Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 18, 2024, 8:04 p.m.	May 18, 2024, 8:10 p.m.

Size	778.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`05b11e7b711b4aaa512029ffcb529b5a`
SHA256	`2aab2ca39749b21877d1c52526009f9f5d251d934205e9f671a9e84cecd55afa`
CRC32	`3FC09DF6`
ssdeep	`24576:IOuNAyNC+m6+Xs9Fp1RtKmYmy6Mmp78eR/VRgAiHIXOTR1/6:IOgCg+Xs9FpztKmYc78O9MIXq1/6`
PDB Path	C:\fjaxgvro\output.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.215.113.66	Active	Moloch

Flow	SID	Signature	Category
TCP 185.215.113.66:5151 -> 192.168.56.101:49220	2400031	ET DROP Spamhaus DROP Listed Traffic Inbound group 32	Misc Attack

No Suricata TLS

pdb_path

C:\fjaxgvro\output.pdb

Time & API	Arguments	Status	Return	Repeated
__exception__ May 18, 2024, 8:04 p.m.	stacktrace: exception.instruction_r: 81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75 exception.instruction: cmp dword ptr [esi], 0x64616f4c exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3601cb registers.esp: 37616080 registers.edi: 1973072088 registers.eax: 1972830208 registers.ebp: 632 registers.edx: 1973069536 registers.ebx: 0 registers.esi: 1973551114 registers.ecx: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory May 18, 2024, 8:04 p.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00027600', u'virtual_address': u'0x00097000', u'entropy': 7.965627352077634, u'name': u'.data', u'virtual_size': u'0x00028fe4'}

entropy

7.96562735208

description

A section with a high entropy has been found

entropy

0.204280155642

description

Overall entropy of this PE file is high

host

185.215.113.66

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Reline.i!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojandropper.Convagent
VIPRE	Gen:Heur.Kysler.1
K7GW	Trojan ( 005b5b4d1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.GXSE
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Kysler-10030133-0
MicroWorld-eScan	Gen:Heur.Kysler.1
Emsisoft	Gen:Heur.Kysler.1 (B)
F-Secure	Trojan.TR/AD.Stealc.svref
TrendMicro	Trojan.Win32.AMADEY.YXEEQZ
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Ikarus	Win32.Outbreak
Webroot	W32.Malware.Gen
Avira	TR/AD.Stealc.svref
Kingsoft	Win32.Trojan-PSW.Reline.gen
Gridinsoft	Malware.Win32.Stealc.tr
Arcabit	Trojan.Kysler.1
Varist	W32/ABRisk.QPVU-1948
AhnLab-V3	Trojan/Win.Generic.R648506
VBA32	BScope.TrojanPSW.Reline
DeepInstinct	MALICIOUS
Malwarebytes	Spyware.Stealer
TrendMicro-HouseCall	Trojan.Win32.AMADEY.YXEEQZ
Tencent	Win32.Trojan.FalseSign.Rwhl
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.GXSE!tr
Panda	Trj/Genetic.gen
alibabacloud	Trojan:Win/Kysler.Gen

swizzzz.exe