Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 19, 2024, 1:10 p.m.	April 19, 2024, 1:24 p.m.

Size	9.2MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`56543167a8b1731dafeee93e5f2bf479`
SHA256	`22eedb7d3fabf9d2719f4baf7c6ec7a077b0d8c43f46cc2be02a4a30baa30726`
CRC32	`48D1B5F4`
ssdeep	`196608:LyMd0UMpIFNGxcUN2QnKz7BvFGMIpeHDcoBMtzwDoJp+x:ZdxmqccUlKz71NIp+j4zOoax`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

amady.exe "C:\Users\test22\AppData\Local\Temp\amady.exe"
184
explorer.exe C:\Windows\Explorer.EXE
1236

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 19, 2024, 1:03 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.00cfg
section	.gxfg
section	_RDATA

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory April 19, 2024, 1:03 p.m.	process_identifier: 1236 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004d10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

Creates executable files on the filesystem (8 events)

file	C:\Users\test22\AppData\Local\Temp\onefile_184_133579914379531250\libffi-8.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_184_133579914379531250\python3.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_184_133579914379531250\sqlite3.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_184_133579914379531250\amady.exe
file	C:\Users\test22\AppData\Local\Temp\onefile_184_133579914379531250\libssl-3.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_184_133579914379531250\libcrypto-3.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_184_133579914379531250\vcruntime140.dll
file	C:\Users\test22\AppData\Local\Temp\onefile_184_133579914379531250\python311.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x008f4400', u'virtual_address': u'0x00054000', u'entropy': 7.9987912068658416, u'name': u'.rsrc', u'virtual_size': u'0x008f43a8'}

entropy

7.99879120687

description

A section with a high entropy has been found

entropy

0.974388947928

description

Overall entropy of this PE file is high

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\onefile_184_133579914379531250\amady.exe

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)

Bkav	W64.AIDetectMalware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Generic.tc
ALYac	Gen:Variant.Tedy.429098
Cylance	unsafe
VIPRE	Gen:Variant.Tedy.429098
BitDefender	Gen:Variant.Tedy.429098
Arcabit	Trojan.Tedy.D68C2A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/GenKryptik.GUNG
APEX	Malicious
McAfee	Artemis!56543167A8B1
Avast	Win64:Evo-gen [Trj]
Kaspersky	Trojan-GameThief.Win32.Worgtop.nt
Alibaba	Trojan:Win64/GenKryptik.906f6db6
MicroWorld-eScan	Gen:Variant.Tedy.429098
Rising	Trojan.Kryptik!8.8 (CLOUD)
Emsisoft	Gen:Variant.Tedy.429098 (B)
F-Secure	Trojan.TR/Crypt.Agent.czete
Zillya	Trojan.Worgtop.Win32.395
TrendMicro	Trojan.Win64.AMADEY.YXEDRZ
Trapmine	malicious.moderate.ml.score
FireEye	Gen:Variant.Tedy.429098
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Krypt
Jiangmin	Trojan.PSW.Worgtop.ay
Google	Detected
Avira	TR/Crypt.Agent.czete
MAX	malware (ai score=83)
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Ransom.Win64.STOP.tr!n
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
ZoneAlarm	Trojan-GameThief.Win32.Worgtop.nt
GData	Win32.Trojan-Stealer.Cordimik.8VDWYY@gen
Varist	W64/Worgtop.C.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R626753
DeepInstinct	MALICIOUS
Malwarebytes	Crypt.Trojan.MSIL.DDS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win64.AMADEY.YXEDRZ
Tencent	Malware.Win32.Gencirc.10bfb6f2
Yandex	Trojan.PWS.Worgtop!GksZLRFTqu0
Fortinet	W64/GenKryptik.GUNG!tr
AVG	Win64:Evo-gen [Trj]
alibabacloud	Trojan:Win/Tedy

amady.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All