Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 19, 2024, 2:17 p.m.	Aug. 19, 2024, 2:57 p.m.

Size	740.4KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5fb6829b52847d878a98f9069e5c5fa4`
SHA256	`9ac31870d3a01c46c75258ac782458c4d95cc5f44002b29da9789312372ad59f`
CRC32	`2F2ADCA0`
ssdeep	`12288:2fnnK9zABs+TbFx9SXOPCf8DkqAR8zHbSBNU8R2pQOicBskdB6e1ZikdY48gYBRl:2fK9zUHFpi8/P8R2yvcqkdBYZgWl`
Yara	AutoIt - autoit PE_Header_Zero - PE File Signature CoinMiner_IN - CoinMiner IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 19, 2024, 2:17 p.m.			0	0
IsDebuggerPresent Aug. 19, 2024, 2:17 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 19, 2024, 2:17 p.m.		1	1	0

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 19, 2024, 2:17 p.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734c2000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'}

entropy

7.94096585609

description

A section with a high entropy has been found

entropy

0.911450381679

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Nymeria.4!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Dropper.bc
ALYac	AIT:Trojan.Nymeria.4279
Cylance	Unsafe
VIPRE	AIT:Trojan.Nymeria.4279
K7AntiVirus	Trojan ( 0056316d1 )
BitDefender	AIT:Trojan.Nymeria.4279
K7GW	Trojan ( 0056316d1 )
Cybereason	malicious.b52847
Arcabit	AIT:Trojan.Nymeria.D10B7 [many]
VirIT	Trojan.Win32.Generic.XTX
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Packed.Autoit.NBT suspicious
APEX	Malicious
McAfee	RDN/YahLover.worm
Avast	Win32:Evo-gen [Trj]
ClamAV	Win.Malware.Generic-6651791-0
Kaspersky	UDS:Trojan.Win32.SBadur.gen
Alibaba	Packed:Win32/YahLover.2ca84cb7
MicroWorld-eScan	AIT:Trojan.Nymeria.4279
Emsisoft	AIT:Trojan.Nymeria.4279 (B)
DrWeb	Trojan.Siggen5.59949
Zillya	Trojan.Nymeria.Win32.935
TrendMicro	TROJ_GEN.R002C0PET24
McAfeeD	ti!9AC31870D3A0
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.5fb6829b52847d87
Sophos	Mal/Generic-S
Ikarus	PUA.Autoit
Webroot	W32.Malware.gen
Google	Detected
MAX	malware (ai score=80)
Antiy-AVL	Trojan[Packed]/Win32.Autoit
Gridinsoft	Trojan.Win32.CoinMiner.dd!s2
Xcitium	TrojWare.Win32.Hider.REXR@5364l6
Microsoft	Trojan:Win32/Phonzy.A!ml
ViRobot	Trojan.Win32.A.Agent.690283[UPX]
ZoneAlarm	UDS:Trojan.Win32.SBadur.gen
GData	Win32.Trojan.PSE.R2WKDE
Varist	W32/Trojan.IJBN-1595
AhnLab-V3	Malware/Win32.Generic.C4294381
DeepInstinct	MALICIOUS
VBA32	IMWorm.Sohanad
Malwarebytes	Generic.Malware.AI.DDS
TrendMicro-HouseCall	TROJ_GEN.R002C0PET24
Yandex	Trojan.GenAsa!i9rai7w7/WE
MaxSecure	Trojan.Malware.216104585.susgen

wxupup.exe