Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 19, 2024, 2:07 p.m.	Aug. 19, 2024, 2:10 p.m.

Size	845.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b0ce25de19e62f77784bc90b6d90f8f2`
SHA256	`3870870eeada5b88839f57be689728109b51d60044881df0da7f9b9392e51873`
CRC32	`CE613DB4`
ssdeep	`12288:nMUCn+iSACmAedduV9mC9Xrm1BDMbCOwkEE/o2E0/gMHyK+N:PCn+iNZddq9mC97m1BDSWEPYM1y`
PDB Path	C:\Users\ÑÐ´Ð°ÑÐ°\Desktop\StubClear\Release\BigProject.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
bitbucket.org	A 104.192.140.24 A 104.192.140.25 A 104.192.140.26	104.192.140.26

IP Address	Status	Action
104.192.140.24	Active	Moloch
164.124.101.2	Active	Moloch

Flow	SID	Signature	Category
TCP 192.168.56.103:49163 -> 104.192.140.24:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49164 -> 104.192.140.24:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

No Suricata TLS

pdb_path

C:\Users\ÑÐ´Ð°ÑÐ°\Desktop\StubClear\Release\BigProject.pdb

Time & API	Arguments	Status	Return	Repeated
__exception__ Aug. 19, 2024, 2:07 p.m.	stacktrace: fiklaaaaaaa+0x41d33 @ 0x1421d33 fiklaaaaaaa+0x4576b @ 0x142576b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 03 51 3c 89 95 d8 fc ff ff c7 85 3c fb ff ff 02 exception.symbol: fiklaaaaaaa+0x1186e exception.instruction: add edx, dword ptr [ecx + 0x3c] exception.module: Fiklaaaaaaa.exe exception.exception_code: 0xc0000005 exception.offset: 71790 exception.address: 0x13f186e registers.esp: 4168520 registers.edi: 0 registers.eax: 500 registers.ebp: 4189176 registers.edx: 0 registers.ebx: 4189188 registers.esi: 1 registers.ecx: 0	1	0	0

Bkav	W32.AIDetectMalware
ALYac	Gen:Variant.Fragtor.604436
Cylance	Unsafe
VIPRE	Gen:Variant.Fragtor.604436
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HXOW
APEX	Malicious
Kaspersky	VHO:Trojan-PSW.Win32.Stealerc.gen
MicroWorld-eScan	Gen:Variant.Fragtor.604436
Rising	Trojan.Kryptik@AI.84 (RDML:OZkhS8+riFP75BqVUGlZGg)
Emsisoft	Gen:Variant.Fragtor.604436 (B)
McAfeeD	ti!3870870EEADA
Trapmine	suspicious.low.ml.score
FireEye	Gen:Variant.Fragtor.604436
SentinelOne	Static AI - Suspicious PE
MAX	malware (ai score=85)
ZoneAlarm	VHO:Trojan-PSW.Win32.Stealerc.gen
Microsoft	Program:Win32/Wacapew.C!ml
AhnLab-V3	Trojan/Win.Injection.C5652626
BitDefenderTheta	Gen:NN.ZexaF.36812.0qW@amSiZMh
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.2343621335
CrowdStrike	win/malicious_confidence_70% (D)

Fiklaaaaaaa.exe