Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 19, 2024, 2:15 p.m.	Aug. 19, 2024, 3:01 p.m.

Size	329.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`754c738f12caa66eae85d417a235908e`
SHA256	`222f1e4012fc1b0a47f15b2ff180c60653362a5860f021a001d369a870db3888`
CRC32	`4D4F958B`
ssdeep	`6144:u68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1Il:OfnnK9zABs+TbFx9SXOPCf8DkqAR8zHn`
Yara	AutoIt - autoit PE_Header_Zero - PE File Signature CoinMiner_IN - CoinMiner IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
wieie.cn	A 58.23.215.23	58.23.215.23

IP Address	Status	Action
164.124.101.2	Active	Moloch
58.23.215.23	Active	Moloch

Flow	SID	Signature	Category
TCP 192.168.56.103:49161 -> 58.23.215.23:8765	2008350	ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile	Potential Corporate Privacy Violation
TCP 192.168.56.103:49161 -> 58.23.215.23:8765	2008350	ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile	Potential Corporate Privacy Violation
TCP 192.168.56.103:49161 -> 58.23.215.23:8765	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 192.168.56.103:49161 -> 58.23.215.23:8765	2019935	ET INFO AutoIt User Agent Executable Request	Misc activity
TCP 58.23.215.23:8765 -> 192.168.56.103:49161	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 19, 2024, 2:15 p.m.			0	0
IsDebuggerPresent Aug. 19, 2024, 2:15 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 19, 2024, 2:15 p.m.		1	1	0

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

section

{u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'}

entropy

7.94096585609

description

A section with a high entropy has been found

entropy

0.911450381679

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Autoit.4!c
Elastic	malicious (moderate confidence)
Skyhigh	BehavesLike.Win32.Yahlover.fc
ALYac	Trojan.GenericKD.66127669
Cylance	Unsafe
VIPRE	Trojan.GenericKD.66127669
Sangfor	Trojan.Win32.Packed.Vtyp
K7AntiVirus	Trojan ( 005631b11 )
BitDefender	Trojan.GenericKD.66127669
K7GW	Trojan ( 005631b11 )
Cybereason	malicious.f12caa
Arcabit	Trojan.Generic.D3F10735
VirIT	Trojan.Win32.Generic.XTX
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Packed.Autoit.NBT suspicious
APEX	Malicious
McAfee	RDN/Generic.dx
Avast	Win32:Evo-gen [Trj]
ClamAV	Win.Malware.Generic-6651791-0
Kaspersky	Trojan.Win32.Agentb.mfif
Alibaba	Packed:Win32/Generic.08fc5a16
NANO-Antivirus	Trojan.Win32.TrjGen.jvmmka
MicroWorld-eScan	Trojan.GenericKD.66127669
Emsisoft	Trojan.GenericKD.66127669 (B)
DrWeb	Trojan.Siggen5.59949
Zillya	Trojan.AutoIT.Win32.174995
TrendMicro	TROJ_GEN.R002C0PFK24
McAfeeD	ti!222F1E4012FC
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.754c738f12caa66e
Sophos	Mal/Generic-S
Ikarus	PUA.Autoit
Webroot	W32.Trojan.Gen
Google	Detected
MAX	malware (ai score=86)
Antiy-AVL	Trojan[Packed]/Win32.Autoit
Gridinsoft	Trojan.Win32.CoinMiner.dd!s2
Xcitium	TrojWare.Win32.Hider.REXR@5364l6
Microsoft	Trojan:Win32/Phonzy.A!ml
ViRobot	Trojan.Win32.A.Agent.690283[UPX]
ZoneAlarm	Trojan.Win32.Agentb.mfif
GData	Win32.Trojan.PSE.R2WKDE
Varist	W32/Trojan.IJBN-1595
DeepInstinct	MALICIOUS
VBA32	IMWorm.Sohanad
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0PFK24
MaxSecure	Trojan.Malware.204075380.susgen

fixHosts.exe