Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 16, 2024, 7:25 a.m.	May 16, 2024, 7:29 a.m.

Size	295.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d221456c3724a8ae84d820c0d0afcbd0`
SHA256	`645ccca17804f453d92dca6394beadcd8c774f413cacf918c75a1a6517acc7c4`
CRC32	`D87F226C`
ssdeep	`3072:Ei0lmjZc7WnYxroz6/waAAoJIXFoJncSIlQBAWJ2Y3xUvxcW9GNI+B75icT1jtd:j9ju75fVSIaafWzCvSW8G+1L`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Foreign language identified in PE resource (17 events)

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x02332078

size

0x00000468

name

RT_GROUP_ICON

language

LANG_TURKISH

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x023324e0

size

0x00000076

name

RT_GROUP_ICON

language

LANG_TURKISH

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x023324e0

size

0x00000076

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002cc00', u'virtual_address': u'0x0000c000', u'entropy': 7.196324645503229, u'name': u'.rdata', u'virtual_size': u'0x0002ca86'}

entropy

7.1963246455

description

A section with a high entropy has been found

entropy

0.608843537415

description

Overall entropy of this PE file is high

File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Lockbit.dh
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
VirIT	Trojan.Win32.Stealc.A
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
APEX	Malicious
Avast	TrojanX-gen [Trj]
ClamAV	Win.Ransomware.Stop-10029959-0
Kaspersky	VHO:Trojan-Downloader.Win32.Convagent.gen
Rising	Trojan.Generic@AI.100 (RDML:KaR4/la8cOUvo3V2mNOqOA)
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.d221456c3724a8ae
Sophos	Troj/Krypt-AEE
Ikarus	Trojan.Win32.Raccoon
Google	Detected
ZoneAlarm	VHO:Trojan-Downloader.Win32.Convagent.gen
BitDefenderTheta	Gen:NN.ZexaF.36804.su0@aeR8JEfG
DeepInstinct	MALICIOUS
VBA32	BScope.TrojanSpy.Convagent
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Kryptik.HCOV!tr
AVG	TrojanX-gen [Trj]

univ.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All