Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 12, 2024, 3:07 p.m.	April 12, 2024, 3:08 p.m.

Size	9.4MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3b399029f94a2a7bd1bec39fdbfdc178`
SHA256	`53e6d62146194c4d5731fcb591341156b00f77c56f100b93b5fefdc198a083c8`
CRC32	`03AE2040`
ssdeep	`196608:OpLSiWntbJlDs9l0K3n3XcPHwnza6FpVdLV5Y9euXH4x8:ONWPlwDnX4wneYZj0Dox8`
Yara	PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00951400', u'virtual_address': u'0x00002000', u'entropy': 7.07515252794767, u'name': u'.text', u'virtual_size': u'0x009513e4'}

entropy

7.07515252795

description

A section with a high entropy has been found

entropy

0.992148910726

description

Overall entropy of this PE file is high

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Bkav	W32.AIDetectMalware.CS
Skyhigh	Artemis!Trojan
ALYac	Trojan.GenericKD.72295057
Cylance	unsafe
Sangfor	Trojan.Msil.Kryptik.Vqxc
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.72295057
K7GW	Trojan ( 005b39821 )
K7AntiVirus	Trojan ( 005b39821 )
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/GenKryptik.GVRV
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Kaspersky	HEUR:Trojan.MSIL.Crypt.gen
Alibaba	Trojan:MSIL/GenKryptik.4c8dfbbb
MicroWorld-eScan	Trojan.GenericKD.72295057
Rising	Malware.Obfus/MSIL@AI.90 (RDM.MSIL2:YqlSZajXGHHy+ZtAU2dHFQ)
Emsisoft	Trojan.GenericKD.72295057 (B)
F-Secure	Trojan.TR/Kryptik.xoylh
DrWeb	Trojan.Packed2.46276
TrendMicro	Trojan.Win32.SMOKELOADER.YXEDKZ
FireEye	Generic.mg.3b399029f94a2a7b
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Crypt
Google	Detected
Avira	TR/Kryptik.xoylh
MAX	malware (ai score=87)
Antiy-AVL	Trojan/MSIL.GenKryptik
Kingsoft	MSIL.Trojan.Crypt.gen
Gridinsoft	Trojan.Win32.Kryptik.sa
Arcabit	Trojan.Generic.D44F2291
ZoneAlarm	HEUR:Trojan.MSIL.Crypt.gen
GData	Win32.Trojan.Agent.HUBUQS
Varist	W32/ABRisk.RDCL-1925
AhnLab-V3	Trojan/Win.Formbook.X2183
BitDefenderTheta	Gen:NN.ZemsilF.36802.@p0@aq7nuNk
DeepInstinct	MALICIOUS
VBA32	Malware-Cryptor.MSIL.AgentTesla.Heur
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.SMOKELOADER.YXEDKZ
Tencent	Malware.Win32.Gencirc.14082dc5
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.ALAV!tr
AVG	Win32:PWSX-gen [Trj]
alibabacloud	Trojan:MSIL/Crypt.gen

f.php

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All