Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 7, 2024, 9:28 a.m.	June 7, 2024, 9:44 a.m.

Size	421.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`277923785bb9e137228d51c5685ee0ab`
SHA256	`02eac2d8c04bfbabf5285b5fb1badf755e16ae50899f6bd7b788654e85a20613`
CRC32	`ADE5D1B7`
ssdeep	`6144:DanQ+kOsq4Dfvn3ai0+02l4CSOh+mF7OPm8vvcsIExBvqioI//3CC3bxwq/FKizC:D6f4DfvniMHF7YcsIWkA/yCVdKiW`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

vidar0506.exe "C:\Users\test22\AppData\Local\Temp\vidar0506.exe"
1664

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
34.192.83.212	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.con

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 7, 2024, 9:28 a.m.	stacktrace: exception.instruction_r: 81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75 exception.instruction: cmp dword ptr [esi], 0x64616f4c exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4001cb registers.esp: 9960768 registers.edi: 1969008856 registers.eax: 1968766976 registers.ebp: 629 registers.edx: 1969006304 registers.ebx: 0 registers.esi: 1969094660 registers.ecx: 0	1	0	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory June 7, 2024, 9:28 a.m.	process_identifier: 1664 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00035e00', u'virtual_address': u'0x00034000', u'entropy': 7.976922227749829, u'name': u'.data', u'virtual_size': u'0x00036d24'}

entropy

7.97692222775

description

A section with a high entropy has been found

entropy

0.512485136742

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

34.192.83.212

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

192.168.56.103:49475

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealerc.1m!c
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.gc
ALYac	Gen:Variant.Zusy.551435
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.551435
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005b600f1 )
BitDefender	Gen:Variant.Zusy.551435
K7GW	Trojan ( 005b600f1 )
Arcabit	Trojan.Zusy.D86A0B
VirIT	Trojan.Win32.GenusT.DWZB
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HXDB
APEX	Malicious
McAfee	Artemis!277923785BB9
Avast	Win32:PWSX-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.Win32.Stealerc.gen
Alibaba	TrojanPSW:Win32/Vidar.3739d9c2
MicroWorld-eScan	Gen:Variant.Zusy.551435
Rising	Stealer.Stealerc!8.17BE0 (TFE:5:gxuPXyiFM2Q)
Emsisoft	Gen:Variant.Zusy.551435 (B)
F-Secure	Trojan.TR/Crypt.Agent.cygcd
TrendMicro	TrojanSpy.Win32.RISEPRO.YXEFEZ
McAfeeD	Real Protect-LS!277923785BB9
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.277923785bb9e137
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Krypt
Webroot	W32.Stealerc
Google	Detected
Avira	TR/Crypt.Agent.cygcd
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Win32.Kryptik
Kingsoft	Win32.Trojan-PSW.Stealerc.gen
Gridinsoft	Trojan.Win32.Kryptik.sa
Microsoft	Trojan:Win32/Vidar.IIV!MTB
ZoneAlarm	HEUR:Trojan-PSW.Win32.Stealerc.gen
GData	Gen:Variant.Zusy.551435
Varist	W32/Kryptik.MHW.gen!Eldorado
AhnLab-V3	Trojan/Win.Vidar.C5630108
BitDefenderTheta	Gen:NN.ZexaF.36806.AuW@a0Qq1Mo
DeepInstinct	MALICIOUS
VBA32	BScope.TrojanPSW.Vidar
Malwarebytes	Trojan.Crypt
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TrojanSpy.Win32.RISEPRO.YXEFEZ
Tencent	Malware.Win32.Gencirc.140e0027

vidar0506.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All