Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 11, 2024, 1:16 p.m.	July 11, 2024, 1:43 p.m.

Size	4.6MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`dadc454c892912cd84136387e734e389`
SHA256	`e62ce31617ac8a52fcc93414ff2e1f31a8022951fc264ca368bb613c633a96c2`
CRC32	`A6BEF143`
ssdeep	`98304:COKlncWD8u7mWh+ME44RM7SbSfF6tUm2VVhW:zucWDKWh+vw7SbmxVLW`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ July 11, 2024, 1:16 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 22882272 registers.r15: 0 registers.rcx: -1 registers.rsi: 4322408 registers.r10: 3221225485 registers.rbx: -10000 registers.rsp: 4322072 registers.r11: 2 registers.r8: 4322112 registers.r9: 360 registers.rdx: 0 registers.r12: 4322632 registers.rbp: 4322136 registers.rdi: 18295872 registers.rax: 0 registers.r13: 8	1	0	0

section

{u'size_of_data': u'0x00354000', u'virtual_address': u'0x00094000', u'entropy': 7.986171107903751, u'name': u'.data', u'virtual_size': u'0x00353fc0'}

entropy

7.9861711079

description

A section with a high entropy has been found

entropy

0.726962457338

description

Overall entropy of this PE file is high

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.GoLang.4!c
Elastic	malicious (high confidence)
Skyhigh	BehavesLike.Win64.Generic.rc
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.GoLang_AGen.G suspicious
APEX	Malicious
Avast	Win64:MalwareX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Packed:Win32/GoLang_AGen.f5ce0c6e
Zillya	Trojan.GoLangAGen.Win32.10
McAfeeD	ti!E62CE31617AC
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.dadc454c892912cd
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan.WinGo.Shellcoderunner
Google	Detected
Antiy-AVL	Trojan[Packed]/Win32.Golang
Gridinsoft	Trojan.Win64.Packed.sa
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Win64.Trojan.Agent.PNZSJP
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Fortinet	Riskware/Application
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)
alibabacloud	VirTool:Win/Packed.GoLang_AGen.G

ws.exe