Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 4, 2024, 4:39 p.m.	Feb. 4, 2024, 4:51 p.m.

Size	345.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7a861d2a7d07c0efa9e429d6bbad1ffc`
SHA256	`dc36c00644bc994d5bb02aa68b3cd866e22bf8f55903bb7ca785068037531bb8`
CRC32	`C74B639F`
ssdeep	`6144:l7fbsgL+pivdR8DusUhdGrXMWiB0H440/Q1kDc:lX7+pivj8DkVB0Y40YeY`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section	.maxejar
section	.hixuk

resource name	LEBUFIBIJAFILIXODA
resource name	None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Feb. 4, 2024, 4:39 p.m.	process_identifier: 1364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 114688 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005dc000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Feb. 4, 2024, 4:39 p.m.	process_identifier: 1364 region_size: 184320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00036c00', u'virtual_address': u'0x00001000', u'entropy': 7.405320184144689, u'name': u'.text', u'virtual_size': u'0x00036b2a'}

entropy

7.40532018414

description

A section with a high entropy has been found

entropy

0.635703918723

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Stop.P5
Skyhigh	BehavesLike.Win32.Lockbit.fh
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
K7GW	Hacktool ( 700007861 )
Cybereason	malicious.77e4df
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
McAfee	Artemis!7A861D2A7D07
Avast	CrypterX-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Rising	Trojan.Generic@AI.100 (RDML:pg8ZmtZISJDlviiuKOduXQ)
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.7a861d2a7d07c0ef
Sophos	Troj/Krypt-ADH
Ikarus	Trojan.Win32.Crypt
Google	Detected
Kingsoft	malware.kb.a.999
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
AhnLab-V3	Trojan/Win.Glupteba.R633410
BitDefenderTheta	Gen:NN.ZexaF.36744.vC0@aGjjEHpi
DeepInstinct	MALICIOUS
VBA32	BScope.Backdoor.Tofsee
Malwarebytes	Generic.Malware/Suspicious
Tencent	Trojan.Win32.Obfuscated.gen
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
AVG	CrypterX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

inte.exe