Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 11, 2024, 7:30 p.m.	May 11, 2024, 7:38 p.m.

Size	2.7MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`731ff38afbc5a664f5a458e222d91f84`
SHA256	`a0e3a64e0e6aee3370ccbbca59f8ae0b34be674963c1dabe14926b24fdcae7d0`
CRC32	`EB04D3F5`
ssdeep	`24576:3RoBHi3buy4toE1jC6Ayo2xhWLbSPlqRvc68XzRVGvxB5VA0UC1dUUKj/OZ8j3g3:BoKmo4jC6TovDRUC1doj/Tg3`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Isetup2.exe "C:\Users\test22\AppData\Local\Temp\Isetup2.exe"
1488

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 11, 2024, 7:30 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	.managed
section	hydrated
section	_RDATA
section	.m4lw4r3

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00002c00', u'virtual_address': u'0x00346000', u'entropy': 7.911136571897288, u'name': u'.m4lw4r3', u'virtual_size': u'0x00003000'}

entropy

7.9111365719

description

A section with a high entropy has been found

File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)

Lionic	Trojan.Win32.PBLoader.a!c
Elastic	malicious (high confidence)
Skyhigh	Artemis!Trojan
Cylance	unsafe
Sangfor	Trojan.Win64.Kryptik.Vsad
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/GenKryptik.GXKH
McAfee	Artemis!731FF38AFBC5
Avast	PWSX-gen [Trj]
Kaspersky	UDS:Trojan-Downloader.MSIL.PBLoader.o
Rising	Backdoor.Androm!8.113 (CLOUD)
TrendMicro	Trojan.Win64.PRIVATELOADER.YXEEKZ
Sophos	Mal/Generic-S
Ikarus	Win32.Outbreak
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/AD.Nekark.aqkhx
Antiy-AVL	Trojan/Win64.GenKryptik
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Trojan.Win64.Glupteba.tr
Microsoft	Trojan:MSIL/Amadey
ZoneAlarm	UDS:Trojan-Downloader.MSIL.PBLoader.o
GData	Win32.Trojan.Ilgergop.HI163Z
Varist	W64/ABRisk.DGRD-2221
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4279885043
Fortinet	W64/GenKryptik.GUVY!tr
AVG	PWSX-gen [Trj]
Paloalto	generic.ml

Isetup2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All