Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 4, 2024, 1:20 p.m.	Aug. 4, 2024, 1:49 p.m.

Size	18.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d0e834aed727fe49a51b071c680a282c`
SHA256	`838ce866b55bb2926e233d6b362fa4b2addcdeaaddf87ce0811f0501e3384a5c`
CRC32	`A812C093`
ssdeep	`384:0Ew7wknHOYXQdhLGPvCaV4pLS7OGQ8xy1CzcN6Rne:0Ew7wkHOYEGPvCaV4pLzb1fN`
Yara	Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format

select.exe "C:\Users\test22\AppData\Local\Temp\select.exe"
2544
- AdobeART.exe "C:\Users\test22\AppData\Roaming\AdobeART.exe"
  2608

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 4, 2024, 1:20 p.m.		1	1	0

description

AdobeART.exe tried to sleep 195 seconds, actually delayed analysis time by 195 seconds

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Aug. 4, 2024, 1:20 p.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Roaming\AdobeART.exe parameters: filepath: C:\Users\test22\AppData\Roaming\AdobeART.exe	1	1	0

section

{u'size_of_data': u'0x00004000', u'virtual_address': u'0x0000f000', u'entropy': 7.822950355476793, u'name': u'UPX1', u'virtual_size': u'0x00004000'}

entropy

7.82295035548

description

A section with a high entropy has been found

entropy

0.941176470588

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AdobeART

reg_value

C:\Users\test22\AppData\Roaming\AdobeART.exe

mutex

IPKMutex

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Ranapama.m!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Ceatrg.20828
Skyhigh	BehavesLike.Win32.ExploitMydoom.lc
ALYac	Trojan.Ranapama.JH
Cylance	Unsafe
VIPRE	Trojan.Ranapama.JH
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 003edea01 )
BitDefender	Trojan.Ranapama.JH
K7GW	Trojan ( 003edea01 )
Cybereason	malicious.ed727f
Arcabit	Trojan.Ranapama.JH
Baidu	Win32.Trojan.Delf.af
VirIT	Backdoor.Win32.Agent.AQZV
Symantec	Downloader
tehtris	Generic.Malware
ESET-NOD32	Win32/Delf.OGV
APEX	Malicious
McAfee	GenericRXAA-AA!D0E834AED727
Avast	Win32:Delf-AGT [Trj]
ClamAV	Win.Trojan.CeatRG-9877126-1
Kaspersky	Backdoor.Win32.Agent.cjxg
Alibaba	Backdoor:Win32/Ceatrg.8664404c
NANO-Antivirus	Trojan.Win32.Dwn.sryri
SUPERAntiSpyware	Trojan.Agent/Gen-Injector
MicroWorld-eScan	Trojan.Ranapama.JH
Rising	Backdoor.IPKiller!1.CA60 (CLOUD)
Emsisoft	Trojan.Ranapama.JH (B)
F-Secure	Trojan.TR/Dldr.Delphi.Gen
DrWeb	DDoS.MP.5
Zillya	Backdoor.Agent.Win32.41019
TrendMicro	BKDR_INJECT.SMW
McAfeeD	Real Protect-LS!D0E834AED727
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.d0e834aed727fe49
Sophos	Mal/DelpDldr-A
Ikarus	Trojan-PWS.Win32.QQPass
Jiangmin	Trojan/Generic.adgxy
Webroot	W32.Rogue.Gen
Google	Detected
Avira	TR/Dldr.Delphi.Gen
Antiy-AVL	Trojan[Backdoor]/Win32.Agent
Kingsoft	malware.kb.b.1000
Gridinsoft	Trojan.Win32.Agent.vb
Xcitium	TrojWare.Win32.TrojanDownloader.Delf.gen@1xqow5
Microsoft	Trojan:Win32/Ceatrg
ViRobot	Trojan.Win32.A.Agent.21504.AS

select.exe