Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 14, 2024, 1:37 p.m.	Aug. 14, 2024, 1:39 p.m.

Size	411.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`319cc8df286242b248cf442ca4e87220`
SHA256	`5461ed9bfe7bb882cef5d0375ad962c4004b4fb84102451adc99f6029f1ecec0`
CRC32	`1B6771AD`
ssdeep	`6144:BLlDKP3ZEdD1qtUJ1K+u6PiHDkSQCKO5fDp1O7mnkgBkA/EyG8XjMsXA:LKBEPgUJHkHDkSHP0mkgBkABTMN`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

vsrfdgej.exe "C:\Users\test22\AppData\Local\Temp\vsrfdgej.exe"
2572

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Aug. 14, 2024, 1:30 p.m.	buffer: Decrypted shellcode size: 252880 console_handle: 0x0000000000000007	1	1	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 14, 2024, 1:30 p.m.	process_identifier: 2572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 253952 protection: 16 (PAGE_EXECUTE) base_address: 0x00000000004e0000 process_handle: 0xffffffffffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00048a00', u'virtual_address': u'0x0001e000', u'entropy': 7.8634780246468265, u'name': u'.rdata', u'virtual_size': u'0x000489ac'}

entropy

7.86347802465

description

A section with a high entropy has been found

entropy

0.708536585366

description

Overall entropy of this PE file is high

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Shellcode.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	Artemis
ALYac	DeepScan:Generic.Shellcode.Loader.Marte.!s!.AD.3E6D1946
VIPRE	DeepScan:Generic.Shellcode.Loader.Marte.!s!.AD.3E6D1946
Sangfor	Trojan.Win32.Shellcode.Vaux
BitDefender	DeepScan:Generic.Shellcode.Loader.Marte.!s!.AD.3E6D1946
Cybereason	malicious.f28624
Arcabit	DeepScan:Generic.Shellcode.Loader.Marte.!s!.AD.3E6D1946
Symantec	Trojan.Gen.MBT
APEX	Malicious
McAfee	Artemis!319CC8DF2862
Avast	Win64:TrojanX-gen [Trj]
Kaspersky	Trojan.Win32.Sheller.ao
Alibaba	Trojan:Win32/Sheller.ebed59cc
MicroWorld-eScan	DeepScan:Generic.Shellcode.Loader.Marte.!s!.AD.3E6D1946
Rising	Trojan.Sheller!8.AF21 (CLOUD)
Emsisoft	DeepScan:Generic.Shellcode.Loader.Marte.!s!.AD.3E6D1946 (B)
F-Secure	Heuristic.HEUR/AGEN.1318399
TrendMicro	TROJ_GEN.R002C0XEF24
McAfeeD	ti!5461ED9BFE7B
FireEye	Generic.mg.319cc8df286242b2
Sophos	Mal/Generic-S
Avira	HEUR/AGEN.1318399
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Win32.Sheller
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	Trojan.Win32.Sheller.ao
GData	DeepScan:Generic.Shellcode.Loader.Marte.!s!.AD.3E6D1946
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	TROJ_GEN.R002C0XEF24
Tencent	Malware.Win32.Gencirc.140bffd1
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:TrojanX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
alibabacloud	Trojan:Win/Shellcode.Labqct

vsrfdgej.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All