Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 9, 2024, 9:53 a.m.	July 9, 2024, 9:59 a.m.

Size	15.3MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`9babf09115135e3726636ed32790bd36`
SHA256	`c3892920df52a2b4ba986c2eafeb5c2481a419c32fad3307f20ff03548542247`
CRC32	`049EB423`
ssdeep	`98304:f938kMnCQcjlV+JkylkA88U80OPVq6rE0wshqDGEzjQYBg:98xCQI3tylS8UUPU6rXwshq/NS`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 9, 2024, 9:53 a.m.			0	0

section

.symtab

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress July 9, 2024, 9:53 a.m.	ordinal: 0 function_address: 0x000007fefd6b7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000076d30000		-1073741511	0

Bkav	W64.AIDetectMalware
Elastic	Multi.Trojan.Sliver
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Sliver.wh
ALYac	Dump:Generic.Trojan.Tango.Marte.I.14A8F998
Cylance	Unsafe
VIPRE	Dump:Generic.Trojan.Tango.Marte.I.14A8F998
Sangfor	HackTool.Win32.Sliver_Implant_64bit.uwccg
BitDefender	Dump:Generic.Trojan.Tango.Marte.I.14A8F998
Cybereason	malicious.115135
Arcabit	Dump:Generic.Trojan.Tango.Marte.I.14A8F998
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/Agent.LO
APEX	Malicious
ClamAV	Win.File.Sliver-9942542-0
Kaspersky	HEUR:Trojan.Multi.MalGO.gen
MicroWorld-eScan	Dump:Generic.Trojan.Tango.Marte.I.14A8F998
Rising	Backdoor.Sliver!1.FCA0 (CLASSIC)
Emsisoft	Dump:Generic.Trojan.Tango.Marte.I.14A8F998 (B)
F-Secure	Hack-Tool:W32/SBeacon.A
TrendMicro	Backdoor.Win64.SILVER.SMYXCFWAZ
FireEye	Dump:Generic.Trojan.Tango.Marte.I.14A8F998
Sophos	ATK/Sliver-B
Ikarus	Trojan.WinGo.Shellcoderunner
Google	Detected
Avira	HEUR/AGEN.1366847
MAX	malware (ai score=80)
Microsoft	Trojan:Win32/SuspGolang.GK
ZoneAlarm	HEUR:Trojan.Multi.MalGO.gen
GData	Dump:Generic.Trojan.Tango.Marte.I.14A8F998
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.2263640935
SentinelOne	Static AI - Malicious PE
CrowdStrike	win/malicious_confidence_100% (D)

EXACT_ITEM.exe