Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 19, 2024, 2:02 p.m.	Aug. 19, 2024, 2:46 p.m.

Size	271.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`47f6d152f5e20e8599def568c3b4dd2a`
SHA256	`5ad9caca41a823495722c82f963244b6d52fdd9ed5a7fd8ab2b97db7f2ce76cf`
CRC32	`84E1041E`
ssdeep	`6144:CxxaCOjFEStQfy6KL01U50lMrmrzPuoKR:Cx8jFEStrZ0lMrmrzP5KR`
PDB Path	C:\Users\ÑÐ´Ð°ÑÐ°\Desktop\StubClear\Release\BigProject.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

fskn.exe "C:\Users\test22\AppData\Local\Temp\fskn.exe"
2544

Name	Response	Post-Analysis Lookup
bitbucket.org	A 104.192.140.24 A 104.192.140.25 A 104.192.140.26	104.192.140.24

IP Address	Status	Action
104.192.140.26	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49164 -> 104.192.140.26:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49163 -> 104.192.140.26:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Users\ÑÐ´Ð°ÑÐ°\Desktop\StubClear\Release\BigProject.pdb

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Aug. 19, 2024, 2:02 p.m.	stacktrace: fskn+0x11ddb @ 0x1311ddb exception.instruction_r: 8b 41 3c 03 c1 89 45 e8 6a 02 5f 8b ce e8 99 04 exception.symbol: fskn+0x3571 exception.instruction: mov eax, dword ptr [ecx + 0x3c] exception.module: fskn.exe exception.exception_code: 0xc0000005 exception.offset: 13681 exception.address: 0x1303571 registers.esp: 3798960 registers.edi: 2 registers.eax: 500 registers.ebp: 3800064 registers.edx: 0 registers.ebx: 3800072 registers.esi: 2 registers.ecx: 0	1	0	0

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Inject.1b!c
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.dh
ALYac	Gen:Variant.Zusy.555781
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.555781
Sangfor	Trojan.Win32.Inject.Vr18
BitDefender	Gen:Variant.Zusy.555781
Cybereason	malicious.2f5e20
Arcabit	Trojan.Zusy.D87B05
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.FVMIHLF
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Inject.gen
Alibaba	Trojan:Win32/Inject.8fdb8bbb
MicroWorld-eScan	Gen:Variant.Zusy.555781
Rising	Trojan.Kryptik@AI.96 (RDML:JR9o00o51sd8hKzPgJZMFA)
Emsisoft	Gen:Variant.Zusy.555781 (B)
F-Secure	Trojan.TR/Inject.hifno
Zillya	Trojan.Inject.Win32.348131
TrendMicro	TrojanSpy.Win32.LUMMASTEALER.YXEGVZ
McAfeeD	Real Protect-LS!47F6D152F5E2
FireEye	Gen:Variant.Zusy.555781
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Webroot	W32.LUMMASTEALER.YXEGVZ
Google	Detected
Avira	TR/Inject.hifno
MAX	malware (ai score=87)
Antiy-AVL	Trojan/Win32.Inject
Kingsoft	Win32.Trojan.Inject.gen
Gridinsoft	Ransom.Win32.Wacatac.sa
Xcitium	Malware@#i5zz6oncg2xo
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan.Win32.Inject.gen
GData	Gen:Variant.Zusy.555781
Varist	W32/ABRisk.ZAOT-4285
BitDefenderTheta	Gen:NN.ZexaF.36812.qqW@a0oL70d
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3864933883
Ikarus	Trojan.SuspectCRC
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win32.LUMMASTEALER.YXEGVZ
Tencent	Malware.Win32.Gencirc.1413a9de
Fortinet	W32/PossibleThreat
AVG	Win32:PWSX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)

fskn.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All