Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 5, 2024, 10:36 a.m.	Aug. 5, 2024, 10:54 a.m.

Size	4.1MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`b7a8955b08547b07d755f17798eb3aad`
SHA256	`98ab5661d9da7b7b70a3e56cf0c5637389c28e818cf60fb454538695fc4d078d`
CRC32	`AC407BCD`
ssdeep	`98304:knrm8W1bNR6vZ7y+OH3rs6SinpQ+MT/n:kr96bNUR1OH1Kn`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file

[install].exe "C:\Users\test22\AppData\Local\Temp\[install].exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00414e00', u'virtual_address': u'0x00747000', u'entropy': 7.893125989209419, u'name': u'UPX1', u'virtual_size': u'0x00415000'}

entropy

7.89312598921

description

A section with a high entropy has been found

entropy

0.999880382775

description

Overall entropy of this PE file is high

The executable is compressed using UPX (3 events)

section	UPX0	description	Section name indicates UPX
section	UPX1	description	Section name indicates UPX
section	UPX2	description	Section name indicates UPX

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Aug. 5, 2024, 10:29 a.m.	ordinal: 0 function_address: 0x000007fefd6b7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000076d30000		-1073741511	0

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Marte.m!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Generic.Application.Revhell.Marte.A.9E7AF1B5
Skyhigh	BehavesLike.Win64.CoinMiner.rc
ALYac	Generic.Application.Revhell.Marte.A.9E7AF1B5
Cylance	Unsafe
VIPRE	Generic.Application.Revhell.Marte.A.9E7AF1B5
Sangfor	Hacktool.Win64.Reversessh.V8sy
K7AntiVirus	Trojan ( 005aa52d1 )
BitDefender	Generic.Application.Revhell.Marte.A.9E7AF1B5
K7GW	Trojan ( 005aa52d1 )
Cybereason	malicious.b08547
Arcabit	Generic.Application.Revhell.Marte.A.9E7AF1B5
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/HackTool.ReverseSsh.E.gen
APEX	Malicious
Avast	Win64:MalwareX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	UDS:Backdoor.Win64.Supershell
Alibaba	HackTool:Win64/SuperShell.88ba6e0d
Rising	HackTool.ReverseSSH!1.EA42 (CLOUD)
Emsisoft	Generic.Application.Revhell.Marte.A.9E7AF1B5 (B)
F-Secure	Trojan.TR/Redcap.lbinj
McAfeeD	ti!98AB5661D9DA
FireEye	Generic.mg.b7a8955b08547b07
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan.WinGo.Agent
Webroot	W32.Malware.Gen
Google	Detected
Avira	TR/Redcap.lbinj
Antiy-AVL	GrayWare/Win32.Kryptik.ffp
Kingsoft	Win64.HackTool.ReverseSSH.gen
Gridinsoft	Ransom.Win64.Wacatac.sa
Microsoft	VirTool:Win64/SuperShell.A
ZoneAlarm	HEUR:HackTool.Win64.ReverseSSH.gen
GData	Generic.Application.Revhell.Marte.A.9E7AF1B5
Varist	W64/Agent.FXW.gen!Eldorado
AhnLab-V3	Trojan/Win.SuperShell.R657922
McAfee	Artemis!B7A8955B0854
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4135902957
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002H01H224
Tencent	Win64.Hacktool.Reversessh.Ikjl
MAX	malware (ai score=80)
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Backdoor:Multi/Supershell

[install].exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All