Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 6, 2024, 9:19 a.m.	Aug. 6, 2024, 9:25 a.m.

Size	163.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1a7d1b5d24ba30c4d3d5502295ab5e89`
SHA256	`b2cc4454c0a4fc80b1fc782c45ac7f76b1d95913d259090a2523819aeec88eb5`
CRC32	`00478A88`
ssdeep	`3072:TQpsSyjlzA664oL8tIoDJxGtIVORPrdAHjl3+uwF+iBDZ/wXxnTFKe8kaz:TQpsSyjlzfnoNGxGo6PrdAHwtMxn4e8N`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware

Install1.exe "C:\Users\test22\AppData\Local\Temp\Install1.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (4 events)

Time & API	Arguments	Status	Return
GetComputerNameW Aug. 6, 2024, 9:19 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 6, 2024, 9:19 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 6, 2024, 9:19 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 6, 2024, 9:19 a.m.	computer_name: TEST22-PC	1	1

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

EXE

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00025c00', u'virtual_address': u'0x00004000', u'entropy': 7.9354646172802825, u'name': u'.rsrc', u'virtual_size': u'0x00025a38'}

entropy

7.93546461728

description

A section with a high entropy has been found

entropy

0.932098765432

description

Overall entropy of this PE file is high

Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config (1 event)

Time & API	Arguments	Status	Return	Repeated
RegSetValueExW Aug. 6, 2024, 9:19 a.m.	key_handle: 0x00000094 regkey_r: $77stager reg_type: 3 (REG_BINARY) value: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL¹ Ëà"0TÎs @ @\|sO`s H.textÔS T `.relocV@B°sHH+h°E°-0' @ + o io %0ç0ârp(( o o /( 3 rp(( ~ r/po rAp("((o rSp(#((o Þ , o Ü( .(%+($(( repr¥p( r½p( ( rÁp( o (E6{ 0;s s s (Þ ,o Üo Þ ,o Ü* )/ 08( iY+XÒaÒbc` Xi2á0 ã 8Ô<( X8X( X<X( XX( X( X( ( .XX( (! +XX( (" ( ~# ($ ,s% z( ( (& ~# ~# (-~# ($ ,s% z(' ((,8~# ($ - (" ( (" ~# ~# (-s% z( .p+H ( (( () ( Y(* ( .+( . Ð+ Ì(( .0+ (+ rÓp(, ~# ~# ~# ( -s% z( Z( ( .( (! + ( (" ( & (" ~# 0@(2~# (2j(- ( -s% z8 (XX(ZX((. (Y/XXX(ZX((. ( ( ( $(/ ( i(. (0 jX(! i~# (/s% z(0 jX(! Y.Y+ Yj(- (( -s% zXh?íþÿÿ( .( (! + ( (" %(/s% z( 3[ ¤(1 (" (' X(" (' (2 ~# (/s% z °(' X(+ +\ (3 (! (0 jX(! (0 (4 ~# (/s% z (0 jX(5 %(/s% z(3s% zÞ&(6 o7 Þ&ÞÞX ?%ûÿÿA4Å Ò »Ä0 _, @_, _,@* _, @_, * _, _, * @_, _,* _,* @_,* _,*0.( .+ [X(8 (0 YjXj[jZ(! 0T( ~# (9 97(þ(9r×p( ~# ~# ((" (9 9ä~# ( ~# (9 9¹ ~# (~# (9 9{(0 <jX(! (: (0 jXjX(! (; X(< 8?(0 jXjXjX(ZjX(! (= .@ (0 jX(! (= t@ï (0 jX(! (= e@Ô (0 jX(! (= x@¹ (0 jX(! (= t@ (0 jX(! (: (0 jX(! (: (0 jX(! n(! @(&(0 jX(! (0 jX(! n(! (&(0 jX(! n(! (&+Xh?¸þÿÿ (&(&(&Þ&ÞAPP(> ®~-rpÐ(? o@ sA ~~j(r9p~oB tj(rEp~oB tj(rQp~oB tj(rep~oB tBSJBv2.0.50727l¤ #~ à #Stringsð\|#USl#GUID\|ì#BlobW}¢ ú3( %_B IÛmûm;Äüp¿p[Ï ^?¼8 T^9¼ #{^ DÛu;)mÄç ôÈ ¦È'^Y ^U^^$^ Å;¬ ^^ rú^i^ÀN^²^' ^^ª^H ó!M!«!¬!Ó!Û ¹!&±9&eyÓ}V VV¨VÞèq èP . ~U!éè! ," regkey: HKEY_LOCAL_MACHINE\SOFTWARE\$77stager	1	0	0

Stores an executable in the registry (1 event)

