Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 11, 2024, 7:27 p.m.	May 11, 2024, 7:44 p.m.

Size	2.7MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`d2f812118c89341715fbff0ba9530396`
SHA256	`716741d85859c7c4747395deb709dc0b4b2741a0d15850aa3a706cc05d61bf6d`
CRC32	`5D0B642D`
ssdeep	`24576:tRoBHi3buy4toE1jC6Ayo2xhWLbSPlqRvc68XzRVGvQB5VA0UC1dUUKj/LZ8j3gy:boKmo4jC6Tov2RUC1doj/wgy`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

file300un.exe "C:\Users\test22\AppData\Local\Temp\file300un.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 11, 2024, 7:20 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	.managed
section	hydrated
section	_RDATA
section	.m4lw4r3

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00002c00', u'virtual_address': u'0x00346000', u'entropy': 7.907591450613791, u'name': u'.m4lw4r3', u'virtual_size': u'0x00003000'}

entropy

7.90759145061

description

A section with a high entropy has been found

File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 events)

Lionic	Trojan.Win32.PBLoader.a!c
Elastic	malicious (high confidence)
Skyhigh	Artemis!Trojan
Cylance	unsafe
Sangfor	Downloader.Msil.Kryptik.Vu47
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/GenKryptik.GXKH
McAfee	Artemis!D2F812118C89
Avast	PWSX-gen [Trj]
Kaspersky	Trojan-Downloader.MSIL.PBLoader.p
Rising	Backdoor.Androm!8.113 (TFE:5:o0l3RIooCEG)
DrWeb	Trojan.Inject5.4868
TrendMicro	Trojan.Win64.OPERALOADER.YXEEKZ
Sophos	Mal/Generic-S
Ikarus	Win32.Outbreak
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/AD.Nekark.lkpog
Antiy-AVL	Trojan/Win64.GenKryptik
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Malware.Win64.PrivateLoader.tr
Microsoft	TrojanDownloader:MSIL/Taily
ZoneAlarm	UDS:Trojan-Downloader.MSIL.PBLoader.p
GData	Win32.Trojan.Ilgergop.KI9CFC
Varist	W64/ABRisk.ATGK-3316
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4279885043
Fortinet	W64/GenKryptik.GUVY!tr
AVG	PWSX-gen [Trj]
Paloalto	generic.ml

file300un.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All