Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 4, 2024, 1:26 p.m.	Aug. 4, 2024, 2:01 p.m.

Size	676.5KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b96f469d875c7fa8c2f913e906dde0e6`
SHA256	`48b32782c958f12b4ac603eedeb02f6a864ec4fa7368c079560a8fd9c4d04a74`
CRC32	`F0D83FBD`
ssdeep	`12288:zw3SCFxnSVunwBJSX35zZKjh6WuKA/d/qi12OTYT6VC8Myxto1Rj0:XC6iwiX3NwZQ/BqigOih0toP0`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
121.36.248.151	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000ac0a0

size

0x00000114

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00094600', u'virtual_address': u'0x00015000', u'entropy': 7.968223381128199, u'name': u'.data', u'virtual_size': u'0x00096520'}

entropy

7.96822338113

description

A section with a high entropy has been found

entropy

0.878608438194

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

121.36.248.151

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.jc
ALYac	Gen:Variant.Midie.90294
Cylance	Unsafe
VIPRE	Gen:Variant.Midie.90294
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 003a9b741 )
BitDefender	Gen:Variant.Midie.90294
K7GW	Trojan ( 003a9b741 )
Arcabit	Trojan.Midie.D160B6
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Agent.UGD
APEX	Malicious
McAfee	GenericRXQX-OZ!B96F469D875C
Avast	Win32:MalwareX-gen [Trj]
ClamAV	Win.Malware.Wacatac-9789007-0
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win32/MalwareX.5668a0a7
MicroWorld-eScan	Gen:Variant.Midie.90294
Rising	Trojan.Agent!1.D708 (CLASSIC)
Emsisoft	Gen:Variant.Midie.90294 (B)
F-Secure	Heuristic.HEUR/AGEN.1361666
Zillya	Trojan.Agent.Win32.3916223
TrendMicro	TROJ_GEN.R002C0PDB24
McAfeeD	Real Protect-LS!B96F469D875C
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.b96f469d875c7fa8
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Agent
Google	Detected
Avira	HEUR/AGEN.1361666
MAX	malware (ai score=87)
Antiy-AVL	Trojan/Win32.Wacatac
Kingsoft	malware.kb.a.996
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Midie.90294
Varist	W32/Zusy.ON.gen!Eldorado
AhnLab-V3	Trojan/Win32.Wacatac.R353801
BitDefenderTheta	Gen:NN.ZedlaF.36810.Qu8@aq2H2Wfj
DeepInstinct	MALICIOUS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0PDB24
Tencent	Malware.Win32.Gencirc.14085da7
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.1728101.susgen

x64.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All