Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 12, 2024, 11:01 a.m.	Aug. 12, 2024, 11:02 a.m.

Size	10.3MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`27b14ad026da76c1111174c6b4ba6aba`
SHA256	`bef765aff3d916d8be504b604c0dc37afe3fd76260fe158508b778b5e4b85ddf`
CRC32	`E097E6BE`
ssdeep	`196608:tSiB9/zPAW0ILyawlf9Ul33DqL4zDefJglqYnkFTdl434Mfr:tX97fB6iXvkFTf4zj`
Yara	ROMCOM_RAT - Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. PE_Header_Zero - PE File Signature IsPE64 - (no description)

66b331646d2cd_123p.exe "C:\Users\test22\AppData\Local\Temp\66b331646d2cd_123p.exe"
2532

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	.00cfg
section	.text0
section	.text1
section	.text2

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00a19a00', u'virtual_address': u'0x00f2b000', u'entropy': 7.9788840614245675, u'name': u'.text2', u'virtual_size': u'0x00a19890'}

entropy

7.97888406142

description

A section with a high entropy has been found

entropy

0.98158781379

description

Overall entropy of this PE file is high

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.VMProtect.4!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Expiro.vc
ALYac	Trojan.GenericKD.73803111
Cylance	Unsafe
VIPRE	Trojan.GenericKD.73803111
Sangfor	CoinMiner.Win64.Agent.Vvff
K7AntiVirus	Trojan ( 005aeb761 )
BitDefender	Trojan.GenericKD.73803111
K7GW	Trojan ( 005aeb761 )
VirIT	Trojan.Win64.Agent.HCX
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Packed.VMProtect.AC suspicious
Avast	Win64:MalwareX-gen [Trj]
Kaspersky	Trojan.Win32.Miner.bfevm
Alibaba	Trojan:Win64/Miner.d8d83649
MicroWorld-eScan	Trojan.GenericKD.73803111
Rising	Trojan.Agent!8.B1E (TFE:5:FkFUO8h2JGR)
Emsisoft	Trojan.GenericKD.73803111 (B)
F-Secure	Trojan.TR/Miner.zkvhe
DrWeb	Trojan.Siggen29.15329
TrendMicro	Trojan.Win64.PRIVATELOADER.YXEHGZ
McAfeeD	Real Protect-LS!27B14AD026DA
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.27b14ad026da76c1
Sophos	Mal/Generic-S
Webroot	W32.Backdoor.Gen
Avira	TR/Miner.zkvhe
MAX	malware (ai score=88)
Antiy-AVL	Trojan[Packed]/Win64.VMProtect
Kingsoft	Win32.Trojan.Miner.bfevm
Gridinsoft	Ransom.Win64.Sabsik.cl
Xcitium	ApplicUnwnt@#1ne0wlp1fejjb
ZoneAlarm	Trojan.Win32.Miner.bfevm
GData	Trojan.GenericKD.73803111
AhnLab-V3	Trojan/Win.Agent.C5656910
McAfee	Artemis!27B14AD026DA
DeepInstinct	MALICIOUS
VBA32	Trojan.CoinMiner
Malwarebytes	Trojan.CoinMiner
Ikarus	PUA.VMProtect
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win64.PRIVATELOADER.YXEHGZ
Tencent	Win32.Trojan.Miner.Rsmw
Yandex	Trojan.Miner!M/WpOdV8U1Q
Fortinet	Riskware/Application
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml

66b331646d2cd_123p.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All