Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 8, 2024, 6:38 p.m.	April 8, 2024, 6:38 p.m.

Size	2.3MB
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7651626126270e6709de81ee249b9211`
SHA256	`204d953d8b198c8871ec06b7922df9f2292ff8d97ac15cef73b73cf30b288daa`
CRC32	`BE7DF097`
ssdeep	`49152:anKC2Vxfvjy9k3bB5ob0XhJ/sebZiFI5UbX3PEdtb4eYPB6kQ3uC:hC2Vxfv29kLBqo/sS95E38LnYPB6kQ3N`
PDB Path	C:\cpiv2\obj\Release\Cashing.pdb
Yara	Craxs_RAT - Craxs RAT PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\cpiv2\obj\Release\Cashing.pdb

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00247e00', u'virtual_address': u'0x00002000', u'entropy': 7.999810631246622, u'name': u'.text', u'virtual_size': u'0x00247d48'}

entropy

7.99981063125

description

A section with a high entropy has been found

entropy

0.999144385027

description

Overall entropy of this PE file is high

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Stealer.12!c
CAT-QuickHeal	TrojanSpy.MSIL
ALYac	Trojan.GenericKD.72241483
Cylance	unsafe
VIPRE	Trojan.GenericKD.72241483
Sangfor	Infostealer.Msil.Kryptik.Vurr
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.72241483
Arcabit	Trojan.Generic.D44E514B
VirIT	Trojan.Win32.MSIL.GNK
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.ALHX
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba	Trojan:MSIL/Kryptik.a185a42f
MicroWorld-eScan	Trojan.GenericKD.72241483
Rising	Stealer.Agent!8.C2 (CLOUD)
Emsisoft	Trojan.GenericKD.72241483 (B)
F-Secure	Trojan.TR/AD.Nekark.rhbqa
DrWeb	Trojan.PWS.Siggen3.36683
TrendMicro	Trojan.Win32.SMOKELOADER.YXEDEZ
FireEye	Generic.mg.7651626126270e67
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Crypt
Google	Detected
Avira	TR/AD.Nekark.rhbqa
MAX	malware (ai score=84)
Kingsoft	MSIL.Trojan-Spy.Stealer.gen
Gridinsoft	Malware.Win32.RisePro.tr
Xcitium	Malware@#2riratkayanig
Microsoft	Trojan:MSIL/LummaStealer.NM!MTB
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
GData	Trojan.GenericKD.72241483
Varist	W32/MSIL_Agent.HXB.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.C5608266
BitDefenderTheta	Gen:NN.ZemsilF.36802.so0@aWXMwOl
DeepInstinct	MALICIOUS
VBA32	TScope.Trojan.MSIL
Malwarebytes	Trojan.Agent.Generic
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.SMOKELOADER.YXEDEZ
Tencent	Malware.Win32.Gencirc.1407c230
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.73709669.susgen
Fortinet	MSIL/GenKryptik.GWAJ!tr
AVG	Win32:PWSX-gen [Trj]
alibabacloud	Trojan[spy]:MSIL/Stealer.gen

new.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All