-VK
SentinelOne	Static AI - Malicious PE
Kingsoft	Win32.PSWTroj.Undef.a
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	UDS:Trojan-PSW.Win32.Stealerc.gen
Google	Detected
McAfee	Artemis!4406E9C6FAAB
VBA32	BScope.Trojan.Chapak
Cylance	unsafe
Rising	Trojan.Generic@AI.100 (RDML:9Gnti1HkqureYbKcn0rHeQ)
Ikarus	Trojan.Win32.Azorult
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.ERHN!tr
AVG	FileRepMalware [Pws]
Cybereason	malicious.f9012a
DeepInstinct	MALICIOUS

timeSync.exe