Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 7, 2024, 7:24 p.m.	July 7, 2024, 7:26 p.m.

Size	326.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`84d89662f4329f2fa4a36cfd32974eef`
SHA256	`00ca90e01fedb9c290e30a733e1dd9a7642f57bbdde830c7a5be114f731e3382`
CRC32	`5D1932ED`
ssdeep	`6144:McZkS1WEzlC8hQjGRpvt5AMyHfZvvz5Xiw5Z8cyxEBw/hff:LeSoE5dCCRpvohRXzli4Z8hX5`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

AFX_DIALOG_LAYOUT

Foreign language identified in PE resource (11 events)

name

RT_ICON

language

LANG_JAPANESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x003a2f80

size

0x00000468

name

RT_ICON

language

LANG_JAPANESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x003a2f80

size

0x00000468

name

RT_ICON

language

LANG_JAPANESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x003a2f80

size

0x00000468

name

RT_ICON

language

LANG_JAPANESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x003a2f80

size

0x00000468

name

RT_ICON

language

LANG_JAPANESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x003a2f80

size

0x00000468

name

RT_ICON

language

LANG_JAPANESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x003a2f80

size

0x00000468

name

RT_ICON

language

LANG_JAPANESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x003a2f80

size

0x00000468

name

RT_STRING

language

LANG_JAPANESE

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x003a7dd0

size

0x00000210

name

RT_STRING

language

LANG_JAPANESE

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x003a7dd0

size

0x00000210

name

RT_STRING

language

LANG_JAPANESE

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x003a7dd0

size

0x00000210

name

RT_GROUP_ICON

language

LANG_JAPANESE

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x003a33e8

size

0x00000068

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002ea00', u'virtual_address': u'0x00019000', u'entropy': 7.892928174071902, u'name': u'.data', u'virtual_size': u'0x00383468'}

entropy

7.89292817407

description

A section with a high entropy has been found

entropy

0.572964669739

description

Overall entropy of this PE file is high

File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.StopCrypt.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Lockbit.fc
ALYac	Gen:Variant.Midie.147901
Cylance	Unsafe
VIPRE	Gen:Variant.Midie.147901
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Ransomware ( 0053d5971 )
BitDefender	Gen:Variant.Midie.147901
K7GW	Ransomware ( 0053d5971 )
Cybereason	malicious.2f4329
Arcabit	Trojan.Midie.D241BD
VirIT	Trojan.Win32.Tepfer.AA
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HXBC
APEX	Malicious
McAfee	Artemis!84D89662F432
Avast	Win32:RansomX-gen [Ransom]
ClamAV	Win.Packer.pkr_ce1a-9980177-0
Kaspersky	HEUR:Trojan.Win32.Chapak.gen
Alibaba	Ransom:Win32/StopCrypt.e3720dba
SUPERAntiSpyware	Trojan.Agent/Gen-Tepfer
MicroWorld-eScan	Gen:Variant.Midie.147901
Rising	Trojan.SmokeLoader!1.F6B2 (CLASSIC)
Emsisoft	Gen:Variant.Midie.147901 (B)
F-Secure	Trojan.TR/AVI.AceCrypter.gtsog
DrWeb	Trojan.Packed2.46867
Zillya	Trojan.Kryptik.Win32.4789693
TrendMicro	Ransom_StopCrypt.R03BC0DEG24
McAfeeD	Real Protect-LS!84D89662F432
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.84d89662f4329f2f
Sophos	Troj/Krypt-VK
Ikarus	Trojan.Win32.Danabot
Jiangmin	TrojanSpy.Windigo.art
Google	Detected
Avira	TR/AVI.AceCrypter.gtsog
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win32.Kryptik
Kingsoft	Win32.Trojan.Generic.a
Gridinsoft	Ransom.Win32.STOP.dg!n
Microsoft	Ransom:Win32/StopCrypt.AAX!MTB
ViRobot	Trojan.Win.Z.Midie.334336.D
ZoneAlarm	HEUR:Trojan.Win32.Chapak.gen
GData	Win32.Trojan.PSE.1V2RK4Q
Varist	W32/Kryptik.LVP.gen!Eldorado
AhnLab-V3	Ransomware/Win.StopCrypt.R648426
BitDefenderTheta	Gen:NN.ZexaF.36808.uq0@aaj9VTjG

EU.file.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All