Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 10, 2024, 12:26 p.m.	Aug. 10, 2024, 12:36 p.m.

Size	15.5MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`7b873ae5a7cd923a0cc5ac12107da0f2`
SHA256	`d4aafdf7261fb41ef48370eca3e4d70a9086528d7c3d14fc8c82fcb8b69710cb`
CRC32	`9DFF90B0`
ssdeep	`98304:/fQ3XYasS2N3YIQkkgpY/8uOSEo6EmCtJgbSZjoFSegyDcpd:HcHCoIQkrpYBJE8mCtJ5ZMmyop`
Yara	DllRegisterServer_Zero - execute regsvr32.exe Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Antivirus - Contains references to security software anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

66b4f6893d3c3_shapr3D.exe "C:\Users\test22\AppData\Local\Temp\66b4f6893d3c3_shapr3D.exe"
2572

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Bkav	W64.AIDetectMalware
Elastic	malicious (high confidence)
Skyhigh	BehavesLike.Win64.Worm.wh
Sangfor	Trojan.Win32.Agent.V3t3
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/TrojanDropper.Agent.DS
McAfee	Artemis!7B873AE5A7CD
Kaspersky	UDS:DangerousObject.Multi.Generic
Rising	Trojan.Agent!1.F9CC (CLASSIC)
McAfeeD	ti!D4AAFDF7261F
Sophos	Mal/Generic-S
Google	Detected
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Phonzy.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Varist	W64/Agent.IKW.gen!Eldorado
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4171962356
Ikarus	Trojan.WinGo.Agent
Fortinet	W32/Agent.ds!tr
Paloalto	generic.ml
alibabacloud	Trojan[dropper]:Multi/Wacatac.B9nj

66b4f6893d3c3_shapr3D.exe