Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 4, 2024, 4:41 p.m.	Feb. 4, 2024, 4:56 p.m.

Size	378.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e63c6dcaebb548eb22c15e57686a011a`
SHA256	`a9c83e72f004dcd4ba9e8b1a0b14dc9aa1379fdbf3d9adff3cb956881ab4c413`
CRC32	`87C26973`
ssdeep	`6144:s0JonqSBYU26Bl9RNpucewgRXJ4y1uRBd4L2tfSd44WrJq1kDc:s7pBYU26BlDDgRXSXtl4WrkeY`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
212.224.86.223	Active	Moloch

No Suricata Alerts

No Suricata TLS

section	.hoj
section	.ger

resource name	LEBUFIBIJAFILIXODA
resource name	None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Feb. 4, 2024, 4:41 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 147456 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008ac000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Feb. 4, 2024, 4:41 p.m.	process_identifier: 2536 region_size: 245760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00330000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0003ee00', u'virtual_address': u'0x00001000', u'entropy': 7.509485244628265, u'name': u'.text', u'virtual_size': u'0x0003ec4a'}

entropy

7.50948524463

description

A section with a high entropy has been found

entropy

0.667108753316

description

Overall entropy of this PE file is high

host

212.224.86.223

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Stop.P5
Skyhigh	BehavesLike.Win32.Lockbit.fh
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
K7GW	Hacktool ( 700007861 )
Cybereason	malicious.6c638d
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
McAfee	Artemis!E63C6DCAEBB5
Avast	CrypterX-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Rising	Trojan.Generic@AI.100 (RDML:0HkOcwrKHYT77KviueBRWQ)
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.e63c6dcaebb548eb
Sophos	Troj/Krypt-ADH
Ikarus	Trojan.Win32.Crypt
Google	Detected
Kingsoft	malware.kb.a.999
Microsoft	Trojan:Win32/Phonzy.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
AhnLab-V3	Trojan/Win.Glupteba.R633410
BitDefenderTheta	Gen:NN.ZexaF.36744.xC0@aO9wDubi
DeepInstinct	MALICIOUS
VBA32	BScope.Backdoor.Tofsee
Malwarebytes	Generic.Malware/Suspicious
Tencent	Trojan.Win32.Obfuscated.gen
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
AVG	CrypterX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

univ.exe