Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 5, 2024, 11:41 p.m.	April 5, 2024, 11:41 p.m.

Size	1.9MB
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`922c1358261ab8f61eeb83a34aa99650`
SHA256	`daa8b27a0075bf566e2a1b64c6d553185d73bb4cb363feeb843cc280121c7a74`
CRC32	`9CA27BB2`
ssdeep	`24576:pMlE9D1Wo41y49MuH4f5uC8lunbKJvOQgJvxMQw/v1ErDY1ATLzN7rOY6NWsa8e9:Wl6Dovo3OgFfsNkE1ATLFan83Hfoyza2`
PDB Path	Protection.pdb
Yara	Craxs_RAT - Craxs RAT PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

Protection.pdb

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x001e5800', u'virtual_address': u'0x00002000', u'entropy': 7.953140897950056, u'name': u'.text', u'virtual_size': u'0x001e57f4'}

entropy

7.95314089795

description

A section with a high entropy has been found

entropy

0.998714322448

description

Overall entropy of this PE file is high

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Stealerc.1m!c
Elastic	malicious (high confidence)
CAT-QuickHeal	Trojanpws.Msil
ALYac	Gen:Variant.Ser.Lazy.6249
Cylance	unsafe
VIPRE	Gen:Variant.Ser.Lazy.6249
Sangfor	Infostealer.Msil.Stealerc.Vku6
K7AntiVirus	Riskware ( 00584baa1 )
BitDefender	Gen:Variant.Ser.Lazy.6249
K7GW	Riskware ( 00584baa1 )
Cybereason	malicious.8261ab
Arcabit	Trojan.Ser.Lazy.D1869
BitDefenderTheta	Gen:NN.ZemsilF.36802.6n2@aOowQJdi
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.ALHK
Avast	Win32:PWSX-gen [Trj]
ClamAV	Win.Packed.Zusy-10023527-0
Kaspersky	HEUR:Trojan-PSW.MSIL.Stealerc.gen
MicroWorld-eScan	Gen:Variant.Ser.Lazy.6249
Rising	Stealer.Stealerc!8.17BE0 (CLOUD)
Emsisoft	Gen:Variant.Ser.Lazy.6249 (B)
F-Secure	Trojan.TR/AD.Nekark.stabt
TrendMicro	TrojanSpy.Win32.LUMMASTEALER.YXEDDZ
FireEye	Gen:Variant.Ser.Lazy.6249
Sophos	Troj/MSIL-TCZ
Ikarus	Trojan.MSIL.Krypt
Google	Detected
Avira	TR/AD.Nekark.stabt
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Win32.AgentTesla
Kingsoft	MSIL.Trojan-PSW.Stealerc.gen
Gridinsoft	Trojan.Win32.Agent.ca
Microsoft	Trojan:Win32/Znyonm
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Stealerc.gen
GData	Gen:Variant.Ser.Lazy.6249
Varist	W32/MSIL_Agent.HSN.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.C5608117
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.MCrypt.MSIL.Generic
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win32.LUMMASTEALER.YXEDDZ
Tencent	Win32.Trojan.FalseSign.Fmnw
SentinelOne	Static AI - Suspicious PE
Fortinet	MSIL/Kryptik.ALHK!tr
AVG	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Trojan:Win/Ser.Lazy

lumma3.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All