Time & API	Arguments	Status	Return	Repeated
RegSetValueExW Aug. 6, 2024, 9:19 a.m.	key_handle: 0x00000094 regkey_r: $77stager reg_type: 3 (REG_BINARY) value: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL¹ Ëà"0TÎs @ @\|sO`s H.textÔS T `.relocV@B°sHH+h°E°-0' @ + o io %0ç0ârp(( o o /( 3 rp(( ~ r/po rAp("((o rSp(#((o Þ , o Ü( .(%+($(( repr¥p( r½p( ( rÁp( o (E6{ 0;s s s (Þ ,o Üo Þ ,o Ü* )/ 08( iY+XÒaÒbc` Xi2á0 ã 8Ô<( X8X( X<X( XX( X( X( ( .XX( (! +XX( (" ( ~# ($ ,s% z( ( (& ~# ~# (-~# ($ ,s% z(' ((,8~# ($ - (" ( (" ~# ~# (-s% z( .p+H ( (( () ( Y(* ( .+( . Ð+ Ì(( .0+ (+ rÓp(, ~# ~# ~# ( -s% z( Z( ( .( (! + ( (" ( & (" ~# 0@(2~# (2j(- ( -s% z8 (XX(ZX((. (Y/XXX(ZX((. ( ( ( $(/ ( i(. (0 jX(! i~# (/s% z(0 jX(! Y.Y+ Yj(- (( -s% zXh?íþÿÿ( .( (! + ( (" %(/s% z( 3[ ¤(1 (" (' X(" (' (2 ~# (/s% z °(' X(+ +\ (3 (! (0 jX(! (0 (4 ~# (/s% z (0 jX(5 %(/s% z(3s% zÞ&(6 o7 Þ&ÞÞX ?%ûÿÿA4Å Ò »Ä0 _, @_, _,@* _, @_, * _, _, * @_, _,* _,* @_,* _,*0.( .+ [X(8 (0 YjXj[jZ(! 0T( ~# (9 97(þ(9r×p( ~# ~# ((" (9 9ä~# ( ~# (9 9¹ ~# (~# (9 9{(0 <jX(! (: (0 jXjX(! (; X(< 8?(0 jXjXjX(ZjX(! (= .@ (0 jX(! (= t@ï (0 jX(! (= e@Ô (0 jX(! (= x@¹ (0 jX(! (= t@ (0 jX(! (: (0 jX(! (: (0 jX(! n(! @(&(0 jX(! (0 jX(! n(! (&(0 jX(! n(! (&+Xh?¸þÿÿ (&(&(&Þ&ÞAPP(> ®~-rpÐ(? o@ sA ~~j(r9p~oB tj(rEp~oB tj(rQp~oB tj(rep~oB tBSJBv2.0.50727l¤ #~ à #Stringsð\|#USl#GUID\|ì#BlobW}¢ ú3( %_B IÛmûm;Äüp¿p[Ï ^?¼8 T^9¼ #{^ DÛu;)mÄç ôÈ ¦È'^Y ^U^^$^ Å;¬ ^^ rú^i^ÀN^²^' ^^ª^H ó!M!«!¬!Ó!Û ¹!&±9&eyÓ}V VV¨VÞèq èP . ~U!éè! ," regkey: HKEY_LOCAL_MACHINE\SOFTWARE\$77stager	1	0	0

File has been identified by 66 AntiVirus engines on VirusTotal as malicious (50 out of 66 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Rootkit.4!c
Elastic	Windows.Rootkit.R77
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Ransom.cc
ALYac	Gen:Variant.Lazy.387335
Cylance	Unsafe
VIPRE	Gen:Variant.Lazy.387335
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	RootKit ( 005aee0e1 )
BitDefender	Gen:Variant.Lazy.387335
K7GW	RootKit ( 005aee0e1 )
Cybereason	malicious.d24ba3
Arcabit	Trojan.Lazy.D5E907
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Rootkit.Agent.OEM
APEX	Malicious
McAfee	Artemis!1A7D1B5D24BA
Avast	Win32:InjectorX-gen [Trj]
ClamAV	Win.Rootkit.R77-10009366-0
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Rootkit:Win32/InjectorX.ba82b0ff
NANO-Antivirus	Trojan.Win32.Banker1.kmjqja
MicroWorld-eScan	Gen:Variant.Lazy.387335
Rising	Rootkit.Agent!8.F5 (TFE:3:Ma4kQLHBcuO)
Emsisoft	Gen:Variant.Lazy.387335 (B)
F-Secure	Trojan.TR/Dropper.MSIL.Gen
DrWeb	Trojan.PWS.Banker1.37402
Zillya	Rootkit.Agent.Win32.52203
TrendMicro	TROJ_GEN.R002C0DE324
McAfeeD	Real Protect-LS!1A7D1B5D24BA
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.1a7d1b5d24ba30c4
Sophos	Troj/MSIL-TDK
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Generic.hrmyw
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Dropper.MSIL.Gen
MAX	malware (ai score=84)
Antiy-AVL	Trojan/MSIL.Zusy
Kingsoft	malware.kb.a.999
Gridinsoft	Trojan.Win32.Downloader.sa
Xcitium	Malware@#25rj5z8bd4hqy
Microsoft	Trojan:MSIL/Zusy.KA!MTB
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Lazy.387335
Varist	W32/MSIL_Agent.HNK.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R630595

Install1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All