Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 27, 2024, 10:09 a.m.	June 27, 2024, 10:20 a.m.

Size	5.6MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`9b297a1485665aef1a926f7cd322c932`
SHA256	`8c75f8e94486f5bbf461505823f5779f328c5b37f1387c18791e0c21f3fdd576`
CRC32	`0CE60856`
ssdeep	`49152:uOSBrypr/j6bvhEJNDZMMMZc/cftjn1zAkbQNDFG6jO5E90QS/NkW+cD3wxv+vps:RqrD8NN//un1ckEsU5Xi1S`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

O3B6wY7ZkFhh.exe "C:\Users\test22\AppData\Local\Temp\O3B6wY7ZkFhh.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 27, 2024, 10:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 5360130848 registers.r15: 0 registers.rcx: -1 registers.rsi: 2291457 registers.r10: 3221225480 registers.rbx: -10000 registers.rsp: 2291688 registers.r11: 514 registers.r8: 2291728 registers.r9: 350 registers.rdx: 0 registers.r12: 2292256 registers.rbp: 2291752 registers.rdi: 5354666720 registers.rax: 0 registers.r13: 4652752	1	0	0

Foreign language identified in PE resource (16 events)

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f7294

size

0x00000468

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005f76fc

size

0x000000d8

File has been identified by 27 AntiVirus engines on VirusTotal as malicious (27 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	Artemis
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.Vzo1
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/TrojanDropper.Agent.CS
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
Rising	Trojan.Injector!1.F43F (CLASSIC)
F-Secure	Heuristic.HEUR/AGEN.1372589
McAfeeD	ti!8C75F8E94486
Ikarus	Win32.Outbreak
Webroot	W32.Trojan.Agent.Gen
Google	Detected
Avira	HEUR/AGEN.1372589
Kingsoft	Win32.Troj.Unknown.a
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Varist	W64/ABTrojan.USCU-8917
AhnLab-V3	Trojan/Win.Evo-gen.C5558850
Malwarebytes	Malware.AI.2808749342
SentinelOne	Static AI - Suspicious PE
CrowdStrike	win/malicious_confidence_60% (W)
alibabacloud	Trojan[dropper]:Multi/Agent.CB

O3B6wY7ZkFhh.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All