Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 15, 2024, 11:05 a.m.	Aug. 15, 2024, 11:07 a.m.

Size	349.0KB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`01359d7d9ec82b16108b98fb6d31ce22`
SHA256	`74952004f8e87a5742e42764ec6452e6d4ecd1af90b4da715d34b043c5faa7bf`
CRC32	`A9CC8E23`
ssdeep	`6144:7w8X//F0GMuUBhKsw/bhPXer9N9rkRZtJRK+nW:x//FDMxnKsCFOroZDR`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 15, 2024, 10:58 a.m.		1	1	0

section

{u'size_of_data': u'0x0004be00', u'virtual_address': u'0x00009000', u'entropy': 7.065063678631234, u'name': u'.data', u'virtual_size': u'0x0004bce0'}

entropy

7.06506367863

description

A section with a high entropy has been found

entropy

0.872126436782

description

Overall entropy of this PE file is high

Bkav	W64.AIDetectMalware
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Sdbot.fc
Cylance	Unsafe
VIPRE	Gen:Heur.Whisperer.1.0000000400
BitDefender	Gen:Heur.Whisperer.1.0000000400
Cybereason	malicious.d9ec82
Arcabit	Trojan.Barys.D695C1
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Kryptik.DVS
APEX	Malicious
ClamAV	Win.Trojan.CobaltStrike-9044898-1
Kaspersky	HEUR:Trojan.Win64.CobaltStrike.gen
MicroWorld-eScan	Gen:Heur.Whisperer.1.0000000400
Emsisoft	Gen:Heur.Whisperer.1.0000000400 (B)
F-Secure	Heuristic.HEUR/AGEN.1368069
FireEye	Generic.mg.01359d7d9ec82b16
Sophos	ML/PE-A
SentinelOne	Static AI - Suspicious PE
Google	Detected
Avira	HEUR/AGEN.1368069
MAX	malware (ai score=82)
Kingsoft	malware.kb.a.1000
Microsoft	Trojan:Win64/CobaltStrike.BE!MTB
ZoneAlarm	HEUR:Trojan.Win64.CobaltStrike.gen
GData	Gen:Heur.Whisperer.1.0000000400
Varist	W64/CobaltStrike.S.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R561237
Acronis	suspicious
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.ShellCode
Ikarus	Trojan.Win64.Shellcoderunner
Tencent	Trojan.Win32.CobaltStrike.16001072
CrowdStrike	win/malicious_confidence_100% (D)

b.exe