Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 27, 2023, 9:23 a.m.	Nov. 27, 2023, 9:25 a.m.

Size	62.5KB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`73053ed899ed813b3113ad2a588b446d`
SHA256	`35b0d522fd8abdbbadf0a04532a10afa082574a8847b8219c8e79dab769ae977`
CRC32	`9AC33FD7`
ssdeep	`1536:DwJB0MxOSIoH7zrn96aAAomotxCO+sWiZ:MoUnrn96eomotxlWiZ`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Nov. 27, 2023, 9:16 a.m.	process_identifier: 2552 region_size: 1310720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000860000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0
NtAllocateVirtualMemory Nov. 27, 2023, 9:16 a.m.	process_identifier: 2552 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000920000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

dead_host

192.168.100.26:4444

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Havoc.4!c
MicroWorld-eScan	Generic.Havokiz.A.6611FCB4
Skyhigh	BehavesLike.Win64.Backdoor.km
McAfee	BackDoor-FESK!73053ED899ED
Cylance	unsafe
VIPRE	Generic.Havokiz.A.6611FCB4
Sangfor	Backdoor.Win64.Havoc.Vdz0
K7AntiVirus	Trojan ( 005aac331 )
Alibaba	Backdoor:Win64/Havoc.99893e4d
K7GW	Trojan ( 005aac331 )
Symantec	Backdoor.Havoc!g2
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Havoc.A
APEX	Malicious
ClamAV	Win.Malware.Ulise-9987244-0
Kaspersky	HEUR:Backdoor.Win64.Havoc.pef
BitDefender	Generic.Havokiz.A.6611FCB4
Avast	Win64:Evo-gen [Trj]
Tencent	Malware.Win32.Gencirc.13f13e91
Emsisoft	Generic.Havokiz.A.6611FCB4 (B)
F-Secure	Heuristic.HEUR/AGEN.1329818
Zillya	Trojan.Agent.Win64.21352
TrendMicro	Backdoor.Win64.HAVOC.SM
FireEye	Generic.Havokiz.A.6611FCB4
Sophos	ATK/Havoc-E
SentinelOne	Static AI - Malicious PE
MAX	malware (ai score=86)
Google	Detected
Avira	HEUR/AGEN.1329818
Varist	W64/Ulise.EO.gen!Eldorado
Antiy-AVL	Trojan/Win64.Agent
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win64/Havokiz.DX!MTB
Arcabit	Generic.Havokiz.A.6611FCB4
ZoneAlarm	HEUR:Backdoor.Win64.Havoc.pef
GData	Generic.Havokiz.A.6611FCB4
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win.Havoc.C5403085
ALYac	Generic.Havokiz.A.6611FCB4
Panda	Trj/CI.A
Rising	Trojan.Agent!8.B1E (TFE:4:TbG0Ij1RJIG)
Ikarus	Trojan.Win64.Agent
MaxSecure	Trojan.Malware.197099475.susgen
Fortinet	W64/Agent.BRS!tr
AVG	Win64:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

demon.exe