Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 9, 2024, 5:04 p.m.	July 9, 2024, 5:08 p.m.

Size	8.4MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`74758f61067ea9fa0e2a4593920ed0f2`
SHA256	`f0c3e45b96e2fa1bcd7f39a9a80337314cc27ea3df30a90c594b43fa8487adc6`
CRC32	`6E8F307A`
ssdeep	`98304:o/y61b9wu3zcEWzjWFcgO/B8Px3DwGVMbalzWaPCE3s61u3:qRwgzc0TucxDwGjXPP3C`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ July 9, 2024, 4:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 5368359360 registers.r15: 0 registers.rcx: -1 registers.rsi: 4127233 registers.r10: 3221225480 registers.rbx: -10000 registers.rsp: 4127400 registers.r11: 514 registers.r8: 4127440 registers.r9: 350 registers.rdx: 0 registers.r12: 4127960 registers.rbp: 4127456 registers.rdi: 5359909440 registers.rax: 0 registers.r13: 4259472	1	0	0

section

{u'size_of_data': u'0x0027c800', u'virtual_address': u'0x00267000', u'entropy': 7.844555065467819, u'name': u'.data', u'virtual_size': u'0x0027c650'}

entropy

7.84455506547

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00017400', u'virtual_address': u'0x008ac000', u'entropy': 6.804925704172988, u'name': u'.rsrc', u'virtual_size': u'0x000172ce'}

entropy

6.80492570417

description

A section with a high entropy has been found

entropy

0.305882352941

description

Overall entropy of this PE file is high

Bkav	W64.AIDetectMalware
Elastic	malicious (high confidence)
Skyhigh	BehavesLike.Win64.Trojan.rc
McAfee	Artemis!74758F61067E
Sangfor	Trojan.Win32.Agent.Vf1k
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/TrojanDropper.Agent.CS
Avast	FileRepMalware [Misc]
Kaspersky	UDS:DangerousObject.Multi.Generic
Rising	Trojan.Injector!1.F43F (CLASSIC)
TrendMicro	Trojan.Win64.AMADEY.YXEGIZ
McAfeeD	ti!F0C3E45B96E2
FireEye	Generic.mg.74758f61067ea9fa
Sophos	Mal/Generic-S
Ikarus	Trojan.WinGo.Agent
Google	Detected
Antiy-AVL	Trojan[PSW]/Win32.Coins
Microsoft	Trojan:Win32/Phonzy.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
AhnLab-V3	Trojan/Win.Evo-gen.C5558850
DeepInstinct	MALICIOUS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win64.AMADEY.YXEGIZ
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/Agent.CS!tr
AVG	FileRepMalware [Misc]
Paloalto	generic.ml
alibabacloud	Trojan[dropper]:Multi/Agent.CB

trc.exe