Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 8, 2024, 7:38 a.m.	July 8, 2024, 7:58 a.m.

Size	446.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`47a4c6547aaa57510c4d02ce8a6ae548`
SHA256	`86e575388e355071efce2321d937b50793a353bf8f6cbbcbd7a9305fe293683e`
CRC32	`F46127EB`
ssdeep	`12288:w23hQpxY3Tf3jnRqQ4CfcjOh5aerlVAgnFDYh//5NyVx:w23qpxYDLRuCHbamTAgnFs//36`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

.bSS

Time & API	Arguments	Status	Return	Repeated
__exception__ July 8, 2024, 7:35 a.m.	stacktrace: exception.instruction_r: 81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75 exception.instruction: cmp dword ptr [esi], 0x64616f4c exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x2501cb registers.esp: 15335216 registers.edi: 1973072088 registers.eax: 1972830208 registers.ebp: 632 registers.edx: 1973069536 registers.ebx: 0 registers.esi: 1973551114 registers.ecx: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 8, 2024, 7:35 a.m.	process_identifier: 2576 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00250000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00035c00', u'virtual_address': u'0x00039000', u'entropy': 7.976534267833168, u'name': u'.data', u'virtual_size': u'0x00036c9c'}

entropy

7.97653426783

description

A section with a high entropy has been found

entropy

0.482603815937

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.gc
McAfee	Artemis!47A4C6547AAA
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00515e9f1 )
BitDefender	Gen:Variant.Jaik.234990
K7GW	Trojan ( 00515e9f1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HXDB
APEX	Malicious
Avast	Win32:CrypterX-gen [Trj]
ClamAV	Win.Keylogger.Lazy-10031941-0
Kaspersky	HEUR:Backdoor.Win32.Agent.gen
Rising	Backdoor.Agent!8.C5D (TFE:1:Nd9iHzdZn0S)
F-Secure	Trojan.TR/AVI.vidar.ojldj
TrendMicro	Mal_Locky-1
McAfeeD	ti!86E575388E35
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.47a4c6547aaa5751
Sophos	Mal/Generic-S
Ikarus	Trojan-Spy.LummaStealer
Google	Detected
Avira	TR/AVI.vidar.ojldj
MAX	malware (ai score=84)
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
ZoneAlarm	HEUR:Backdoor.Win32.Agent.gen
GData	Win32.Trojan.Kryptik.Z97C59
Varist	W32/Kryptik.MJE.gen!Eldorado
BitDefenderTheta	Gen:NN.ZexaE.36808.ByW@aa474bei
DeepInstinct	MALICIOUS
VBA32	BScope.TrojanPSW.MSIL.Convagent
TrendMicro-HouseCall	Mal_Locky-1
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Kryptik.HXDB!tr
AVG	Win32:CrypterX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)

vidar0607.exe