Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 12, 2024, 3:06 p.m.	April 12, 2024, 3:06 p.m.

Size	63.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2881b6c878569feb65190b203f22c7ed`
SHA256	`6880592124f2c7857208159286944c9121648c03ec6bfff623e657b05fa35a01`
CRC32	`5FC25A31`
ssdeep	`1536:Vpny2CcY9pqEdh+L//0S0aAKayPaJwert2IS4xN9mr4:DDWpqE8X0UjPOwQZN9u4`
Yara	Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

Foreign language identified in PE resource (2 events)

name

RT_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000290a4

size

0x000008a8

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00029950

size

0x00000014

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0000ea00', u'virtual_address': u'0x0001a000', u'entropy': 7.903018026500786, u'name': u'', u'virtual_size': u'0x0000f000'}

entropy

7.9030180265

description

A section with a high entropy has been found

entropy

0.943548387097

description

Overall entropy of this PE file is high

File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.kc
ALYac	Generic.Rincux2.4DCDB565
Cylance	unsafe
VIPRE	Generic.Rincux2.4DCDB565
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.Rincux2.4DCDB565
K7GW	Trojan ( 0047e5fd1 )
K7AntiVirus	Trojan ( 0047e5fd1 )
Arcabit	Generic.Rincux2.4DCDB565
Baidu	Win32.Trojan.Farfli.x
VirIT	Backdoor.Win32.Generic.CDN
Symantec	SMG.Heur!gen
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Farfli.AFJ
APEX	Malicious
McAfee	Artemis!2881B6C87856
Avast	Win32:Downloader-UAD [Trj]
ClamAV	Win.Trojan.Ag-2
Kaspersky	Backdoor.Win32.Farfli.evg
Alibaba	Backdoor:Win32/Farfli.11930bab
NANO-Antivirus	Trojan.Win32.Dwn.cvwswi
MicroWorld-eScan	Generic.Rincux2.4DCDB565
Rising	Worm.Win32.DownLoader.dm (CLASSIC)
Emsisoft	Generic.Rincux2.4DCDB565 (B)
F-Secure	Backdoor.BDS/Backdoor.Gen
DrWeb	Trojan.DownLoader30.28179
Zillya	Trojan.Farfli.Win32.15161
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.2881b6c878569feb
Sophos	Mal/Behav-004
Ikarus	Backdoor.Win32.Zegost
Jiangmin	Trojan.Generic.whxp
Google	Detected
Avira	BDS/Backdoor.Gen
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Win32.Unknown
Kingsoft	malware.kb.b.998
Gridinsoft	Trojan.Win32.Downloader.sa
Xcitium	Application.Win32.BlkIC.IMG@1qp8gx
Microsoft	Backdoor:Win32/Farfli.BG!MTB
ZoneAlarm	Backdoor.Win32.Farfli.evg
GData	Generic.Rincux2.4DCDB565
Varist	W32/Busky.B.gen!Eldorado
AhnLab-V3	Trojan/Win32.ADH.C201912
Acronis	suspicious
BitDefenderTheta	AI:Packer.E2A04F231C

s.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All