Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 17, 2024, 9:01 a.m.	July 17, 2024, 9:15 a.m.

Size	148.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`a907d2e6edda829467a10bc8a87cb76f`
SHA256	`0822d4c51c466544072ac07dd5c2dbf4143431fb6955a05911600fed50d0229a`
CRC32	`EC86ECD1`
ssdeep	`3072:UGcq9cj1PWP87STe10+aKObk8gqSCpIHk5qYQ6b39VGKaSg:UJq9cj1u87STeq+aZk89iE9DGxSg`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

se.exe "C:\Users\test22\AppData\Local\Temp\se.exe"
1476

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

BLLMJXN

Allocates read-write-execute memory (usually to unpack itself) (8 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory July 17, 2024, 8:54 a.m.	process_identifier: 1476 region_size: 110592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000003e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 17, 2024, 8:54 a.m.	process_identifier: 1476 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 17, 2024, 8:54 a.m.	process_identifier: 1476 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c50000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 17, 2024, 8:54 a.m.	process_identifier: 1476 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 17, 2024, 8:54 a.m.	process_identifier: 1476 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 17, 2024, 8:54 a.m.	process_identifier: 1476 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c90000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 17, 2024, 8:54 a.m.	process_identifier: 1476 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c90000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 17, 2024, 8:54 a.m.	process_identifier: 1476 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001ca0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00013200', u'virtual_address': u'0x00012000', u'entropy': 6.9324007357919095, u'name': u'.data', u'virtual_size': u'0x00013288'}

entropy

6.93240073579

description

A section with a high entropy has been found

entropy

0.520408163265

description

Overall entropy of this PE file is high

File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Latrodectus.7!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Kryptik_AGen.LS
APEX	Malicious
Avast	Win64:BankerX-gen [Trj]
Kaspersky	Trojan-Banker.Win64.Latrodectus.t
Rising	Trojan.Kryptik!8.8 (C64:YzY0Oup3na34UNDE)
F-Secure	Trojan.TR/AVI.Agent.eiazz
TrendMicro	TrojanSpy.Win64.STEALC.YXEGPZ
McAfeeD	ti!0822D4C51C46
FireEye	Generic.mg.a907d2e6edda8294
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Crypt
Webroot	W32.Trojan.Win64.Latrodectus
Google	Detected
Avira	TR/AVI.Agent.eiazz
Antiy-AVL	Trojan[Banker]/Win64.Latrodectus
Kingsoft	malware.kb.a.998
Gridinsoft	Ransom.Win64.Wacatac.cl
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	Trojan-Banker.Win64.Latrodectus.t
GData	Win32.Malware.Latrodectus.FQLXOP
Varist	W64/ABTrojan.YZTP-7053
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.MalPack
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win64.STEALC.YXEGPZ
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/PossibleThreat
AVG	Win64:BankerX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)

se.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All