Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 12, 2024, 3:08 p.m.	April 12, 2024, 3:08 p.m.

Size	584.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`25b1052f544cdf4c57ae8b90d83df1ac`
SHA256	`a9ff0dd4a5ee46d64169a605a859d69f39b135df8bcc8a20b5a2c693aae65666`
CRC32	`8634D633`
ssdeep	`6144:V8+i1XKDBMZkRhJEHEkVsWqTWVHXJTuEeJhtqJPdk8hZZx:+9KDBnRhiEAqKV30d0Pdk8n`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Armadillo v1.71

Foreign language identified in PE resource (16 events)

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00091194

size

0x00000468

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Cynet	Malicious (score: 99)
ALYac	DeepScan:Generic.Rincux2.519143E0
Cylance	unsafe
VIPRE	DeepScan:Generic.Rincux2.519143E0
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	DeepScan:Generic.Rincux2.519143E0
K7GW	Trojan ( 005001511 )
K7AntiVirus	Trojan ( 005001511 )
Baidu	Win32.Trojan.Kryptik.te
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HFZK
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
ClamAV	Win.Trojan.Agent-7165147-1
Kaspersky	Backdoor.Win32.Farfli.bryz
Alibaba	Backdoor:Win32/Farfli.548a3a69
NANO-Antivirus	Trojan.Win32.Farfli.fzqipo
MicroWorld-eScan	DeepScan:Generic.Rincux2.519143E0
Rising	Trojan.Kryptik!1.AAD1 (CLASSIC)
Emsisoft	DeepScan:Generic.Rincux2.519143E0 (B)
F-Secure	Heuristic.HEUR/AGEN.1347744
DrWeb	VBS.Dropper.5
Zillya	Backdoor.Farfli.Win32.8809
TrendMicro	TROJ_FRS.0NA103DU23
FireEye	Generic.mg.25b1052f544cdf4c
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Injector
Jiangmin	Trojan.Generic.dyfei
Google	Detected
Avira	HEUR/AGEN.1347744
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Win32.Fuerboos
Kingsoft	malware.kb.a.993
Arcabit	DeepScan:Generic.Rincux2.519143E0
ZoneAlarm	Backdoor.Win32.Farfli.bryz
GData	DeepScan:Generic.Rincux2.519143E0
Varist	W32/Trojan.XCFU-0598
AhnLab-V3	Malware/Win32.Generic.C4316987
BitDefenderTheta	Gen:NN.ZexaF.36802.Kq0@aKgieDbj
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Pynamer
Malwarebytes	Malware.AI.4122844495
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_FRS.0NA103DU23
Tencent	Backdoor.Win32.farfli.16000311
Yandex	Trojan.Kryptik!Py7RiKLYMq0
MaxSecure	Trojan.Malware.101797850.susgen
Fortinet	W32/Kryptik.DDGL!tr

explores.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All