Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 8, 2024, 7:40 a.m.	July 8, 2024, 7:56 a.m.

Size	5.7MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`36dcf115331160b2f88e83e5b8d07036`
SHA256	`6730f3ff0586fe95fd3c8514df7dc362eb4efe30a3a43f072797681bb196ad2c`
CRC32	`03004330`
ssdeep	`98304:PbY6T04UIo2Bvz2sdWTI5ddHrb/NwTPOhhZbHjlpaQ4eeiWX+20DFfTIImZu:P06jLvz2sdGQrLNI2/NHjlpEeeiD2i9J`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

{u'size_of_data': u'0x005aa400', u'virtual_address': u'0x00a7a000', u'entropy': 7.892020837185568, u'name': u'UPX1', u'virtual_size': u'0x005ab000'}

entropy

7.89202083719

description

A section with a high entropy has been found

entropy

0.999913815393

description

Overall entropy of this PE file is high

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress July 8, 2024, 7:36 a.m.	ordinal: 0 function_address: 0x000007fefd6b7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000076d30000		-1073741511	0

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Generic.tc
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/Kryptik.FF
APEX	Malicious
McAfee	Artemis!36DCF1153311
Rising	Trojan.Kryptik!8.8 (CLOUD)
McAfeeD	ti!6730F3FF0586
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan.WinGo.Injector
Webroot	W32.Trojan.Gen
Google	Detected
Antiy-AVL	GrayWare/Win32.Kryptik.ffp
Microsoft	Trojan:Win32/Casdet!rfn
Varist	W64/Agent.FXW.gen!Eldorado
DeepInstinct	MALICIOUS
MaxSecure	Trojan.Malware.300983.susgen
Paloalto	generic.ml
alibabacloud	Trojan:Multi/Kryptik.F#

win.exe