Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 11, 2023, 7:20 p.m.	Dec. 11, 2023, 7:27 p.m.

Size	2.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1836716b2f372522b52f865d74f59dc7`
SHA256	`8bc73b56e4f82591734a80dfae67191e5fb269ccbe313635be904d9d9f85009f`
CRC32	`6965D917`
ssdeep	`24576:aCKJMjFsCBqTsGlZdYRcUfuTZIeTcfa7luMuUmK0+ds:HKUFsCBqTdZdIaT0Uf`
PDB Path	C:\Users\Unlimited\source\repos\ConsoleApplication2\Debug\ConsoleApplication2.pdb
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\Users\Unlimited\source\repos\ConsoleApplication2\Debug\ConsoleApplication2.pdb

packer

Microsoft Visual C++ V8.0 (Debug)

section

{u'size_of_data': u'0x0004da00', u'virtual_address': u'0x0028f000', u'entropy': 7.227333358357898, u'name': u'.data', u'virtual_size': u'0x00052494'}

entropy

7.22733335836

description

A section with a high entropy has been found

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Dec. 11, 2023, 7:20 p.m.	process_identifier: 2284 region_size: 278528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000054		3221225496	0

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle Dec. 11, 2023, 7:20 p.m.	module_name: snxhk.dll module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle Dec. 11, 2023, 7:20 p.m.	module_name: snxhk.dll module_address: 0x00000000 stack_pivoted: 0		3221225781	0

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1900 manipulating memory of non-child process 2284
NtAllocateVirtualMemory Dec. 11, 2023, 7:20 p.m.	process_identifier: 2284 region_size: 278528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000054		3221225496	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.70683781
FireEye	Generic.mg.1836716b2f372522
Skyhigh	BehavesLike.Win32.Smokeloader.vm
Cylance	unsafe
Sangfor	Spyware.Win32.Agent.V8zt
Alibaba	TrojanSpy:Win32/Generic.0a12ecb0
VirIT	Trojan.Win32.Genus.UJY
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Spy.Agent.QKY
Cynet	Malicious (score: 100)
APEX	Malicious
BitDefender	Trojan.GenericKD.70683781
Avast	Win32:Malware-gen
Tencent	Malware.Win32.Gencirc.13f9216b
Emsisoft	Trojan.GenericKD.70683781 (B)
F-Secure	Heuristic.HEUR/AGEN.1366669
VIPRE	Trojan.GenericKD.70683781
TrendMicro	Trojan.Win32.SMOKELOADER.YXDLEZ
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.Win32.Agent
GData	Trojan.GenericKD.70683781
Webroot	W32.Malware.Gen
Avira	HEUR/AGEN.1366669
Antiy-AVL	Trojan/Win32.Sabsik
Kingsoft	Win32.HeurC.KVMH008.a
Gridinsoft	Trojan.Win32.Downloader.ca
Xcitium	Malware@#2isdp7z4b08tg
Arcabit	Trojan.Generic.D4368C85
Microsoft	Trojan:Win32/Znyonm
Google	Detected
AhnLab-V3	Trojan/Win.Injection.C5558983
VBA32	BScope.TrojanPSW.Stealerc
ALYac	Trojan.GenericKD.70683781
MAX	malware (ai score=80)
Malwarebytes	Trojan.Crypt
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.SMOKELOADER.YXDLEZ
Rising	Trojan.Generic@AI.100 (RDML:YA1YdaT1fYGsI8spsma3jg)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.221202888.susgen
Fortinet	W32/Malicious_Behavior.VEX
BitDefenderTheta	Gen:NN.ZexaF.36608.lMW@aqjdC9k
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

soft.exe