Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 17, 2024, 8:51 p.m.	July 17, 2024, 8:53 p.m.

Size	6.7MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`d585cbc4612c2fd171d7b20bf62241d7`
SHA256	`cf3a2e4d7a52cfd8bec03569e33e80d14d5b2df124c06451823e88f6e825c7b9`
CRC32	`2F1A8903`
ssdeep	`98304:nzAzTX4Pf1N2zIh3ET9Y9MxVMOPUh3PdWPEUrJY6AOxbHPS2zh/hQqfvsJ1YPwIa:nSX4FMIZETKwjPePdrQJ/BNOqAYPL`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

client.exe "C:\Users\test22\AppData\Local\Temp\client.exe"
2548
- client.exe "C:\Users\test22\AppData\Local\Temp\client.exe"
  2668

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 17, 2024, 8:44 p.m.		1	1	0

section

_RDATA

file	C:\Users\test22\AppData\Local\Temp\_MEI25482\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25482\python311.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25482\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25482\VCRUNTIME140.dll

section

{u'size_of_data': u'0x0000f600', u'virtual_address': u'0x00052000', u'entropy': 7.555571346015914, u'name': u'.rsrc', u'virtual_size': u'0x0000f498'}

entropy

7.55557134602

description

A section with a high entropy has been found

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.ReverseShell.4!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Downloader.vc
ALYac	Gen:Variant.Tedy.394649
Cylance	Unsafe
VIPRE	Gen:Variant.Tedy.394649
Sangfor	Trojan.Win32.Save.a
BitDefender	Gen:Variant.Tedy.394649
Cybereason	malicious.4612c2
Arcabit	Trojan.Tedy.D60599
Symantec	Trojan.Gen.MBT
ESET-NOD32	Python/ReverseShell.RX
APEX	Malicious
McAfee	Artemis!D585CBC4612C
Avast	FileRepMalware [Misc]
Alibaba	Trojan:Application/ReverseShell.3b0e08de
MicroWorld-eScan	Gen:Variant.Tedy.394649
Emsisoft	Gen:Variant.Tedy.394649 (B)
F-Secure	Trojan.TR/Redcap.hthup
McAfeeD	ti!CF3A2E4D7A52
FireEye	Gen:Variant.Tedy.394649
Sophos	Mal/Generic-S
Google	Detected
Avira	TR/Redcap.hthup
MAX	malware (ai score=81)
Microsoft	Program:Win32/Wacapew.C!ml
GData	Gen:Variant.Tedy.394649
Varist	W64/ABRisk.GIBN-3035
Acronis	suspicious
DeepInstinct	MALICIOUS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09AN24
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.211125258.susgen
Fortinet	W32/PossibleThreat
AVG	FileRepMalware [Misc]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
alibabacloud	Trojan:Python/ReverseShell.RD

client.exe