Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 17, 2024, 1:31 p.m.	June 17, 2024, 1:37 p.m.

Size	488.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fdafb92fc1868e533daa18f318d8e322`
SHA256	`20c1e1afe90bdcf0f52211ad57c0b44bf2657eee63057b503ca6f3efeeb9a828`
CRC32	`CA9CF153`
ssdeep	`6144:5pPjLfMHsP9QLw5bB4DOmfG6i2wGWPgEammKW4g0l6zkLL3QxWP1IIL4qb:5pbMHwIwt0XG6OPg/mmSFl6zk/gxoIv`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

NewKindR.exe "C:\Users\test22\AppData\Local\Temp\NewKindR.exe"
1648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
121.254.136.18	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 17, 2024, 1:31 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 237568 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0245c000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory June 17, 2024, 1:31 p.m.	process_identifier: 1648 region_size: 438272 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Foreign language identified in PE resource (25 events)

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_ICON

language

LANG_TURKISH

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x01f8d748

size

0x00000468

name

RT_GROUP_ICON

language

LANG_TURKISH

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x01f87388

size

0x00000068

name

RT_GROUP_ICON

language

LANG_TURKISH

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x01f87388

size

0x00000068

name

RT_GROUP_ICON

language

LANG_TURKISH

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x01f87388

size

0x00000068

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00049000', u'virtual_address': u'0x00014000', u'entropy': 7.175581363363252, u'name': u'.rdata', u'virtual_size': u'0x00048f3a'}

entropy

7.17558136336

description

A section with a high entropy has been found

entropy

0.598974358974

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

121.254.136.18

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Tepfer.i!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.gh
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 00584baa1 )
BitDefender	Trojan.Generic.36386528
K7GW	Riskware ( 00584baa1 )
VirIT	Trojan.Win32.Tepfer.AE
Symantec	Packed.Generic.525
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/GenKryptik.GYST
APEX	Malicious
McAfee	Artemis!FDAFB92FC186
Avast	Win32:RATX-gen [Trj]
ClamAV	Win.Packed.Fareit-10030127-0
Kaspersky	HEUR:Trojan-PSW.Win32.Tepfer.gen
MicroWorld-eScan	Trojan.Generic.36386528
Rising	Trojan.Generic@AI.100 (RDML:8SqVc3u/K/QAKRFeabwXAg)
F-Secure	Trojan.TR/Redcap.vrjeb
DrWeb	Trojan.PWS.Steam.37331
TrendMicro	Trojan.Win32.AMADEY.YXEFNZ
McAfeeD	Real Protect-LS!FDAFB92FC186
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.fdafb92fc1868e53
Sophos	Troj/Krypt-AEE
Ikarus	Packed.Win32.Crypt
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Redcap.vrjeb
MAX	malware (ai score=80)
Antiy-AVL	Trojan[PSW]/Win32.Tepfer
Kingsoft	malware.kb.a.999
Gridinsoft	Trojan.Win32.Amadey.tr
Microsoft	Trojan:Win32/Amadey.ASGK!MTB
ZoneAlarm	HEUR:Trojan-PSW.Win32.Tepfer.gen
GData	Win32.Trojan.PSE.8WHVJ3
AhnLab-V3	Trojan/Win.Generic.R653711
BitDefenderTheta	Gen:NN.ZexaF.36806.Eu0@ay3SxmiG
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Klubdepa
Malwarebytes	Trojan.MalPack.GS
TrendMicro-HouseCall	Trojan.Win32.AMADEY.YXEFNZ
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/Kryptik.HBBY!tr
AVG	Win32:RATX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)

NewKindR.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All