Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 13, 2024, 11:29 a.m.	April 13, 2024, 11:29 a.m.

Size	7.6MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`75f9c243e05b307d9523405d80b8e87f`
SHA256	`66b4d726c5af4b74ddfc16050395aaa5b4c2848c706f9f88de7375c6ffde75e6`
CRC32	`81AADC98`
ssdeep	`49152:VGQxpRUQM9Gdyd1hSparhzALoMwxrh/jmj92dqM/b34TwTHHB72eh2NT:V/xpRlM9Uyd1hS45ALqxrxmj9y`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software Is_DotNET_EXE - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectMalware.CS
Skyhigh	BehavesLike.Win32.Generic.wz
ALYac	Generic.MSIL.PasswordStealerA.87A0B8D0
Cylance	unsafe
VIPRE	Generic.MSIL.PasswordStealerA.87A0B8D0
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.MSIL.PasswordStealerA.87A0B8D0
Arcabit	Generic.MSIL.PasswordStealerA.87A0B8D0
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.CLQ
APEX	Malicious
McAfee	Artemis!75F9C243E05B
Avast	MSIL:Quasar-A [Rat]
ClamAV	Win.Malware.Generic-9883083-0
Kaspersky	HEUR:Trojan.MSIL.Quasar.gen
Alibaba	Backdoor:MSIL/Quasar.033bb9bc
MicroWorld-eScan	Generic.MSIL.PasswordStealerA.87A0B8D0
Rising	Backdoor.Quasar!1.E5F1 (CLASSIC)
Emsisoft	Generic.MSIL.PasswordStealerA.87A0B8D0 (B)
F-Secure	Heuristic.HEUR/AGEN.1371145
DrWeb	BackDoor.QuasarNET.3
TrendMicro	TROJ_GEN.R002C0DDB24
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.75f9c243e05b307d
Sophos	Mal/Generic-S
Ikarus	Win32.Outbreak
Google	Detected
Avira	HEUR/AGEN.1371145
MAX	malware (ai score=80)
Antiy-AVL	Trojan/MSIL.Quasar
Kingsoft	MSIL.Trojan.Quasar.gen
Gridinsoft	Trojan.Win32.Agent.sa
Microsoft	Backdoor:MSIL/Quasar!atmn
ZoneAlarm	HEUR:Trojan.MSIL.Quasar.gen
GData	MSIL.Backdoor.Quasar.D
Varist	W32/MSIL_Troj.C.gen!Eldorado
AhnLab-V3	Backdoor/Win32.RL_QuasarRAT.C4342522
BitDefenderTheta	Gen:NN.ZemsilF.36802.@p3@aCTUM@o
DeepInstinct	MALICIOUS
VBA32	Trojan.MSIL.Quasar.Heur
Malwarebytes	Backdoor.Quasar
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DDB24
Tencent	Msil.Trojan.Quasar.Sgil
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.AES!tr
AVG	MSIL:Quasar-A [Rat]

heARGJhW.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All