popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

wev233v22.exe

Gen1 Generic Malware Malicious Library Antivirus UPX Malicious Packer Anti_VM ftp PE File PE64 OS Processor Check wget DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 10, 2024, 7:41 a.m. July 10, 2024, 7:43 a.m.
Size 10.7MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 f7f9d3c98351d9be736e7aafb3563561
SHA256 7bb30c9b75980b7bcd755d2d968077a2c8c582a0ca11e86ae9454d067182139a
CRC32 77FEEF0D
ssdeep 196608:es+j9q6y7PuZANMUgvUExd8zeiHf/jC51U7BlUdinrDRQF6f1:eNBly7Pum3gvizei/rMGBa4nr1jt
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1236
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004d60000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\python310.dll
file C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\vcruntime140.dll
file C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\python3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\stub.exe
section {u'size_of_data': u'0x00a9e000', u'virtual_address': u'0x00038000', u'entropy': 7.9991163329710195, u'name': u'.rsrc', u'virtual_size': u'0x00a9dff0'} entropy 7.99911633297 description A section with a high entropy has been found
entropy 0.988183966552 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\onefile_316_133650408700156250\stub.exe
Bkav W64.AIDetectMalware
Lionic Trojan.Win64.Agent.tsAU
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.vc
ALYac Trojan.GenericKD.73397491
Cylance Unsafe
VIPRE Trojan.GenericKD.73397491
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005b752d1 )
BitDefender Trojan.GenericKD.73397491
K7GW Trojan ( 005b752d1 )
Arcabit Trojan.Generic.D45FF4F3
VirIT Trojan.Win64.Agent.GZC
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Python/Packed.PSW.Agent_AGen.A suspicious
McAfee Artemis!F7F9D3C98351
Avast Win64:Evo-gen [Trj]
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba TrojanPSW:Win64/Generic.29985e68
MicroWorld-eScan Trojan.GenericKD.73397491
Rising Trojan.Agent!8.B1E (CLOUD)
Emsisoft Trojan.GenericKD.73397491 (B)
F-Secure Trojan.TR/Agent.xaczf
Zillya Trojan.Alien.Win64.392
TrendMicro Trojan.Win64.AMADEY.YXEGHZ
McAfeeD ti!7BB30C9B7598
FireEye Trojan.GenericKD.73397491
Sophos Mal/Generic-S
Ikarus Trojan.Python.Psw
Jiangmin Trojan.PSW.Stealer.dnf
Google Detected
Avira TR/Agent.xaczf
MAX malware (ai score=81)
Antiy-AVL Trojan/Win64.Agent
Gridinsoft Malware.Win64.Gen.tr
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm HEUR:Trojan.Win64.Agent.gen
GData Win32.Malware.Antis.NPTRMW
DeepInstinct MALICIOUS
VBA32 Trojan.Win64.Agent
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXEGHZ
Tencent Win64.Trojan.Agent.Ytjl
SentinelOne Static AI - Malicious PE
Fortinet Riskware/Application
AVG Win64:Evo-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (D)
alibabacloud Trojan:Python/Packed.PSW.Akgpp_DArY