Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 16, 2024, 9:54 a.m.	June 16, 2024, 10:10 a.m.

Size	4.1MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`58f8e96f834d5d882046bd503ee83b18`
SHA256	`97ba9760d2b5c0ea8931ef386e725eb57bf190960895b37e98166559c5f49c84`
CRC32	`20285472`
ssdeep	`98304:8+LJ9ieU4RXEf8pXU3Kr8LbEpLpoPL4a8hoo8lrg:84J0yRU2L82CPL4aeoP`
Yara	Malicious_Packer_Zero - Malicious Packer Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

.symtab

Time & API	Arguments	Status	Return	Repeated
__exception__ June 16, 2024, 9:47 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 8516640 registers.r15: 0 registers.rcx: -1 registers.rsi: 2292481 registers.r10: 3221225480 registers.rbx: -10000 registers.rsp: 2292760 registers.r11: 514 registers.r8: 2292800 registers.r9: 350 registers.rdx: 0 registers.r12: 2293320 registers.rbp: 2292816 registers.rdi: 4423328 registers.rax: 0 registers.r13: 0	1	0	0

section

{u'size_of_data': u'0x00300c00', u'virtual_address': u'0x0011e000', u'entropy': 7.971075420550574, u'name': u'.data', u'virtual_size': u'0x003580b0'}

entropy

7.97107542055

description

A section with a high entropy has been found

entropy

0.725064843197

description

Overall entropy of this PE file is high

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Goshell.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.PUPXTH.rc
McAfee	Artemis!58F8E96F834D
Cylance	Unsafe
VIPRE	Trojan.GenericKD.70477673
Sangfor	Trojan.Win32.Save.a
BitDefender	Trojan.GenericKD.70477673
Cybereason	malicious.f834d5
Arcabit	Trojan.Generic.D4336769
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win64:Malware-gen
Kaspersky	HEUR:Trojan.Win64.Goshell.gen
Alibaba	Trojan:Win64/Goshell.5daa724c
MicroWorld-eScan	Trojan.GenericKD.70477673
Emsisoft	Trojan.GenericKD.70477673 (B)
F-Secure	Trojan.TR/AD.CobaltSC.aekgm
Zillya	Trojan.Goshell.Win64.719
McAfeeD	ti!97BA9760D2B5
FireEye	Trojan.GenericKD.70477673
Sophos	Mal/Generic-S
Ikarus	Trojan.WinGo.Agent
Jiangmin	Trojan.Goshell.f
Google	Detected
Avira	TR/AD.CobaltSC.aekgm
MAX	malware (ai score=87)
Antiy-AVL	Trojan/Win32.Agent
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Trojan.GenericKD.70477673
Varist	W64/ABTrojan.VREU-4303
DeepInstinct	MALICIOUS
VBA32	Trojan.Win64.Goshell
Malwarebytes	Malware.AI.3872415787
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0CFE24
Tencent	Win64.Trojan.Goshell.Hkjl
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W64/Agent.TL!tr
AVG	Win64:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan:Win/Goshell.gen

ewwe.exe