Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 8, 2024, 6:30 p.m.	April 8, 2024, 6:30 p.m.

Size	274.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`23c36291056735c770acd94a1eeb2d74`
SHA256	`6d8e4f00f741733562a2c7a4a186bc3323c398d3a6c919e601ee22404be2cd07`
CRC32	`EDB33BD4`
ssdeep	`6144:omBGQYIVvlIfGAbq/5VayaiH5MUxtkUHiaPK://YIVtrAbqRA6+UxyU3C`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00038800', u'virtual_address': u'0x0001a000', u'entropy': 7.599124550649525, u'name': u'.data', u'virtual_size': u'0x006df1c8'}

entropy

7.59912455065

description

A section with a high entropy has been found

entropy

0.588541666667

description

Overall entropy of this PE file is high

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Danabot.4!c
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.dc
ALYac	Trojan.GenericKD.72109038
VIPRE	Trojan.GenericKD.72109038
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005b36771 )
BitDefender	Trojan.GenericKD.72109038
K7GW	Trojan ( 005b36771 )
Arcabit	Trojan.Generic.D44C4BEE
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HWRO
APEX	Malicious
McAfee	Artemis!23C362910567
ClamAV	Win.Packer.pkr_ce1a-9980177-0
Alibaba	Trojan:Win32/LummaStealer.47fc2a0d
NANO-Antivirus	Trojan.Win32.Stealer.kkxdfi
MicroWorld-eScan	Trojan.GenericKD.72109038
Rising	Trojan.SmokeLoader!1.F6B2 (CLASSIC)
Emsisoft	Trojan.GenericKD.72109038 (B)
DrWeb	Trojan.PWS.Stealer.38546
Zillya	Trojan.GenKryptik.Win32.530521
TrendMicro	TrojanSpy.Win32.LUMMAC.USBLCR24
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.23c36291056735c7
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Danabot
Jiangmin	Backdoor.Mokes.hxx
Google	Detected
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Win32.Convagent
Kingsoft	Win32.Troj.Agent.cks
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/LummaStealer.SPD!MTB
ViRobot	Trojan.Win.Z.Agent.280800
GData	Trojan.GenericKD.72109038
Varist	W32/ABRisk.YIIJ-5519
AhnLab-V3	Trojan/Win.PWSX-gen.R641518
DeepInstinct	MALICIOUS
VBA32	Malware-Cryptor.2LA.gen
Malwarebytes	Crypt.Trojan.Malicious.DDS
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TrojanSpy.Win32.LUMMAC.USBLCR24
Tencent	Trojan.Win32.Obfuscated.gen
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.237686108.susgen
Fortinet	W32/Kryptik.HWMW!tr
alibabacloud	Trojan:Win/Danabot.MBFW!MTB

sample8.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All