Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 7, 2024, 9:50 a.m.	Aug. 7, 2024, 10:13 a.m.

Size	23.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0c8848c11a91ab74f30abbef17792f8f`
SHA256	`6cbbf236b6aaa52a1f424d3c18c24b51876d3998c9f67749d9da6dcfa263d9f7`
CRC32	`802DAC2C`
ssdeep	`192:T8ybznM9dvw+bknCYEIYugXCNFVnQs9w7qeP161oynoSmeNrvLdvhDKCLgygBNhQ:T7bzM+Gs/S61Frv3MCbGuZeMu0cK`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware

3.dat "C:\Users\test22\AppData\Local\Temp\3.dat"
2544

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Armadillo v1.71

Foreign language identified in PE resource (4 events)

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00005500

size

0x00000568

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00005500

size

0x00000568

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00005a68

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00005a68

size

0x00000014

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
CAT-QuickHeal	Trojan.Redosdru.18846
Skyhigh	Trojan-FJYJ!0C8848C11A91
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.8
K7AntiVirus	Trojan-Downloader ( 0055e3da1 )
K7GW	Trojan-Downloader ( 0055e3da1 )
VirIT	Trojan.Win32.Generic.ABBG
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.BIX
APEX	Malicious
McAfee	Trojan-FJYJ!0C8848C11A91
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Backdoor:Win32/Zlob.180910
NANO-Antivirus	Trojan.Win32.Agent.envewf
Rising	Backdoor.Generic!8.CE (TFE:5:baEM1NflA5J)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.Packed2.40991
Zillya	Downloader.Agent.Win32.262615
TrendMicro	BKDR_ZEGOST.SM17
McAfeeD	ti!6CBBF236B6AA
FireEye	Generic.mg.0c8848c11a91ab74
Sophos	Troj/AutoG-HV
SentinelOne	Static AI - Malicious PE
Jiangmin	Backdoor.Generic.aczi
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan/Win32.SGeneric
Kingsoft	malware.kb.a.1000
Gridinsoft	Trojan.Win32.Agent.vb!s1
Xcitium	TrojWare.Win32.Redosdru.A@5su6ps
Microsoft	Trojan:Win32/Redosdru.AB
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Varist	W32/Agent.BVY.gen!Eldorado
AhnLab-V3	Trojan/Win32.RL_Redosdru.R365250
BitDefenderTheta	Gen:NN.ZexaF.36810.bqX@au7XQllj
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Dynamer
Malwarebytes	Generic.Malware/Suspicious
Ikarus	Trojan-Downloader.Win32.Agent
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	BKDR_ZEGOST.SM17
Tencent	Malware.Win32.Gencirc.10b1031d
Yandex	Trojan.GenAsa!NAwRIH/jhGU
Fortinet	W32/Agent.CGT!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

3.dat

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All