Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 4, 2024, 7:39 a.m.	July 4, 2024, 7:42 a.m.

Size	16.3MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`edc8dc2a71af650c1c6272efa564adc3`
SHA256	`18f456bc4bc4f55266f7456bfabe1f343560b6a59a3f5a68e995a34c0563a760`
CRC32	`D4F76EFF`
ssdeep	`393216:8htgAGCnsGz3SN1Xg97zShawHV+Cck7hHV:+6AD53SbkzQawHb9pV`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxzip64\Release\sfxzip.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

D:\Projects\WinRAR\sfx\build\sfxzip64\Release\sfxzip.pdb

section	.didat
section	_RDATA

resource name

PNG

Time & API	Arguments	Status	Return	Repeated
__exception__ July 4, 2024, 7:39 a.m.	stacktrace: exception.instruction_r: 81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75 exception.instruction: cmp dword ptr [esi], 0x64616f4c exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3501cb registers.esp: 14219656 registers.edi: 1973072088 registers.eax: 1972830208 registers.ebp: 632 registers.edx: 1973069536 registers.ebx: 0 registers.esi: 1973551114 registers.ecx: 1037828665	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 4, 2024, 7:32 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0
NtAllocateVirtualMemory July 4, 2024, 7:39 a.m.	process_identifier: 2704 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00350000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\CHROME_SETUP\Installer.exe
file	C:\Users\test22\AppData\Local\Temp\CHROME_SETUP\4356897439864370634.exe

file	C:\Users\test22\AppData\Local\Temp\CHROME_SETUP\4356897439864370634.exe

file	C:\Users\test22\AppData\Local\Temp\CHROME_SETUP\4356897439864370634.exe
file	C:\Users\test22\AppData\Local\Temp\CHROME_SETUP\Installer.exe

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Penguish.tsyI
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	Artemis
Cylance	Unsafe
Sangfor	Trojan.Win64.Reflo.Vzjn
K7AntiVirus	Spyware ( 005b73011 )
K7GW	Spyware ( 005b73011 )
VirIT	Trojan.Win32.GenX.AJ
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Kryptik.HXIB
APEX	Malicious
McAfee	Artemis!EDC8DC2A71AF
Avast	Win64:Evo-gen [Trj]
ClamAV	Win.Dropper.Nanocore-9986456-0
Kaspersky	Trojan.Win64.Reflo.gpq
Alibaba	Trojan:Win32/Reflo.2b883138
Rising	Backdoor.Convagent!8.123DC (TFE:5:GfvFgqX8ZiM)
F-Secure	Trojan.TR/Redcap.jebdn
DrWeb	Trojan.Siggen29.852
TrendMicro	TROJ_GEN.R002C0DG124
McAfeeD	ti!18F456BC4BC4
Sophos	Mal/Generic-S
Ikarus	PUA.VMProtect
Google	Detected
Avira	TR/Crypt.Agent.yismw
Antiy-AVL	Trojan/Win32.Injuke
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Trojan.Win64.Packed.sa
Microsoft	Trojan:Win32/Vigorf.A
ZoneAlarm	Trojan.Win64.Reflo.gpq
GData	Win32.Trojan.Kryptik.T1C5DT
Varist	W64/ABRisk.TOXG-7003
AhnLab-V3	Trojan/Win.Generic.R576673
Acronis	suspicious
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Packed
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002H01G124
MaxSecure	Trojan.Malware.271361330.susgen
Fortinet	Riskware/Application
AVG	Win64:Evo-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)
alibabacloud	Trojan:Win/Injuke.gyf

loader.exe