Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 3, 2024, 3:45 p.m.	May 3, 2024, 3:49 p.m.

Size	81.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`6072310e460bb41fb1a0e5ea9f16e33c`
SHA256	`a7c80e958aa92919633f53ca7bbebff9a01953bdf537700dc43a02d55f482591`
CRC32	`9AC00349`
ssdeep	`768:nBwhTKNgHQBaz3lkIA2X8+HHNKhBj5kDwXuhEpuEKKeFZhVM+J64kVVEEG69UAUx:nahT5TNEqNKhBDu0KKSZj8VEKtUQpk`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956002.exe "C:\Users\test22\AppData\Local\Temp\setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956002.exe"
724

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
8.134.147.84	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Foreign language identified in PE resource (12 events)

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00019058

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00019058

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00019058

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00019058

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00019058

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00019058

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00019058

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00019058

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00019058

size

0x00000468

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001951c

size

0x00000030

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001951c

size

0x00000030

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001954c

size

0x00000310

Communicates with host for which no DNS query was performed (1 event)

host

8.134.147.84

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

8.134.147.84:80

File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Leonem.a!c
Cynet	Malicious (score: 99)
ALYac	Trojan.GenericKD.72447007
Cylance	unsafe
VIPRE	Trojan.GenericKD.72447007
Sangfor	Downloader.Win64.Leonem.Vr1p
BitDefender	Trojan.GenericKD.72447007
K7GW	Trojan-Downloader ( 005b48ea1 )
K7AntiVirus	Trojan-Downloader ( 005b48ea1 )
Arcabit	Trojan.Generic.D451741F
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/TrojanDownloader.Agent.ASF
Avast	Win64:Malware-gen
Kaspersky	Trojan-Downloader.Win64.Agent.bcu
Alibaba	TrojanDownloader:Win64/Leonem.ddc3489b
MicroWorld-eScan	Trojan.GenericKD.72447007
Rising	Downloader.Agent!1.FA82 (CLASSIC)
Emsisoft	Trojan.GenericKD.72447007 (B)
F-Secure	Trojan.TR/Dldr.Agent.lnxns
Zillya	Downloader.Agent.Win64.6252
TrendMicro	TROJ_GEN.R002C0DDP24
FireEye	Trojan.GenericKD.72447007
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan-Downloader.Win64.Agent
Google	Detected
Avira	TR/Dldr.Agent.lnxns
Antiy-AVL	Trojan/Win32.Wacatac
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Ransom.Win64.Wacatac.sa
Microsoft	Trojan:Win32/Leonem
ZoneAlarm	Trojan-Downloader.Win64.Agent.bcu
GData	Trojan.GenericKD.72447007
Varist	W64/ABDownloader.BELF-2564
AhnLab-V3	Trojan/Win.Leonem.R646853
DeepInstinct	MALICIOUS
Malwarebytes	Neshta.Virus.FileInfector.DDS
TrendMicro-HouseCall	TROJ_GEN.R002C0DDP24
Tencent	Backdoor.Win32.Downloader_l.16001170
MAX	malware (ai score=85)
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W64/Agent.ASF!tr.dldr
AVG	Win64:Malware-gen
Paloalto	generic.ml
alibabacloud	Trojan[downloader]:Win/Agent.AB!

setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956002.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All