Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 15, 2024, 4:37 p.m.	July 15, 2024, 4:46 p.m.

Size	314.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`f07d044782a27691aa43de4b94603355`
SHA256	`8e53a60383f57dc7ee46465eb298030ae0484574781823cad9d1231bfc0a2d4e`
CRC32	`2837FD7F`
ssdeep	`6144:dP5/98b9Th66j9IRXwfNQLHUPpPl2pTIejjnFJLo7:15yb9966ji64p/jjnFJQ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

205.exe "C:\Users\test22\AppData\Local\Temp\205.exe"
872

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ July 15, 2024, 4:37 p.m.	stacktrace: exception.instruction_r: 81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75 exception.instruction: cmp dword ptr [esi], 0x64616f4c exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x2501cb registers.esp: 14285452 registers.edi: 1969008856 registers.eax: 1968766976 registers.ebp: 637 registers.edx: 1969006304 registers.ebx: 0 registers.esi: 1970143252 registers.ecx: 0	1	0	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 15, 2024, 4:37 p.m.	process_identifier: 872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00250000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0001cc00', u'virtual_address': u'0x00031000', u'entropy': 7.9522909127181665, u'name': u'.data', u'virtual_size': u'0x0001daf4'}

entropy

7.95229091272

description

A section with a high entropy has been found

entropy

0.367412140575

description

Overall entropy of this PE file is high

File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Convagent.i!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.fc
ALYac	Gen:Variant.Lazy.560149
Cylance	Unsafe
VIPRE	Gen:Variant.Lazy.560149
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005b63411 )
BitDefender	Gen:Variant.Lazy.560149
K7GW	Trojan ( 005b63411 )
Cybereason	malicious.782a27
Arcabit	Trojan.Lazy.D88C15
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HXDB
APEX	Malicious
McAfee	Artemis!F07D044782A2
Avast	Win32:PWSX-gen [Trj]
ClamAV	Win.Keylogger.Lazy-10031941-0
Kaspersky	HEUR:Trojan-PSW.Win32.Reline.gen
Alibaba	TrojanPSW:Win32/Convagent.d017af79
NANO-Antivirus	Trojan.Win32.Kryptik.kpguta
MicroWorld-eScan	Gen:Variant.Lazy.560149
Rising	Backdoor.Convagent!8.123DC (TFE:5:70AJUrUrcXO)
Emsisoft	Gen:Variant.Lazy.560149 (B)
F-Secure	Trojan.TR/Crypt.Agent.ylknr
DrWeb	Trojan.PWS.Stealer.37437
Zillya	Trojan.Kryptik.Win32.4829036
TrendMicro	Mal_Locky-1
McAfeeD	ti!8E53A60383F5
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.f07d044782a27691
Sophos	Mal/Generic-S
Ikarus	Trojan-Spy.LummaStealer
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Crypt.Agent.ylknr
MAX	malware (ai score=84)
Antiy-AVL	Trojan[PSW]/Win32.Reline
Kingsoft	Win32.Trojan-PSW.Reline.gen
Gridinsoft	Trojan.Win32.Agent.sa
Xcitium	Malware@#2qtdp4p7zvs79
Microsoft	Trojan:Win32/Convagent.AMAI!MTB
ViRobot	Trojan.Win.Z.Lazy.321536.G
ZoneAlarm	HEUR:Trojan-PSW.Win32.Reline.gen
GData	Gen:Variant.Lazy.560149
Varist	W32/Kryptik.MJE.gen!Eldorado
AhnLab-V3	Malware/Win.Locky.C5646205
BitDefenderTheta	Gen:NN.ZexaE.36808.tuW@aqfBENh

205.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All