Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 16, 2024, 11:07 a.m.	July 16, 2024, 11:09 a.m.

Size	390.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`e0c387e6842dc4797be9380a8bde32f3`
SHA256	`5d6c0496aba5ef54b704ba6a0316a3b568add232cab10efeaf4d59bb06d13dd5`
CRC32	`8569A37D`
ssdeep	`6144:+hdJzxpL5aUyAUCjZBLnk8OEvKBkcx09ULP7I8vscR91Q3gwy/Oeei8IEO:+fpUUyOHZG0iP8jhNi8IEO`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ July 16, 2024, 11:07 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x755ed141 201+0x6bc3 @ 0xa16bc3 201+0xa3d5 @ 0xa1a3d5 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 3145104 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 3145148 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5242880	1	0	0
__exception__ July 16, 2024, 11:07 a.m.	stacktrace: exception.instruction_r: 81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75 exception.instruction: cmp dword ptr [esi], 0x64616f4c exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3401cb registers.esp: 37158364 registers.edi: 1973072088 registers.eax: 1972830208 registers.ebp: 632 registers.edx: 1973069536 registers.ebx: 0 registers.esi: 1973551114 registers.ecx: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 16, 2024, 11:07 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00340000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0002a400', u'virtual_address': u'0x00035000', u'entropy': 7.966952382198577, u'name': u'.data', u'virtual_size': u'0x0002b35c'}

entropy

7.9669523822

description

A section with a high entropy has been found

entropy

0.445322793149

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
BitDefender	Gen:Variant.Fragtor.598532
Arcabit	Trojan.Fragtor.D92204
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HXIV
APEX	Malicious
Avast	PWSX-gen [Trj]
ClamAV	Win.Keylogger.Lazy-10031941-0
Kaspersky	HEUR:Trojan-PSW.Win32.Reline.gen
MicroWorld-eScan	Gen:Variant.Fragtor.598532
Rising	Malware.Undefined!8.C (TFE:5:jNJb2SpPgpD)
Emsisoft	Gen:Variant.Fragtor.598532 (B)
McAfeeD	ti!5D6C0496ABA5
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.e0c387e6842dc479
Ikarus	Trojan-Spy.LummaStealer
Google	Detected
MAX	malware (ai score=84)
Microsoft	Trojan:Win32/Redline.AMAN!MTB
ZoneAlarm	HEUR:Trojan-PSW.Win32.Reline.gen
GData	Gen:Variant.Fragtor.598532
Varist	W32/Kryptik.MJE.gen!Eldorado
BitDefenderTheta	Gen:NN.ZexaF.36808.yqY@aSvLnLj
VBA32	BScope.TrojanPSW.Vidar
Malwarebytes	Trojan.Crypt
Panda	Trj/GdSda.A
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.GZGT!tr
AVG	PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)

201.exe